Install oracle11g under WINDOWS2008R2, you can use the OS account to log on to Oracle on the server where Oracle is installed, and the remote OS, such as Win7, can also be logged on using the local OS account.
Multiple parameters need to be set.
Log on to Oracle with DBA authority
C:\users\administrator>sqlplus/nolog
Sql*plus:release 11.2.0.1.0 Production on February 12 16:39:03 2015
Copyright (c) 1982, Oracle. All rights reserved.
Sql> Conn/as SYSDBA
is connected.
Sql> Show User
USER is "SYS"
If the user is shown as SYS, it is successful to use OS account authentication for the server's native computer.
If not, then you need to identify some places.
Installation path \product\11.2.0\dbhome_1\network\admin
Under the Sqlnet.ora file
Sqlnet. Authentication_services= (NTS)
Whether there is NTSin parentheses, (none,nts) can also
NAMES. Directory_path= (TNSNames, Ezconnect)
Here the tnsnames is corresponding to the Tnsnames.ora file, is to sqlplus command parsing SID flag
Sql> conn/@orcl
This mark is ORCL, the corresponding file in the ORCL explanation host,port, and service_name
Of course, you can log in with the SYS account and password.
Sql> Conn Sys/password as Sysdba
is connected.
Determining initialization parameters
①sql> Show Parameter Os_authent_prefix
NAME TYPE VALUE
------------------------------------ ----------- ------------
Os_authent_prefix string ops$
Sql>
This ops$ is a prefix, can be empty, but not null, empty use "" just fine.
This is to differentiate between an Oracle user or an OS user, and the OS user is preceded by a ops$
② is available for remote clients,
Sql> Show Parameter Remote_os_authent
NAME TYPE VALUE
------------------------------------ ----------- ---------
Remote_os_authent Boolean FALSE
This is shown as false and must be modified
Sql>alter SYSTEM SET remote_os_authent = TRUE SCOPE = SPFILE;
Then restart the database
SHUTDOWN IMMEDIATE
STARTUP
③ Remote Connection parameters
Sql> Show Parameter Remote_login_passwordfile
NAME TYPE VALUE
------------------------------------ ----------- -----------------
Remote_login_passwordfile string EXCLUSIVE
EXCLUSIVE can do it.
None is a remote password file is not allowed,gkfx appears in the old version, and the current and exclusive effects are the same.
and start mapping OS accounts in Oracle.
Sql> Create user ops$administrator identified externally;
User created.
Authorization to connect, etc.
Sql> Grant Connect,resource to Ops$administrator;
Grant succeeded.
And now log on to the server and see
Sql> Conn/
is connected.
Sql> Show User
USER is "Ops$administrator"
Add as SYSDBA in order to log in with the database administrator mode
Enter the remote continuation below
Installing Oracle's client software in client Win7
After configuring the SID connection, the parameters in the Sqlnet.ora file must also have NTS, which is the key to OS authentication
NAMES. Directory_path= (TNSNames, Ezconnect) must also have
Editing Tnsnames.ora is also key
ORCL =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP) (HOST = ORACLE) (PORT = 1521))
(Connect_data =
(SERVER = dedicated)
(service_name = ORCL)
)
)
Here (HOST = ORACLE) is the machine name of the server that installed windows2008, if there is no domain support, need to bring the full domain name, (service_name = ORCL) is the service name defined on the remote server, can not be wrong.
Then try it on the client.
Sql> Conn/
is connected.
Sql> Show User
USER is "Ops$administrator"
This convenience is convenient, but the safety is lost.
To try, in the client to do a administrator account, but with the server's administrator account password is different, can also connect it, the answer is yes, or can. In other words, when the remote_os_authent is true, the server side is not confirm the password, is the client's OS on the confirmation of the password, then the client if they have administrator rights, then do what the name of the account can be, there is no security, Of course, the use must be in isolation and the internet environment, or die more ugly. should also be used in the domain environment, the client's login users are controlled by the domain, authenticated user name with domain authentication, to ensure that both client and server-side authentication can be trusted. If you want to ignore the domain name authentication user name, you can modify the registry in the server-side OS
Hkey_local_machine\software\oracle\key_oradb11g_home1
Add text column Osauth_prefix_domain with a value of false
This is certainly not recommended.
This article from "Genius without that 1% is absolutely impossible" blog, please be sure to keep this source http://xushen.blog.51cto.com/1673219/1614106
Using external operating system account validation in Windows oracle11g