Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Set up os authentication on Solaris

Posted on 2006-04-20
7
Medium Priority
?
582 Views
Last Modified: 2013-12-05
I'm trying to use DBUA to upgrade a database.
When i enter ./dbua -silent -dbName BB60 the program terminates and the log file says OSAuthentication not available.  How do i set up OSAuthentication?
0
Comment
Question by:xoxomos
  • 3
5 Comments
 
LVL 19

Accepted Solution

by:
actonwang earned 500 total points
ID: 16504733
steps to set up OSAuthentication:

1. Create an operating system account for the user or current user
2. Add the user to the OSDBA or OSOPER operating system defined groups.
       for unix, they are dba, oper
       for windows, they are ORA_DBA,ORA_OPER
3.  Ensure that the initialization parameter, REMOTE_LOGIN_PASSWORDFILE, is set to NONE. This is the default value for this parameter.

try inside sqlplus:
   connect / as sysdba

if it is ok, you are all set


Acton
0
 
LVL 19

Expert Comment

by:actonwang
ID: 16504742
you can refer to oracle administration documentation for more details.
0
 

Author Comment

by:xoxomos
ID: 16504788
i can connect as sysdba with no problem.  It is dbua that is unable to find os authentication (os authentication unavailable)
0
 
LVL 48

Assisted Solution

by:schwertner
schwertner earned 500 total points
ID: 16505509
  Verify the parameter OS_AUTHENT_PREFIX in v$parameter
   Start SQL*Plus and connect as a dba-account to the database

   SQL> SELECT value FROM v$parameter WHERE name = 'os_authent_prefix';

   VALUE
   ------------
   OPS$

   OPS$ is the default value.
   But it can be changed by setting os_authent_prefix = "XYZ" or
   os_authent_prefix = ""  in the init<SID>.ora file and restart the database.
 
   This parameter gives the difference in name between the os-user and the
   database user:

   os-user os_authent_prefix database user
   ------- ----------------- ---------------------------
   FRANK  "OPS$"             OPS$FRANK
   FRANK  ""                 FRANK
   FRANK  "XYZ"              XYZFRANK



   It is recommended to set this value to "", especially if you want to use any
   of the ANO Authentication Adapters.

   Let's assume that <OPS$> stands for the value of OS_AUTHENT_PREFIX.
Domain Prefixing
~~~~~~~~~~~~~~~~
You can have os-user-validation determined by the registry key
OSAUTH_PREFIX_DOMAIN :

     --> without domain-prefixing
     --> with domain-prefixing

In Oracle 7       : located at ‘HKEY_LOCAL_MACHINE\SOFTWARE\ORACLE’
In Oracle 8 and 9 : located at ‘HKEY_LOCAL_MACHINE\SOFTWARE\ORACLE\HOMEn’

To be sure of the location, edit the file oracle.key.

If this parameter does not exist in the registry, the default is
    FALSE in Oracle prior to 8.1.x
    TRUE from 8.1.x onwards
 
OSAUTH_PREFIX_DOMAIN=TRUE enables the server to differentiate between multiple
FRANK user names:
   local user FRANK
   domain user FRANK on the SALES-domain
   domain user FRANK on another domain in your network

   The value is visible in both views V$SESSION and DBA_AUDIT_SESSION:
       SQL> select OS_USERNAME from dba_audit_session;

       OS_USERNAME
       -------------------------------------------------------
       SALES\frank

       SQL> select osuser from v$session;

       OSUSER
       ------------------------------
       SALES\frank

OSAUTH_PREFIX_DOMAIN=FALSE causes the domain to be ignored and local user FRANK
to become the default value of the operating system user returned to the server.

       SQL> select OS_USERNAME from dba_audit_session;

       OS_USERNAME
       -------------------------------------------------------
       frank

       SQL> select osuser from v$session;

       OSUSER
       ------------------------------
       frank

a) Without Domain-prefixing : OSAUTH_PREFIX_DOMAIN=FALSE
   ------------------------
   4) Create a special Oracle Server account for the database you want to
      access on the machine where the Oracle Server database is installed.
      Do not create a local O/S account because we will use the Domain account.

      a. Open SQL*Plus on your Server.
 
      b. Enter the following :

      SQL> CONNECT SYSTEM/MANAGER@ORCL;
      SQL> CREATE USER <OPS$>USERNAME IDENTIFIED EXTERNALLY
           DEFAULT TABLESPACE USER_DATA
           TEMPORARY TABLESPACE TEMPORARY_DATA;

      For example:
      CREATE USER OPS$FRANK IDENTIFIED EXTERNALLY
      DEFAULT TABLESPACE USER_DATA
      TEMPORARY TABLESPACE TEMPORARY_DATA;

   5) Grant any privileges or roles to this user account as follows :

      SQL> GRANT CONNECT TO <OPS$>USERNAME;
      SQL> GRANT RESOURCE TO <OPS$>USERNAME;

      - GRANT CONNECT should be enough for basic testing.
 
   6) Establish a networking session between your client and Windows NT server.
 
   - If clients and server are in the same domain, trusted domains or same
     workgroup, then there is no need to establish a connection between client
     and server.

   - If clients and server are in unrelated domains, then the adapter may not
     be able to retrieve the user name dependancy on user ID. In this case, user
     accounts and passwords must match on both server and clients.

     This means creating the same local or domain account (equal username/password)
     on the foreign domain as exists in the Domain under which Oracle Server is running.
     Since the registry key OSAUTH_PREFIX_DOMAIN=FALSE the Domain Name is ignored
     for Authentication.


   7) Enter the following command to access an Oracle database for Windows NT from
      SQL*Plus :

      CONNECT /@<service name>

      where <service name> identifies the database alias in the "tnsnames.ora".


b) With Domain-prefixing: OSAUTH_PREFIX_DOMAIN=TRUE
   ---------------------
   4) Create a special Oracle Server account for the database you want to access
      on the machine where the Oracle Server database is installed.
      Do not create an O/S account.

      a. Open SQL*Plus on your Server

      b. Enter the following:

      SQL> CONNECT SYSTEM/MANAGER@ORCL;
      SQL> CREATE USER "<OPS$><Domain Name>\USERNAME" IDENTIFIED EXTERNALLY
           DEFAULT TABLESPACE USER_DATA
           TEMPORARY TABLESPACE TEMPORARY_DATA;

      for example:

      ONLY the os-user SALES-US\FRANK will be able to connect

      CREATE USER "OPS$SALES-US\FRANK" IDENTIFIED EXTERNALLY
      DEFAULT TABLESPACE USER_DATA  
      TEMPORARY TABLESPACE TEMPORARY_DATA;

   5) Grant any privileges or roles to this user account as follows :

      SQL> GRANT CONNECT TO "<OPS$><Domain Name>\USERNAME";
      SQL> GRANT RESOURCE TO "<OPS$><Domain Name>\USERNAME";

         - GRANT CONNECT should be enough for basic testing.

      for example:

      GRANT CONNECT to "OPS$SALES-US\FRANK";

      Note: You *MUST* create the username in UPPERCASE and between quotes,
            otherwise, you get an ORA-01017 error

      Example
      SQL> select osuser from v$session:

      OSUSER
      ------------------------------
      NL_LMD01\sroo

      /* note although osusername partly in lowercase, username MUST be in
        uppercase */

      CREATE USER "OPS$NL_LMD01\SROO" IDENTIFIED EXTERNALLY
      DEFAULT TABLESPACE USER_DATA
      TEMPORARY TABLESPACE TEMPORARY_DATA;
     
      grant connect to  "OPS$NL_LMD01\SROO";


0
 
LVL 19

Expert Comment

by:actonwang
ID: 16506079
The error messsage tells you that your current user is not under group dba.

Check to see if your user is under group dba. if not, put this user in the "dba" group and retry it agin.

Acton
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to Create User-Defined Aggregates in Oracle Before we begin creating these things, what are user-defined aggregates?  They are a feature introduced in Oracle 9i that allows a developer to create his or her own functions like "SUM", "AVG", and…
I remember the day when someone asked me to create a user for an application developement. The user should be able to create views and materialized views and, so, I used the following syntax: (CODE) This way, I guessed, I would ensure that use…
Via a live example show how to connect to RMAN, make basic configuration settings changes and then take a backup of a demo database
This video shows how to copy a database user from one database to another user DBMS_METADATA.  It also shows how to copy a user's permissions and discusses password hash differences between Oracle 10g and 11g.
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question