Oracle FAQ Your Portal to the Oracle Knowledge Grid

Home -> Community -> Usenet -> c.d.o.server -> Re: W2000 connect / as sysdba problem

Re: W2000 connect / as sysdba problem

From: Howard J. Rogers <>
Date: Sat, 01 May 2004 13:18:30 +1000
Message-ID: <409316ff$0$4548$>

Andrew wrote:

> What you saying is correct. But if I were able to formulate my
> question as you did for me below I wouldn't ask it at all. Simply
> because as all is running on the same laptop (oracle instance and
> connection to it) I wasn't able to associate my problem with the fact
> that I am not connected to domain...
> I think if oracle is configured to use OS authentication

WHICH O/S???????????? *You* set it up so that it is your DOMAIN user account that is a member of the ORA_DBA group. Therefore it's the *domain controller's* O/S that has to be available to validate that.

> it should
> always allow privileged connection to local instance (whether OS
> connected to domain or not). Simply because I am allowed to log in to
> OS

You are allowed to log onto your *laptop's* O/S, not the network. Try and print something to one of the printer's on your domain when you have chosen to log onto the laptop with a local account, yet still can "see" the printer over the network (ie, connect up to the network, but log on as the laptop's local administrator, for example)... I bet you can't print to the printer (unless your network administrator has allowed 'Everyone' or 'Guest' privileges). Similarly, be able to ping the domain controller, but log on with a local account and try and map to a network drive: you won't be able to, not without supplying a set of *domain* log on credentials.

That Windows permits you to use the laptop without a domain is one thing. But it doesn't permit you to use domain resources without a domain. And it was *you* that specified that a domain resource (namely, a user account) should be involved in Oracle's O/S authentication mechanism.

>so Oracle should obey this fact.

It does. It does precisely what would happen if you tried to connect to a domain network shared drive without supplying fresh domain logon credentials.

>If you allowed to drive the car
> you should be allowed to steer it :)

But Windows doesn't let you drive the car on the network unless you've supplied the network logon ignition key. Oracle is doing nothing odd whatsoever.

If you don't like it, the answer is as I suggested way back yonder: don't configure a domain account in the ORA_DBA group. Keep the thing entirely local, and the issue won't arise because the laptop can resolve the lot. As soon as you introduce a domain element into the authentication process, you can confidently expect a domain actually to have to be available.

HJR Received on Fri Apr 30 2004 - 22:18:30 CDT

Original text of this message