Resolving NMAS Authentication Problems after eDirectory 8.8+ Upgrade
Novell Cool Solutions: Feature
By Harshwardhan Pradhan
Digg This -
Posted: 17 May 2006
Prior to eDirectory 8.8, users having different authentication methods (Simple Password, CertMutual, etc.) were able to authenticate without setting any login sequence for that user. For example, a user with Simple Password would use the Simple Password method for authentication.
From eDirectory 8.8 onwards, users with an authentication method other than NDS will not be able to authenticate by default. So if the administrator upgrades the eDirectory from 8.7.3.x to 8.8 or above, users using NMAS methods other than NDS for authentication will not be able to authenticate.
First, here is the preliminary step to resolve the authentication problem:
1. Set NDSD_TRY_NMASLOGIN_FIRST=true on the eDirectory server.
1a. On Netware, edit the c:\nwserver\startup.ncf file and add this line at the beginning:
(For Netware, reboot the server.)
1b. On UNIX, edit the /etc/init.d/ndsd file and add these two lines before the StartNdsd() function:
NDSD_TRY_NMASLOGIN_FIRST=true export NDSD_TRY_NMASLOGIN_FIRST
1c. On Windows, follow these steps:
a. Right-click My Computer and select Properties.
b. Goto Advanced and Select Environment Variables.
Figure 1 - Environment Variables
c. Go to System Variables.
Figure 2 - System Variables
d. Add the new value NDSD_TRY_NMASLOGIN_FIRST=true
Figure 3 - Adding the NDSD_TRY_NMASLOGIN_FIRST=true value
Additional Steps for All Platforms
1. Log in to iManager.
2. If all the users under a container are using same authentication mechanism then go to Modify Object and browse to that container where all the users using the same NMAS method reside.
Figure 4 - Finding the container with the NMAS users
3. Click the Other tab.
4. In the Unvalued Attributes list, select the sasDefaultLoginSequence attribute.
5. Set the NMAS method (Simple Password or CertMutual etc.) that the users under this container are using.
Figure 6 - Setting the NMAS method
6. If all the users under a container are not using the same NMAS authentication mechanism, then go to NMAS users and select the user (using NMAS method other than NDS).
Figure 7 - Selecting the user, for NMAS other than NDS
7. Go to the NMAS Login Sequence page and set the default login sequence for that user.
Figure 8 - Setting the default login sequence
8. Select the users one by one and set the default login sequence for each of them explicitly.
Note: You can do the same thing in ConsoleOne by selecting the users or container and setting the default login sequence in the Properties page.
9. Apply these settings and restart eDirectory.
From eDirectory 8.8 onwards, if the users are using an NMAS method other than NDS, then the NDSD_TRY_NMASLOGIN_FIRST variable needs to be set on the eDirectory server, and the default login sequence need to be set for that user.
Once the default login sequence gets set on a container, it is inherited by all users under that container. There is no need to set it for them explicitly, unless the sequence changes.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com