Re: insufficient privileges

From: bdbafh <bdbafh_at_gmail.com>
Date: 28 Nov 2006 11:45:06 -0800
Message-ID: <1164743106.670631.263960@n67g2000cwd.googlegroups.com>

orcldba2001_at_gmail.com wrote:
> On Nov 28, 10:28 am, "Steve Howard" <stevedhow..._at_gmail.com> wrote:
> > orcldba2..._at_gmail.com wrote:
> > > On Nov 28, 7:13 am, "EscVector" <J..._at_webthere.com> wrote:
> > > > hpuxrac wrote:
> > > > > EscVector wrote:
> > > > > > orcldba2..._at_gmail.com wrote:
> > > > > > > Oracle version 9.2.0.4.0
> > > > > > > OS = Windows 2000 server
> >
> > > > > > > I have a domain account on a server and I am a member of
> > > > > > > ORA_DBA and Adminstrator group
> >
> > > > > > > I open a command window and set
> > > > > > > oracle_home and
> > > > > > > oracle_sid
> >
> > > > > > > However when I try to login without a password
> >
> > > > > > > sqlplus
> >
> > > > > > > SQL*Plus: Release 9.2.0.4.0 - Production on Mon Nov 27 13:08:28 2006
> >
> > > > > > > Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
> >
> > > > > > > Enter user-name: /as sysdba
> > > > > > > ERROR:
> > > > > > > ORA-01031: insufficient privileges
> >
> > > > > > This is all that is necessary if the OS software was never restored.
> >
> > > > > > 1. you are in the ORA_DBA group - check
> > > > > > 2. SQLNET.AUTHENTICATION_SERVICES=(NTS) in sqlnet.ora file
> >
> > > > > > Extras if still not working:
> > > > > > 3. the sid is set locally or in registry - check
> > > > > > 3a. you set the home if multihomed - check
> > > > > > 3b. If multihomed, check your path with the univeral installer
> > > > > > environment tab making sure current home is first in path.
> > > > > > 4. NAMES.DEFAULT_DOMAIN=thenameofyourwindowdomain.com in sqlnet.ora
> >
> > > > > > If you've let the init auth levels default, steps 1&2 should get it to
> > > > > > work.
> >
> > > > > Nice to have someone that works with oracle on windows help out! We
> > > > > don't do that around here ... and I often forget the steps. #2 is
> > > > > often a problem if I remember correctly.I always used to bug me that we had so many windows problems and it
> > > > always seemed a mystery, so I branched out and learned windows. My
> > > > current favorite OS is AIX. Linux and Solaris tie for second, but this
> > > > should be for a new thread...
> >
> > > > The NTS issue always gets me annoyed. I can be a real problem if the
> > > > machine is rebuilt.- Hide quoted text -- Show quoted text -
> >
> > > oracle_home=d:\oracle\ora92
> > > oracle_sid=abc
> >
> > > The following is my sqlnet.ora
> >
> > > # SQLNET.ORA Network Configuration File:
> > > d:\oracle\ora92\network\admin\sqlnet.ora
> > > # Generated by Oracle configuration tools.
> >
> > > #SQLNET.AUTHENTICATION_SERVICES= (NTS)
> >
> > > NAMES.DIRECTORY_PATH= (TNSNAMES, ONAMES, HOSTNAME)
> >
> > > The following is the section from the tnsnames.ora
> >
> > > abc =
> > > (DESCRIPTION =
> > > (ADDRESS_LIST =
> > > (ADDRESS = (PROTOCOL = TCP)(HOST = moon)(PORT = 1521)(queuesize =
> > > 25))
> > > )
> > > (CONNECT_DATA =
> > > (SERVER = DEDICATED)
> > > (SERVICE_NAME = abc)
> > > )
> > > )
> >
> > > No...This is not a multi Oracle home machine
> >
> > > Note : If I change the sqlnet.ora to the following
> >
> > > # SQLNET.ORA Network Configuration File:
> > > d:\oracle\ora92\network\admin\sqlnet.ora
> > > # Generated by Oracle configuration tools.
> >
> > > SQLNET.AUTHENTICATION_SERVICES= (NTS)
> >
> > > NAMES.DIRECTORY_PATH= (TNSNAMES, ONAMES, HOSTNAME)
> >
> > > I receive following error
> >
> > > Enter user-name: /as sysdba
> > > ERROR:
> > > ORA-12638: Credential retrieval failed
> >
> > > If I comment the line in the sqlnet.ora
> > > #SQLNET.AUTHENTICATION_SERVICES= (NTS)
> >
> > > I receive the following error
> >
> > > Enter user-name: /as sysdba
> > > ERROR:
> > > ORA-01031: insufficient privileges
> >
> > > If I change the line in sqlnet.ora
> > > SQLNET.AUTHENTICATION_SERVICES= (NONE)
> >
> > > I get the following error
> >
> > > Enter user-name: /as sysdba
> > > ERROR:
> > > ORA-01031: insufficient privilegesI think this is because you are logged into an AD domain. Can you
> > create a local account and try it as that
> > (SQLNET.AUTHENTICATION_SERVICES= (NONE)?
> >
> > HTH,
> >
> > Steve- Hide quoted text -- Show quoted text -
> created a local user
> added user to administrator and ora_dba group
> logged out and logged locally to the same server as new user

>

> made sure that sqlnet.authentication_services = none was set

>

> tried to logon as \

>

> received same result

>

> insufficient privileges

>

> This is bugging me quite a lot

>

> Yes...I do have the sys and system password but that is not the issue.
> The issue is that "Why does this not work ?"
> I have other servers where this works very very well.

>

> I have inherited this server ...The earlier DBA has left.

>

> As..I asked earlier...Is this because the install was done with another
> account which was not a part of ORA_DBA group ?

>

> How do I find this ?

>
>
>
>

> same result

when logged on as a domain user, authentication will take place against the domain (active directory).
when logged on locally as a local user (with membership in the ORA_DBA local group) with the sqlnet.authentication_services=NTS,

sqlplus /nolog
SQL> connect / as sysdba

should work without throwing the ora-12638.

now, (remote) users authenticating may find themselves receiving the ora-12638 message as a side effect.

The way that I have handled this in the past with a single oracle_home is:

%ORACLE_HOME%\network\admin\sqlnet.ora - sqlnet.authentication_services=none

Copy the sqlnet.ora and tnsnames.ora files into the home directory of the user account.
Here set the parameter/key pair sqlnet.authentication_services=nts and use these config files when attempting to connect using OS authentication (via the TNS_ADMIN env var).

This was with 10.1, so it might not work correctly with 9.2. I haven't worked with 9.2 in quite some time.

hth.

-bdbafh Received on Tue Nov 28 2006 - 13:45:06 CST