Discussions
Categories
- 17.9K All Categories
- 3.4K Industry Applications
- 3.3K Intelligent Advisor
- 62 Insurance
- 536.1K On-Premises Infrastructure
- 138.2K Analytics Software
- 38.6K Application Development Software
- 5.7K Cloud Platform
- 109.4K Database Software
- 17.5K Enterprise Manager
- 8.8K Hardware
- 71.1K Infrastructure Software
- 105.2K Integration
- 41.6K Security Software
Unable to configure directory authentication for Users as SYSDBA
We had a task where we were required to assign SYSDBA privileges to a certain user using Directory Authentication using EUS
Here’s the document & blog we followed -
How To Configure Directory Authentication for Database Administrative Users (SYSDBA and SYSOPER) (Doc ID 457083.1)
http://blog.yannickjaquier.com/oracle/enterprise-user-security-eus-password-authentication.html
But we get the following error –
[[email protected] ~]$ sqlplus sdesmukh/[email protected] as sysdba
SQL*Plus: Release 11.2.0.4.0 Production on Tue Jul 5 15:25:40 2016
Copyright (c) 1982, 2013, Oracle. All rights reserved.
ERROR:
ORA-01017: invalid username/password; logon denied
However, since EUS is configured, the user is able to login fine as a non-SYSDBA user as shown below
[[email protected] ~]$ sqlplus sdesmukh/[email protected]
SQL*Plus: Release 11.2.0.4.0 Production on Tue Jul 5 15:23:25 2016
Copyright (c) 1982, 2013, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
Any ideas on what I could try or might be missing ?
Answers
-
Step 4 might require you to restart the database in order for the setting to take effect.
-
@handat Thanks for your reply. I already tried that.
I noticed a weird thing, if I create the user locally in the DB as in the attached image, I'm able to login just fine albeit with AD password.
But it doesn't make sense to me that for EUS Password Authentication to work for SYSDBA roles, I would need to create local DB users.
-
I think it would make sense since they are special users with additional privileges. They also normally get added to orapw file while normal users don't.
-
Hmmm... @handat, even I thought so. But it doesn't make sense since the whole idea of EUS is to centralize Db users in the LDAP.
Moreover this step is not mentioned in Oracle Knowledge Articles or the only blog I found on it. It's more of a hack I feel.
-
Does any one have any other ideas on this ?
-
Hello Sudipto,
Could you please try to connect using an UPPERCASE for the username as follows and see if it returns the same error.
sqlplus SDESMUKH/[email protected] as sysdba
Regards
Vivek
-
Tried already didn't work
Thanks,
Sudipto