Hi Jared, I agree with you on the security issue, but sometimes it is a requirement to have this possibility. If you create the database user with domain name as well doesn't this make it a bit more secure, as this is more difficult to create such a user on windows (not a windows admin so could be wrong)? Jack On 05/02/2008, Jared Still <jkstill@xxxxxxxxx> wrote: > > On Jan 30, 2008 6:53 PM, Jack van Zanen <jack@xxxxxxxxxxxx> wrote: > > > > > When creating the domain user in the database you use double quotes ( > > "OPS$<domainname>\<username>" > > ). It than becomes case sensitive as well. Make sure the case is spot > > on. > > > > log on to the database as a dba user and look in v$session to see exact > > spelling of your os account. > > > > > > Jack > > > > > > > Creating an account with domainnname/username is not necessary when > connecting > to Oracle on unix/linux from a windows client. > > I just created an account on 2 different databases on linux using > "OPS$<myusername>". > No domain name. > > One server knows how to authenticate via AD, the other does not. > > Both allowed an OS authenticated login from a Windows client. > > Setting remote_os_authent=true is a rather dangerous option. > > If is *extremely* easy for a windows client to gain ownership of the > database when remote_os_authent=true. > > If you set it, you better be using invited_nodes in sqlnet.ora to limit > who can get to the database. > > Jared > > > > > > > > > > -- > Jared Still > Certifiable Oracle DBA and Part Time Perl Evangelist > -- J.A. van Zanen