ORA-01031 While Connecting As Sysdba On Windows With A Domain User [ID 1071638.1]

msdnchina發表於2011-09-07

Applies to:

Oracle Server - Enterprise Edition - Version: 9.2.0.1 to 11.2.0.2.0 - Release: 9.2 to 11.2
Information in this document applies to any platform.

Symptoms

While trying to connect to a database running on Windows using "/ as sysdba" from an OS session started as a domain user the following error occurs:


sqlplus / as sysdba

SQL*Plus: Release 10.2.0.4.0 - Production on M Mar 8 17:22:36 2010

Copyright (c) 1982, 2007, Oracle. All Rights Reserved.

ERROR:
ORA-1031: Insufficient privileges.

The domain user is a direct member of the local ORA_DBA group. If the Oracle Service is started as a domain user and not as Local System Account then the OS authentication will work for any user.

Cause

The settings of Active Directory are not allowing any user to read the MemberOf attribute of the domain user. The inability to read the MemberOf attribute of a domain user prevents Oracle from determining what groups that user belongs to. Oracle is not able to read the attributes of the domain user as long as it's service is started as Local System Account.

Solution

Discuss with the System Administrators and change the AD settings so that all the members of the Authenticated Users group(dynamically evaluated for membership) will be able to read the MemberOf attribute of any domain user.

References

- CANNOT USE OS AUTHENTICATION AS SYSDBA FOR A DOMAIN USER: ORA-1031
- WIN: OS Authentication - CONNECT AS SYSDBA Without a Password
[@more@]

來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/161195/viewspace-1054820/,如需轉載,請註明出處,否則將追究法律責任。

相關文章