Re: logon as sysdba -- insufficient privileges ?!?!?

On Wed, 26 May 2004 15:49:17 -0500, Ed Stevens <nospam_at_noway.nohow> wrote:

>On Tue, 25 May 2004 22:37:19 +0200, Sybrand Bakker
><gooiditweg_at_sybrandb.verwijderdit.demon.nl> wrote:
>
>>On Tue, 25 May 2004 14:36:43 -0500, Ed Stevens <nospam_at_noway.nohow>
>>wrote:
>>
>>>Platform: Oracle 8.1.7 SE on Win2k Server
>>>
>>>Here's a new one on me. Creating a new db on a new box. Old hat,
>>>ought to be a piece of cake. Except this is our first server built to
>>>use Windows Terminal Services instead of PC-Anywhere.
>>>
>>>The install ran fine (after adjusting for the P-4 bug) and after
>>>referencing the work-arounds listed in MetaLink Bulletin 77627.1 I
>>>was able to get a listener up and running.
>>>
>>>So now I've got a listener, time to create a db. ORADIM seemed to
>>>work ok, gave me a db service -- OracleServiceNLCP -- and a password
>>>file. Next I tried to test my connection before running a 'create
>>>database' script. As almost expected with Terminal Services, it
>>>failed with a ORA-12560: TNS:protocol adapter error
>>>
>>>
>>>
>>>So, again suspecting Terminal Services as a culprit, I went back to
>>>the machine room and sat down at the server console to try again.
>>>This time I got:
>>>
>>>C:\>set oracle_sid=nlcp
>>>
>>>C:\>sqlplus /nolog
>>>
>>>SQL*Plus: Release 8.1.7.0.0 - Production on Tue May 25 14:12:57 2004
>>>
>>>(c) Copyright 2000 Oracle Corporation. All rights reserved.
>>>
>>>SQL> connect / as sysdba
>>>ERROR:
>>>ORA-01031: insufficient privileges
>>>
>>>
>>>SQL>
>>>
>>>Yes, the server has a local group called ORA_DBA, and my domain
>>>network account is a member of that group. Here's the oradim command
>>>I used to create the service and the password file:
>>>
>>>d:\oracle\ora81\bin\oradim -NEW -SID NLCP -INTPWD nlcp -startmode AUTO
>>>-pfile e:\oradmin\nlcp\initnlcp.ora
>>
>>
>>Looks like the same known bug as I ran into today, running 8.1.7.0.0,
>>like you. The problem is you are using a *domain* account (which you
>>shouldn't, btw, according to documentation)
>>It has been resolved in the meantime, don't recall in which release.
>>Never mind, you should upgrade to 8.1.7.4.1 minimum anyway.
>>The workaround as usual, is to edit sqlnet.ora and disable
>>sqlnet.authentication_services by changing nts to none.
>
>Hmm. Ok, I patched it up to 8.1.7.4.1, but still no-go -- still get
>the ORA-01031: insufficient privileges when trying to 'connect / as
>sysdba'.
>
> Having a domain account in the local ORA_DBA group, and having
>sqlnet.authentication_services = (NTS) is how we have virtually every
>Windows (NT and 2k) server here -- over 30 of 'em. This is the only
>one not working. However, to leave no stone unturned, I created a
>local account for myself on the server, logged on with that account,
>and tried again, both with sqlnet.authentication_services = (NTS) and
>sqlnet.authentication_services = (NONE). No matter, connect / as
>sysdba always returns "insufficient privileges".

I deserve a dope slap here. After createing the local account, I forgot to put it in the ORA_DBA group. After doing that, I was able to connect when logged on with that local account.

Still doesn't explain why the domain account works on the other 30+ servers, but not this one. Received on Wed May 26 2004 - 16:12:19 CDT