RE: Oracle on Windows with Active Directory

Bill,
 
The proper configuration for  ADS server is must to run it smoothly. 
 
In our environment, the ADS team has created 2 groups on ADS server. One is 
server_admin group and other is ORACLE_ADMIN group (to be a part of ORA_DBA) 
group.
 
All DBA's are part of both groups. There is no local user ids created. We login 
to Windows server as ADS\userid. 
 
The Windows database server under ADS domain should also be defined correctly  
by ADS team. After login to server and connecting to databases as ' sqlplus / 
as sysdba' without giving password, this setup is ok. If not setup is not 
correct and this issue has to be resolved.
 
As regard tns issue you may define  your domain in sqlnet.ora file like this on 
local tnsnames.ora file.
 
NAMES.DEFAULT_DOMAIN = usgs.gov 
SQLNET.AUTHENTICATION_SERVICES= (NTS) ----This is must to login as sysdba 
without password. It may be NONE,NTS otherwise to avoid any application 
connectivity issues.
NAMES.DIRECTORY_PATH= (TNSNAMES, ONAMES, HOSTNAME)
 
You may also talk to them to define the usgs.gov naming instead of doi.net in 
DNS entries. 
 
The following note from Oracle may help for proper setup of Windows database 
server under ADS domain.
 
I hope it may help someone on this list.
 
Regards
Rafiq
 
 
OS Authentication for Administrator/Domain user
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
A new user is created on the NT-domain and added to the local ORA_DBA group 
of the member server, but connecting to the database AS SYSDBA without any 
password still fails with ORA-01031 :
 
  - the account on Windows being used is a domain account
  - the server (which is a member of a domain) is Windows 2003 or Windows 2000
  - the Domain controller is Windows 2000
  - by default Windows 2003 and 2000 have a different way of authentication 
    when using domain accounts. 
 
In fact, although Windows 2003 is not pre-Windows 2000, since they all 
implement the Windows NT way of authentication, the method below is successful: 
 
- Logon to the domain controller (Windows 2000) as administrator
- Run Control Panel / Active Directory Users and Computers
- Click Computers
- Double click the server name of the Windows 2003 or Windows 2000 box
- Select the "Member of" tab
- Add "Pre-Windows 2000 Compatible Access"

 
 
 
 
 > Date: Thu, 30 Oct 2008 06:26:03 -0600> From: wbfergus@xxxxxxxxx> To: 
 > oracle-l@xxxxxxxxxxxxx> Subject: Oracle on Windows with Active Directory> > 
 > I've been meaning to research this further, but never got around to it.> > I 
 > had one server that was placed in AD that gave me all kinds of grief> when I 
 > was installing the software. Our AD environment (very poorly> planned), ends 
 > with doi.net, yet all of our machines are only (web)> addressable as 
 > usgs.gov. When I was running the setup, Oracle always> insisted that the 
 > global name end with doi.net and caused all kinds of> other headaches. The 
 > easiest way I found around the problem was to> take the machine out of AD 
 > and just have it in a workgroup. There were> a couple of Metalink articles 
 > that provided some workarounds for an AD> environment, but they were 
 > extremely time-consuming, and logging in to> Oracle via SQL*Plus was still 
 > problemmatic while in AD. Trying to get> tnsnaming setup so all three 
 > servers could communicate was extremely> frustrating as well. Now that all 
 > three of my servers are just in a> workgroup, things work smoothly (as far 
 > as possible anyway). This was> the only way I could find to easily get 
 > Oracle not to use the doi.net> convention, but use the usgs.gov naming 
 > instead.> > How do others on this list running Windows Servers in Active> 
 > Directory, handle installing and running Oracle software?> > -- > -- Bill 
 > Ferguson> --> http://www.freelists.org/webpage/oracle-l> > 
_________________________________________________________________
See how Windows connects the people, information, and fun that are part of your 
life.
http://clk.atdmt.com/MRT/go/msnnkwxp1020093175mrt/direct/01/

Other related posts: