Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: ora-12638
"Luc Bonjean" <luc_at_lubon.be> wrote in message news:<UCRya.13336$1u5.928_at_afrodite.telenet-ops.be>...
> Hi,
>
> I'm using oracle 8.1.7 on a windows 2000 server. The authentication in
> sqlnet.ora is configured to nts.
> After I upgraded the domain to mixed mode, the authentication doesn't work
> anymore, except for a local windows 2000 user. On the domain controller I
> see sometimes kerberos errors in the event log.
>
> When I start sqlplus, I receive the ora-12638 error, credential retrieval
> failed. (Only when using a domain user).
> Does anyone have an idea, or a clue to debug this?
>
> Thanks,
>
> Luc Bonjean
Luc,
Might that local user account belong to a local group such as "ORA_DBA" - or belong to a group that is a member of the group "ORA_DBA" or "ORA_%ORACLE_SID%_DBA"?
A local account authenticates against the local security accounts
manager (SAM).
A domain account authenticates against a domain controller, or Active
Directory Server.
Edit the file sqlnet.ora in the file %ORACLE_HOME%\Network\Admin and change the entry for:
SQLNET.AUTHENTICATION_SERVICES=(NTS) to
# SQLNET.AUTHENTICATION_SERVICES=(NTS)
SQLNET.AUTHENTICATION_SERVICES=(none)
and login via password authentication.
NOTE: this may impact code that already depends upon native authentication.
http://download-west.oracle.com/docs/cd/B10501_01/network.920/a96581/sqlnet.htm#496924
Back in NT4 - I used to use a domain group ORA_DBA - to which I added domain users - which was added to the local group ORA_DBA on each NT4 server - such that I did not have to supply a password when logging into oracle databases (remotely) as sysdba.
It was very convenient - and very insecure.
Well, after nimda ate my database, all of the oracle servers left the domain - and had netbios disabled (as well as lots of other windows features). We went back to local authentication.
hth.
Paul Received on Thu May 22 2003 - 00:03:54 CDT