ORA-12638 error and SYS User Login permission verification in Windows

Today in Windows XP installation Oracle10g, the installation of Oracle software is not a problem, but in DBCA database creation, the emergence of ldquo; ORA-12638: Credenti

Today in Windows XP to install Oracle 10g, the installation of Oracle software is not a problem, but in DBCA database creation, the emergence of ldquo; ORA-12638: Credenti

Today, when installing Oracle 10g on Windows XP, there was no problem when installing Oracle software, but when DBCA database creation, there was a "ORA-12638: Credential retrieval failed" error.

The reason is that Oracle cannot apply operating system authentication. The computer user is a domain user, probably because the domain user does not have the permission to perform operating system authentication.

Solution: Comment out sqlnet. AUTHENTICATION_SERVICES = (ETS) in the sqlnet. ora file, or change this parameter to SQLNET. AUTHENTICATION_SERVICES = (NONE ).

The system uses the Windows operating system to log on to the database. AUTHENTICATION_SERVICES = (CNT) this parameter is only valid for Windows systems. This parameter is equivalent to the value of "CNT". It can be verified by a password file and logged on to the Oracle database by operating system verification; this parameter is equal to NONE, indicating that only Password File authentication is allowed to log on to the database. In general, domain users cannot apply operating system authentication and authentication retrieval fails.

There are two ways to perform Oracle logon authentication:

The password of an Oracle common user is stored in the data dictionary of the database. Therefore, the common user can log on to the database only when the database is OPEN. However, there are two types of users who can log on to the database without opening the database. This is the user with SYSDBA and SYSOPER permissions. These two methods can be used to log on to the database: Operating System (OS) authentication and password file authentication. Which logon method is used depends on the sqlnet. AUTHENTICATION_SERVICES parameter in the SQLNET. ora file. The value of this parameter is set to ETS, which allows you to use OS authentication. In this case, you can directly log on to the database without a password, that is, "sqlplus/as sysdba ". If this parameter is set to NONE, OS authentication is disabled. At this time, the user can only log on to the database through password file authentication.

Whether the user can successfully log on to the database through the password file is subject to the following two factors:

1. The remote_login_passwordfile parameter in the parameter file, which has the following three values:

NONE: indicates that the Oracle system does not use the password file. users with the SYS permission can log on to the database through OS authentication.

EXCLUSIVE: Only one database instance can use this password file. Only the password file under this setting can contain user information except INTERNAL/SYS, that is, SYSDBA/SYSOPER permission can be granted to other users except INTERNAL/SYS. (10g and 11G default)

SHARED: this password file can be used by multiple database instances. In this setting, only INTERNAL/SYS users can be identified by the password file. Even if the file contains information of other users, they are not allowed to log on with the SYSDBA/SYSOPER permission.

You can run the following command to view the parameter value of remote_login_passwordfile:

SQL> show parameter remote_login_password

NAME TYPE VALUE

---------------------------------------------------------------------

Remote_login_passwordfile string EXCLUSIVE

You can query the V $ PWFILE_USERS view to view the user information with SYSDBA/SYSOPER permissions:

SQL> select * from v $ pwfile_users;

USERNAME SYSDB SYSOP

----------------------------------

SYS TRUE

2. Check whether the password file exists and whether the password is correct.

When the remote_login_passwordfile parameter is set to EXCLUSIVE and SHARED, users with SYSDBA and SYSOPER permissions can log on to the database using Password File authentication. The order of Oracle search password files is:

(1) Search for the ORA_SID_PWFILE parameter value in the System Registration Database (it is the full path name of the password file );

(2) If not found, search for the ORA_PWFILE parameter value;

(3) If not found, use the default value ORACLE_HOME \ DATABASE \ PWDSID. ORA;