Re: Oracle Client not passing Windows Domain portion of connect info ?

From: Jared Still <jkstill_at_gmail.com>
Date: Thu, 18 Feb 2010 11:03:16 -0800
Message-ID: <bf46381002181103h3abc28beue43b700317cc8f63_at_mail.gmail.com>

comments inline:

On Thu, Feb 18, 2010 at 10:34 AM, Taylor, Chris David < ChrisDavid.Taylor_at_ingrambarge.com> wrote:

> 1.) Well, the crux of the issue is that �Domain� isn�t being passed to
> the Oracle database from the client. The Oracle connect info is constructed
> of the following (when using OS Authentication): OS_AUTHENT_PREFIX,
> Domain/Machine Name, Username. Our db server does not have
> OS_AUTHENT_PREFIX set, yet my coworker beside me connects fine and his
> audited connection shows DOMAIN\Username. My INITIAL connection (1stattempt) fails, and shows Username only (instead of DOMAIN\Username).
>
>
>

Has the registry entry OSAUTH_PREFIX_DOMAIN been set on the DB server? if TRUE (default) then the domain name will be required to be part of the database account name
for OS authenticated accounts.

eg. the account name for a scott_at_somedomain.com would be SOMEDOMAIN\SCOTT

If set to FALSE then the oracle account name would be SCOTT. This is assuming that OS_AUTHENT_PREFIX is '' as you stated. If set to OPS$ then the account names would be OPS$SOMEDOMAIN\SCOTT and OPS$SCOTT respectively.

So on a Windows network using an OS authenticated account, the only way to avoid
having an account name like SOMEDOMAIN\SCOTT is to explicitly set the registry
variable for Oracle OSAUTH_PREFIX_DOMAIN=FALSE.

At least in my experience anyway.

What are the actual account names in the database?

> 2.) This is a Windows AD network. Relevant to those who might have
> experienced similar issues on an AD network.
>
> It's only relevant for ORA-1017 if you are using OS authenticated accounts,
which is why I asked.

> 3.) The INITIAL connect means, I can type SQL> connect /_at_db_name and
> it fails, and then type SQL> connect /_at_db_name again and it works.
> Strange.
>
>
>

Yes, that is strange.

You may want to to set SQLnet admin and client tracing to level 16 and open an SR.

Jared Still
Certifiable Oracle DBA and Part Time Perl Evangelist Oracle Blog: http://jkstill.blogspot.com Home Page: http://jaredstill.com

--
http://www.freelists.org/webpage/oracle-l

Received on Thu Feb 18 2010 - 13:03:16 CST

This message: [ Message body ]
Next message: Jared Still: "Re: Would you recommend such an application for production use?"
Previous message: Peter Nedeljkovich: "RE: Oracle Client not passing Windows Domain portion of connect info ?"
In reply to: Taylor, Chris David: "RE: Oracle Client not passing Windows Domain portion of connect info ?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message