Error 1418 when setting a Simple password

  • 3833399
  • 20-Oct-2006
  • 25-May-2012

Environment

Novell Native File Access Pack (NFAP)
Novell Modular Authentication Service (NMAS)
Nsure Identity Manager 2.0
DirXML Password Synchronization
Novell International Cryptographic Infrastructure (NICI)

Situation

Error 1418 when setting a Simple password
Error 1418 when attempting to authenticate
Error -1,418 when setting a Simple password
Error -1,418 when attempting to authenticate
Unable to get nspmpassword(2) failed, -1418

Resolution

This error refers to ENCRYPTED DATA INVALID. This can occur when the SD Key (TreeKey) has been corrupted, is unsyncronized, or has been lost.


When a user tries to authenticate to a server with a simple password, the SD Key (Treekey) is used to decrypt the password. If the server you are connecting do, does not have the correct SD Key (Treekey) you may this error. All servers need to have the same SD Keys (Treekeys), however each server should have a file generated through NICISDI. Note: NEVER copying a NICISDI.KEY file from one server to another.

To fix the problem, follow these steps:

1. Determine if the TreeKey is valid on each server in the tree, beginning with the master server. This can be done by completing the following steps:

Verify that the Treekey is the same as the Treekey on the master server.

SDIDIAG is the best utility to use to verify the SD keys (Treekeys).
SDIDIAG can be downloaded from https://support.novell.com/filefinder.

Use TID#3455150 - Using SDIDiag to gather specific SDKey information from servers in order to check your tree keys.

If Treekeys are the same on all servers in the tree and you still get the -1418 error when you try to set a user's Simple Password, do the following.

- Launch ConsoleOne
- Right-click on the User Object and select the'Other'-tab.
- Delete the attributes 'SAS:Login Configuration' and'SAS:Login Configuration Key'.
- Click 'OK' or 'Apply' to save the changes to the User Object.
- Wait for NDS to synchronize the changes to all read/write replicas of the partition with the User Object.

NOTE: If using ConsoleOne version 1.3.6, the SAS attributes may not show up at all. You will first need to disable the ConsoleOne snapins for Login Methods. To do that, do the following:

- Launch ConsoleOne
- Right-click any User Object and select Properties
- Select the Page Options button in the bottom left corner of the screen
- Highlight the Login Methods folder and then Select Disable
- Click OK and then OK again. Close the Properties window and reopen it
- Go to the Other tab and you should be able to see the SAS attributes now and should be able to delete them

You can also try renaming the consoleone\1.2\snapins\security\SimplePassword.jar file and then relaunch the ConsoleOne and if you go to the Other tab, you should see the SAS attributes.

Additional Information

Formerly known as TID# 10071163