Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: W2000 connect / as sysdba problem

Re: W2000 connect / as sysdba problem

From: <Kenneth>
Date: Fri, 30 Apr 2004 10:32:43 GMT
Message-ID: <409228dd.286642@news.inet.tele.dk>

On Fri, 30 Apr 2004 18:03:11 +1000, "Howard J. Rogers" <hjr_at_dizwell.com> wrote:

>Howard J. Rogers wrote:
>
>> Kenneth Koenraadt wrote:
>> [snip]
>>
>>>
>>>
>>> Hi Howard,
>>>
>>> Can't agree.
>>>
>>> It's true that you can "connect / as sysdba" even with
>>> remote_login_passwordfile =exclusive,
>>> but only as long as your user is a *LOCAL* W2K user.
>>
>>
>> Which is, of course, exactly the case for our original poster, since
>> he's doing all of this on his laptop. So even if the rest of what you
>> write is true, it's not of relevance to him, is it?
>>
>>> If you logon to
>>> the server *remotely* with e.g. a Domain user account, which is also
>>> a member of the local ORA_DBA group you *won't* be able to "connect /
>>> as sysdba". I guess that's why it is called
>>> "remote_login_passwordfile" and not "local_login_passwordfile"
>>
>>
>> Well, since it's a remote connection, you won't be able to connect / as
>> sysdba *at all* because there needs to be a tnsnames alias in there
>> somewhere (somewhere I can never get right in any case: sqlplus "/@win92
>> as sysdba" isn't doing it for me!).
>>
>>> The doc also states that you must set remote_login_passwordfile =NONE
>>> to use OS-authentication on W2k. The fact that a *local* user can
>>> somehow bypass it does not affect that.
>>>
>>> <quote>
>>> Set the REMOTE_LOGIN_PASSWORDFILE parameter to NONE in the
>>> INIT<SID>.ORA file. This parameter enables operating system
>>> authenticated
>>> logins for the
>>> INTERNAL user. </quote>
>>
>>
>> Yup, Oracle's course notes always said you had to set R_L_P to NONE too.
>> But it isn't true. And this isn't a Windows thing, either, since I used
>> to show my students the folly of the 'must set it to NONE' by doing
>> exactly the same test as I showed in my last post, but on a Solaris box.
>>
>> Regards
>> HJR
>
>Oh, by the way, just another test to make the point. Here's what my
>server says:
>
>SQL> show parameter remote_login
>
>NAME TYPE VALUE
>------------------------------------ ----------- ---------
>remote_login_passwordfile string EXCLUSIVE
>
>Here's my sqlnet.ora on the *CLIENT* machine:
>
>SQLNET.AUTHENTICATION_SERVICES= (NTS)
>
>NAMES.DIRECTORY_PATH= (TNSNAMES)
>
>And here's the acid test:
>
>H:\>sqlplus "/@win92 as sysdba"
>
>SQL*Plus: Release 10.1.0.2.0 - Production on Fri Apr 30 18:00:36 2004
>
>Copyright (c) 1982, 2004, Oracle. All rights reserved.
>
>
>Connected to:
>Oracle9i Enterprise Edition Release 9.2.0.1.0 - Production
>With the Partitioning, OLAP and Oracle Data Mining options
>JServer Release 9.2.0.1.0 - Production
>
>So that's me finally managing to get a remote connection using O/S
>authentication to a 9i database that's got R_L_P set to something other
>than NONE.
>
>Still think the docs are correct?
>
>Regards
>HJR
Your example does not prove anything.

 I have experienced myself lots of time that I need to have R_L_L <> EXCLUSIVE" in order for "connect / as sysdba" to work, when I am logged on as a domain user being a member of ORA_DBA.

And the Doc just confirms my observations, and I see no reason not to stick to it.

The fact that *you* might have been able to bypass it, possibly due to a W2K bug, is unusable to me. Sorry.

BTW : How come that when you *think* others are wrong, it's a "howler" and "utterly untrue". When YOU say something definetely incorrect (the sqlnet.ora thing) it's : "Incidentally, I got it wrong".

I suspect you get furious now, so I'll end the discussion here.

Received on Fri Apr 30 2004 - 05:32:43 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US