0 Replies Latest reply: Jul 17, 2012 3:43 PM by User939188-Oracle RSS

    Windows OS authentication fails ORA-1017 after renaming AD user

    User939188-Oracle
      When a user is renamed in Active Directory, they can no longer connect to the Oracle DB thru OS authentication. There is no OID/DIP integration.

      sqlnet.ora
      SQLNET.AUTHENTICATION_SERVICES = (NTS)
      NAMES.DIRECTORY_PATH= (TNSNAMES, HOSTNAME)
      NAMES.DEFAULT_DOMAIN = cal.com.br


      create user "CAL\RENATOH" IDENTIFIED EXTERNALLY
      GRANT CREATE SESSION TO "CAL\RENATOH"

      AD User CAL\RENATOH can connect to DB as 'sqlplus /'

      But after renaming AD User CAL\RENATOH to CAL\RENATOH1 and dropping DB user CAL\RENATOH and creating DB user CAL\RENATOH1
      drop user "CAL\RENATOH";
      create user "CAL\RENATOH1" IDENTIFIED EXTERNALLY;

      Now OS authentication 'sqlplus /' fails 'ORA-01017: invalid username/password; logon denied'

      Once I recreate the DB user with old AD user name 'CAL\RENATOH', OS authentication succeeds.
      create user "CAL\RENATOH" IDENTIFIED EXTERNALLY;

      ==========
      C:\Windows\system32>set username
      USERNAME=RENATOH1

      C:\Windows\system32>sqlplus /@rmlab001
      SQL*Plus: Release 11.1.0.6.0 - Production on Tue Jul 3 15:16:46 2012
      Copyright (c) 1982, 2007, Oracle. All rights reserved.
      Connected to:
      Oracle Database 11g Enterprise Edition Release 11.1.0.7.0 - 64bit Production
      With the Partitioning and OLAP options

      SQL> select SYS_CONTEXT('USERENV','OS_USER') from dual;
      SYS_CONTEXT('USERENV','OS_USER')
      --------------------------------------------------------------------------------
      CAL\RENATOH

      =================

      Why the Database is still looking for old AD user name?
      Does Oracle cache information about OS authenticated users?