Skip to Main Content
  • Questions

  • How do I find out what username the database is passing through when connecting using Windows Authentication?

Breadcrumb

Question and Answer

Connor McDonald

Thanks for the question, Sam.

Asked: June 20, 2017 - 4:39 pm UTC

Last updated: June 21, 2017 - 3:16 am UTC

Version: 11.2g

Viewed 1000+ times

You Asked

Hi,

I'm having trouble using Windows authentication with my database accounts. I have a front-end application that creates a user account based on what their OS username is, OPS$Username, disregarding the domain name. Logging into the application works on most peoples computers but not all. To determine the root cause, I go to log in using the front end application or the SQLPlus on their computer, supplying /@EZConnectString to it. It tells me that the username/password is invalid, which is unusual because when I enter in credentials for an account that has a password to it, I have no problem connecting. Any idea on what the issue could be? This is an Oracle 11.2g database.

and Connor said...

Try auditing connection attempts, eg

SQL> audit session whenever not successful;

Audit succeeded.

SQL> conn qwe/qwe
ERROR:
ORA-01017: invalid username/password; logon denied


Warning: You are no longer connected to ORACLE.
SQL> conn / as sysdba
Connected.

SQL> select * from sys.aud$
  2  @pr
==============================
SESSIONID                     : 112549
ENTRYID                       : 1
STATEMENT                     : 1
TIMESTAMP#                    :
USERID                        : QWE
USERHOST                      : ORADEV\COMCDONA-AU
TERMINAL                      : COMCDONA-AU
ACTION#                       : 100
RETURNCODE                    : 1017
OBJ$CREATOR                   :
OBJ$NAME                      :
AUTH$PRIVILEGES               :
AUTH$GRANTEE                  :
NEW$OWNER                     :
NEW$NAME                      :
SES$ACTIONS                   :
SES$TID                       :
LOGOFF$LREAD                  :
LOGOFF$PREAD                  :
LOGOFF$LWRITE                 :
LOGOFF$DEAD                   :
LOGOFF$TIME                   :
COMMENT$TEXT                  : Authenticated by: DATABASE
CLIENTID                      :
SPARE1                        : COMCDONA-AU\comcdona
SPARE2                        :
OBJ$LABEL                     :
SES$LABEL                     :
PRIV$USED                     :
SESSIONCPU                    :
NTIMESTAMP#                   : 21-JUN-17 03.15.40.782000 AM
PROXY$SID                     :
USER$GUID                     :
INSTANCE#                     : 0
PROCESS#                      : 21404:5272
XID                           : 0000000000000000
AUDITID                       :
SCN                           :
DBID                          : 1472156324
SQLBIND                       :
SQLTEXT                       :
OBJ$EDITION                   :

PL/SQL procedure successfully completed.


That might give you some more clues as to what is being passed to the database.

Is this answer out of date? If it is, please let us know via a Comment
more

Connor and Chris don't just spend all day on AskTOM. You can also catch regular content via Connor's blog and Chris's blog. Or if video is more your thing, check out Connor's latest video and Chris's latest video from their Youtube channels. And of course, keep up to date with AskTOM via the official twitter account.

More to Explore

Security

All of the vital components for a secure database are covered in the Security guide.