| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: W2000 connect / as sysdba problem
Andrew wrote:
> Guys
> I found the problem and this is probably why this issue is so
> "popular"
> I have domain account on my laptop which is member of ORA_DBA group.
>
> Consider simple test I did:
>
> 1. I deleted instance
> oradim -delete -sid XXX
>
> 2. changed
> remote_login_passwordfile = NONE
>
> 3. Created instance
> oradim -new -sid XXX -startmode manual -pfile XXX.ora
>
> 4. sqlplus /nolog
> SQL> connect / as sysdba
> Connected to an idle instance.
> i.e. works just fine
>
> 5. then!!! I unplug network cable from my laptop, so there is no
> connection to domain and...
>
> SQL> connect / as sysdba
> ERROR:
> ORA-01031: insufficient privileges
>
> 6. then!!! I plug cabple back in and
> SQL> connect / as sysdba
> Connected to an idle instance.
> i.e. works just fine again
>
> So it needs connection to donain to authenticate. But W2K allows
> logging in using same account when not in domain (or no network
> connection). Why oracle doesn't allow internal connection in this
> case. Is there a way to fix that? Logging to windows with different,
> i.e. local, acount is not an option of course, same account has to be
> used.
>
> Thanks,
> Andrew
Another post seems to have vanished into thin air, so I'll repeat myself again.
Had you originally posted an accurate description of what you were doing, I think we might have resolved the matter rather quicker than we did, don't you?
"I am trying to connect from a laptop client as a privileged user to a database stored on a server , using my domain account, which has been made a member of the ORA_DBA account on the server. My client isn't actually connected to the network, and hence the domain, at the time I make the connection attempt. It doesn't work. Why?"
To which the answer would have come straight back: how is Oracle supposed to check domain account membership of a group when you're not actually connected to the domain controller? The fact that Windows is capable of caching domain credentials is a Windows feature, and not something that Oracle can or should make use of.
Anyway: you might do us all a favour and now change remote_login_passwordfile back to its original setting of EXCLUSIVE and report back on whether your remote connections as a privileged user still work.
HJR Received on Fri Apr 30 2004 - 17:55:56 CDT
 |
 |