Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: logon as sysdba -- insufficient privileges ?!?!?

Re: logon as sysdba -- insufficient privileges ?!?!?

From: Ed Stevens <nospam_at_noway.nohow>
Date: Thu, 27 May 2004 09:22:47 -0500
Message-ID: <q4tbb0932o02pu65eqn7rulf2j9fjpgvgu@4ax.com> 





Replies embedded . . . 



On Thu, 27 May 2004 07:17:58 +1000, "Howard J. Rogers"
<hjr_at_dizwell.com> wrote:



>

>"Ed Stevens" <nospam_at_noway.nohow> wrote in message

>news:dh0ab0pgilj5ata51n0s05ohqorutroot0_at_4ax.com...

>

>

>> >

>> >Looks like the same known bug as I ran into today, running 8.1.7.0.0,

>> >like you.  The problem is you are using a *domain* account (which you

>> >shouldn't, btw, according to documentation)

>> >It has been resolved in the meantime, don't recall in which release.

>> >Never mind, you should upgrade to 8.1.7.4.1 minimum anyway.

>> >The workaround as usual, is to edit sqlnet.ora and disable

>> >sqlnet.authentication_services by changing nts to none.

>>

>> Hmm.  Ok, I patched it up to 8.1.7.4.1, but still no-go -- still get

>> the ORA-01031: insufficient privileges when trying to 'connect / as

>> sysdba'.

>

>I hate to say I told you so, but, er, I did kind of mention that patching

>blindly wasn't necessary going to be the issue in this case, 




Umm ... so you did!  Twenty lashes with a wet noodle for me.



>particularly

>since 8.1.7.0 does O/S authentication at Chez Dizwell with no problems.

>



As it does on virtually every other box I have.



>>  Having a domain account in the local ORA_DBA group, and having

>> sqlnet.authentication_services = (NTS) is how we have virtually every

>> Windows (NT and 2k) server here -- over 30 of 'em.  This is the only

>> one not working.  However, to leave no stone unturned, I created a

>> local account for myself on the server, logged on with that account,

>> and tried again, both with sqlnet.authentication_services = (NTS) and

>> sqlnet.authentication_services = (NONE).  No matter, connect / as

>> sysdba always returns "insufficient privileges".

>

>Can you do me a three minute favour. Add 'Everyone' to the ORA_DBA group,

>and try again.

>

>Then report back.

>



Adding the local group Everyone to ORA_DBA allowed me to log on (at
the console -- don't forget that this box is running Terminal
Services) with my domain account and connect to an idle instance.  As
did logging on with a local account I created as a test.  Only when I
was depending on authenticating my domain user account was I not
authorized.



But it gets even more strange (to me at least!). I just visited my
friendly server/network admin and ran this all past him.  After
walking him thru it all, we took all of the local accounts out of
ORA_DBA, took my individual domain account out, and added in a domain
group (OracleAdmins) of which my domain account is a member.  With
that setup I was able to connect to an idle instance while logged on
to the box with my domain account.  So . . . it appears to not resolve
my individual domain account, but it will resolve a domain group of
which my individual domain account is a member.    




>Regards

>HJR


>

Received on Thu May 27 2004 - 09:22:47 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US