Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: logon as sysdba -- insufficient privileges ?!?!?

Re: logon as sysdba -- insufficient privileges ?!?!?

From: Howard J. Rogers <hjr_at_dizwell.com>
Date: Fri, 28 May 2004 05:27:26 +1000
Message-ID: <40b64113$0$31678$afc38c87@news.optusnet.com.au> 






"Ed Stevens" <nospam_at_noway.nohow> wrote in message
news:q4tbb0932o02pu65eqn7rulf2j9fjpgvgu_at_4ax.com...




> >Can you do me a three minute favour. Add 'Everyone' to the ORA_DBA group,

> >and try again.

> >

> >Then report back.

> >

> Adding the local group Everyone to ORA_DBA allowed me to log on (at

> the console -- don't forget that this box is running Terminal

> Services) with my domain account and connect to an idle instance.  As

> did logging on with a local account I created as a test.  Only when I

> was depending on authenticating my domain user account was I not

> authorized.

>

> But it gets even more strange (to me at least!). I just visited my

> friendly server/network admin and ran this all past him.  After

> walking him thru it all, we took all of the local accounts out of

> ORA_DBA, took my individual domain account out, and added in a domain

> group (OracleAdmins) of which my domain account is a member.  With

> that setup I was able to connect to an idle instance while logged on

> to the box with my domain account.  So . . . it appears to not resolve

> my individual domain account, but it will resolve a domain group of

> which my individual domain account is a member.




Ah. That was my stupid mistake, too. On checking, it would appear I meant
'everyone' as in the 'Domain Users' group, not 'Everyone' as in the
'Everyone' group. But that clearly isn't what I wrote (twice) so beat me
with birch sticks too.



OK, well we live and learn. It would indeed appear to be a question of
resolving (I think I used the term parsing, which was also silly of me!)
domain security issues. Tsk! tsk! Windows, heh?!



I've just checked one of my XP boxes, though, and it has only got my domain
account in the ORA_DBA group, but works. So it's another one of these 'works
on alternate Tuesdays with a full moon' kind of issues, I guess. I wonder
whether it has anything to do with creating a domain account, deleteing it,
and then re-creating it under the same name? Something about IDs for user
accounts in Windows?? But that's getting deep into Windows admin territory,
so maybe we'll just leave it there!



Thanks for the follow-up, though.



Regards


HJR

Received on Thu May 27 2004 - 14:27:26 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US