Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: insufficient privileges
orcldba2001_at_gmail.com wrote:
> On Nov 28, 10:28 am, "Steve Howard" <stevedhow..._at_gmail.com> wrote:
> > orcldba2..._at_gmail.com wrote:
> > > On Nov 28, 7:13 am, "EscVector" <J..._at_webthere.com> wrote:
> > > > hpuxrac wrote:
> > > > > EscVector wrote:
> > > > > > orcldba2..._at_gmail.com wrote:
> > > > > > > Oracle version 9.2.0.4.0
> > > > > > > OS = Windows 2000 server
> >
> > > > > > > I have a domain account on a server and I am a member of
> > > > > > > ORA_DBA and Adminstrator group
> >
> > > > > > > I open a command window and set
> > > > > > > oracle_home and
> > > > > > > oracle_sid
> >
> > > > > > > However when I try to login without a password
> >
> > > > > > > sqlplus
> >
> > > > > > > SQL*Plus: Release 9.2.0.4.0 - Production on Mon Nov 27 13:08:28 2006
> >
> > > > > > > Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
> >
> > > > > > > Enter user-name: /as sysdba
> > > > > > > ERROR:
> > > > > > > ORA-01031: insufficient privileges
> >
> > > > > > This is all that is necessary if the OS software was never restored.
> >
> > > > > > 1. you are in the ORA_DBA group - check
> > > > > > 2. SQLNET.AUTHENTICATION_SERVICES=(NTS) in sqlnet.ora file
> >
> > > > > > Extras if still not working:
> > > > > > 3. the sid is set locally or in registry - check
> > > > > > 3a. you set the home if multihomed - check
> > > > > > 3b. If multihomed, check your path with the univeral installer
> > > > > > environment tab making sure current home is first in path.
> > > > > > 4. NAMES.DEFAULT_DOMAIN=thenameofyourwindowdomain.com in sqlnet.ora
> >
> > > > > > If you've let the init auth levels default, steps 1&2 should get it to
> > > > > > work.
> >
> > > > > Nice to have someone that works with oracle on windows help out! We
> > > > > don't do that around here ... and I often forget the steps. #2 is
> > > > > often a problem if I remember correctly.I always used to bug me that we had so many windows problems and it
> > > > always seemed a mystery, so I branched out and learned windows. My
> > > > current favorite OS is AIX. Linux and Solaris tie for second, but this
> > > > should be for a new thread...
> >
> > > > The NTS issue always gets me annoyed. I can be a real problem if the
> > > > machine is rebuilt.- Hide quoted text -- Show quoted text -
> >
> > > oracle_home=d:\oracle\ora92
> > > oracle_sid=abc
> >
> > > The following is my sqlnet.ora
> >
> > > # SQLNET.ORA Network Configuration File:
> > > d:\oracle\ora92\network\admin\sqlnet.ora
> > > # Generated by Oracle configuration tools.
> >
> > > #SQLNET.AUTHENTICATION_SERVICES= (NTS)
> >
> > > NAMES.DIRECTORY_PATH= (TNSNAMES, ONAMES, HOSTNAME)
> >
> > > The following is the section from the tnsnames.ora
> >
> > > abc =
> > > (DESCRIPTION =
> > > (ADDRESS_LIST =
> > > (ADDRESS = (PROTOCOL = TCP)(HOST = moon)(PORT = 1521)(queuesize =
> > > 25))
> > > )
> > > (CONNECT_DATA =
> > > (SERVER = DEDICATED)
> > > (SERVICE_NAME = abc)
> > > )
> > > )
> >
> > > No...This is not a multi Oracle home machine
> >
> > > Note : If I change the sqlnet.ora to the following
> >
> > > # SQLNET.ORA Network Configuration File:
> > > d:\oracle\ora92\network\admin\sqlnet.ora
> > > # Generated by Oracle configuration tools.
> >
> > > SQLNET.AUTHENTICATION_SERVICES= (NTS)
> >
> > > NAMES.DIRECTORY_PATH= (TNSNAMES, ONAMES, HOSTNAME)
> >
> > > I receive following error
> >
> > > Enter user-name: /as sysdba
> > > ERROR:
> > > ORA-12638: Credential retrieval failed
> >
> > > If I comment the line in the sqlnet.ora
> > > #SQLNET.AUTHENTICATION_SERVICES= (NTS)
> >
> > > I receive the following error
> >
> > > Enter user-name: /as sysdba
> > > ERROR:
> > > ORA-01031: insufficient privileges
> >
> > > If I change the line in sqlnet.ora
> > > SQLNET.AUTHENTICATION_SERVICES= (NONE)
> >
> > > I get the following error
> >
> > > Enter user-name: /as sysdba
> > > ERROR:
> > > ORA-01031: insufficient privilegesI think this is because you are logged into an AD domain. Can you
> > create a local account and try it as that
> > (SQLNET.AUTHENTICATION_SERVICES= (NONE)?
> >
> > HTH,
> >
> > Steve- Hide quoted text -- Show quoted text -
> created a local user
> added user to administrator and ora_dba group
> logged out and logged locally to the same server as new user
>
>
>
>
>
>
>
>
>
> > > >
when logged on as a domain user, authentication will take place against
the domain (active directory).
when logged on locally as a local user (with membership in the ORA_DBA
local group) with the sqlnet.authentication_services=NTS,
sqlplus /nolog
SQL> connect / as sysdba
should work without throwing the ora-12638.
now, (remote) users authenticating may find themselves receiving the ora-12638 message as a side effect.
The way that I have handled this in the past with a single oracle_home is:
%ORACLE_HOME%\network\admin\sqlnet.ora - sqlnet.authentication_services=none
Copy the sqlnet.ora and tnsnames.ora files into the home directory of
the user account.
Here set the parameter/key pair sqlnet.authentication_services=nts and
use these config files when attempting to connect using OS
authentication (via the TNS_ADMIN env var).
This was with 10.1, so it might not work correctly with 9.2. I haven't worked with 9.2 in quite some time.
hth.
-bdbafh Received on Tue Nov 28 2006 - 13:45:06 CST