Novell Home

My Favorites

Close

Please to see your favorites.

The initial password for NT is blank after adding a new user in NDS to a domain.

(Last modified: 02Jun2003)

This document (10071566) is provided subject to the disclaimer at the end of this document.

fact

Novell NDS for NT 2.0

NDS for NT 2.01

Novell NDS for NT 2.02 (Corporate Edition)

Novell Account Management 2.1

symptom

The initial password for NT is blank after adding a new user in NDS to a domain.

User logs into NDS and NT domain for the first time, NT password is blank.

Users are created in eDirectory through ConsoleOne with a *template and the synchronize password with Domain option has been checked.

cause

During initial migration or when creating a new user, selecting the Force Password Synchronization check box does not force an immediate synchronization of the NDS password and the Domain password. In order for password synchronization to occur, a user must successfully login to NetWare and change their password.  Or have the password changed after the user has been added to the NT domain.  During the initial creation of the user, if the NDS password is specified, it is immediately hashed with Novell encryption and the hash written to NDS.  Then the clear text of the password that was typed in is erased.  The domain membership is added after the initial user attributes are created.  Then the NT password is generated.  Since the NDS password is no longer in clear text, the NT password is blank.  The Novell hash cannot be used because it cannot be unencrypted into clear text and Microsoft uses a different encryption technology.  After the user has been created, if the password is changed, the snapins or client will detect that it must be changed in both places and make the correct change.

fix

After adding a user to the domain, either expire the NDS password for the next time the user logs in so they are forced to change their password, or in password restrictions of the user, change their password for them after you have created the user, clicked ok, then gone back into the user.  In both scenarios, the password will be synched. Once a user is associated to a domain, and a password change has occurred, subsequent password changes will be synchronized.

Note:

Even though the option for synchronizing passwords was built-in to the template when using ConsoleOne the way the current password is synchronization is handled (as explained above) limits this function from working at the present time.  This functionality may be included in a future release.

disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

  • Document ID:
  • 10071566
  • Solution ID: NOVL80240
  • Creation Date: 31May2002
  • Modified Date: 02Jun2003
    • NetIQeDirectory

Did this document solve your problem? Provide Feedback