RE: Oracle on Windows with Active Directory
- From: M Rafiq <rafiq9857@xxxxxxxxxxx>
- To: <wbfergus@xxxxxxxxx>, oracle list <oracle-l@xxxxxxxxxxxxx>
- Date: Thu, 30 Oct 2008 10:39:23 -0400
Bill,
The proper configuration for ADS server is must to run it smoothly.
In our environment, the ADS team has created 2 groups on ADS server. One is
server_admin group and other is ORACLE_ADMIN group (to be a part of ORA_DBA)
group.
All DBA's are part of both groups. There is no local user ids created. We login
to Windows server as ADS\userid.
The Windows database server under ADS domain should also be defined correctly
by ADS team. After login to server and connecting to databases as ' sqlplus /
as sysdba' without giving password, this setup is ok. If not setup is not
correct and this issue has to be resolved.
As regard tns issue you may define your domain in sqlnet.ora file like this on
local tnsnames.ora file.
NAMES.DEFAULT_DOMAIN = usgs.gov
SQLNET.AUTHENTICATION_SERVICES= (NTS) ----This is must to login as sysdba
without password. It may be NONE,NTS otherwise to avoid any application
connectivity issues.
NAMES.DIRECTORY_PATH= (TNSNAMES, ONAMES, HOSTNAME)
You may also talk to them to define the usgs.gov naming instead of doi.net in
DNS entries.
The following note from Oracle may help for proper setup of Windows database
server under ADS domain.
I hope it may help someone on this list.
Regards
Rafiq
OS Authentication for Administrator/Domain user
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
A new user is created on the NT-domain and added to the local ORA_DBA group
of the member server, but connecting to the database AS SYSDBA without any
password still fails with ORA-01031 :
- the account on Windows being used is a domain account
- the server (which is a member of a domain) is Windows 2003 or Windows 2000
- the Domain controller is Windows 2000
- by default Windows 2003 and 2000 have a different way of authentication
when using domain accounts.
In fact, although Windows 2003 is not pre-Windows 2000, since they all
implement the Windows NT way of authentication, the method below is successful:
- Logon to the domain controller (Windows 2000) as administrator
- Run Control Panel / Active Directory Users and Computers
- Click Computers
- Double click the server name of the Windows 2003 or Windows 2000 box
- Select the "Member of" tab
- Add "Pre-Windows 2000 Compatible Access"
> Date: Thu, 30 Oct 2008 06:26:03 -0600> From: wbfergus@xxxxxxxxx> To:
> oracle-l@xxxxxxxxxxxxx> Subject: Oracle on Windows with Active Directory> >
> I've been meaning to research this further, but never got around to it.> > I
> had one server that was placed in AD that gave me all kinds of grief> when I
> was installing the software. Our AD environment (very poorly> planned), ends
> with doi.net, yet all of our machines are only (web)> addressable as
> usgs.gov. When I was running the setup, Oracle always> insisted that the
> global name end with doi.net and caused all kinds of> other headaches. The
> easiest way I found around the problem was to> take the machine out of AD
> and just have it in a workgroup. There were> a couple of Metalink articles
> that provided some workarounds for an AD> environment, but they were
> extremely time-consuming, and logging in to> Oracle via SQL*Plus was still
> problemmatic while in AD. Trying to get> tnsnaming setup so all three
> servers could communicate was extremely> frustrating as well. Now that all
> three of my servers are just in a> workgroup, things work smoothly (as far
> as possible anyway). This was> the only way I could find to easily get
> Oracle not to use the doi.net> convention, but use the usgs.gov naming
> instead.> > How do others on this list running Windows Servers in Active>
> Directory, handle installing and running Oracle software?> > -- > -- Bill
> Ferguson> --> //www.freelists.org/webpage/oracle-l> >
_________________________________________________________________
See how Windows connects the people, information, and fun that are part of your
life.
http://clk.atdmt.com/MRT/go/msnnkwxp1020093175mrt/direct/01/
Other related posts:
