 SYSDBA OS Authentication Insufficient Privileges [message #217518] |
Fri, 02 February 2007 11:14  |
will_s
Messages: 4
Registered: February 2007
|
Junior Member |
|
|
Hi and thanks for any help in advance.
I am trying to login into Oracle 9i database as sysdba using OS authentication but get ORA-01031: insufficient privileges error message. The OS is Windows Server 2003, Oracle version 902000300.
Ok, so here is what I have done:
1. In sqlnet.ora I have SQLNET.AUTHENTICATION_SERVICES = (NTS)
2. Created local user group ORA_DBA
3. Added current user (which is part of a domain) to this group
4. This user is also part of the administrators group
5. Also tried remote_login_passwordfile=EXCLUSIVE & remote_login_passwordfile=NONE in init.ora file
6. Run SQLPlus /nolog
7. SQL> Conn / as sysdba
8. Insufficent privileges error (grrrr!)
I have also tried:
1. Create user (in Oracle) "OPS$DOMAIN\USER"
2. SQLPlus /nolog
3. SQL> Conn /
4. Connects ok!
Also, I have another instance of Oracle (same version/build) running on another server, connected to the same domain. The above process works perfectly here (using the same domain user to logon to the server). This server "appears" to be setup the same (in terms of local users and groups as well as Oracle setup).
Any ideas? I am starting to get very frustrated now!! Unfortunately I am not a Windows or Oracle expert and do not really know the intricacies of how Oracle authenticates users.
Any suggestions would be very very gratefully received!
Cheers,
Will
|
|
|
|
|
|
|
|
|
|
| Re: SYSDBA OS Authentication Insufficient Privileges [message #217772 is a reply to message #217518] |
Mon, 05 February 2007 07:07  |
will_s
Messages: 4
Registered: February 2007
|
Junior Member |
|
|
So, are you suggesting Oracle doesn't have read access on the token-groups-global-and-universal (TGGAU) attribute? I understand that Pre-Windows 2000 Compatibility Access would provide this, as would the WAA group...unfortunately, I don't have any access to the DC to check this. Our network guys are, well, not very helpful to say the least, so I want to leave asking them as a very last resort! Is there any way to check if a server is in either of these groups from the server rather than the DC?
Thanks again,
Will
|
|
|
|
|
|
| Re: SYSDBA OS Authentication Insufficient Privileges [message #217993 is a reply to message #217799] |
Tue, 06 February 2007 05:32 |
will_s
Messages: 4
Registered: February 2007
|
Junior Member |
|
|
Hi thanks for that, this is the result I got...
C:\Documents and Settings\uk-int-serv>net localgroup /domain "Pre-Windows 2000 Compatible Access"
The request will be processed at a domain controller for domain eu.***.net.
Alias name Pre-Windows 2000 Compatible Access
Comment A backward compatibility group which allows read access on all users and groups in the domain
Members
-------------------------------------------------------------------------------
AM\Exchange Domain Servers
AP\Exchange Domain Servers
Exchange Domain Servers
NT AUTHORITY\Authenticated Users
The command completed successfully.
C:\Documents and Settings\uk-int-serv>net localgroup /domain "WAA"
The request will be processed at a domain controller for domain eu.elcompanies.net.
System error 1376 has occurred.
The specified local group does not exist.
Cheers,
Will
|
|
|
|
] 
Blog
Search
Help
Members
Register
Login
Home
