6.20 Synchronizing NMAS Login Methods Is Required to Avoid Login Failures

NMAS (NetIQ Modular Authentication Service) provides flexible login options, including support for smart cards, proximity cards, passwords, etc.

OES services, such as Novell AFP and Novell CIFS include NMAS login methods that are installed in eDirectory at the same time as the services. Macintosh and Windows users can then log into OES just as they would log into a native AFP or CIFS server.

After an NMAS login method is installed in eDirectory, it must be synchronized to all of the eDirectory replicas in the tree. Replica synchronization is, of course, a high system priority. However, it is not guaranteed to be immediate, and on networks with many servers and multiple-replica trees, normal delays in synchronization can result in authentication failures.

For example, when an AFP user requests a connection to an OES server running Novell AFP, NMAS can direct the login request to any eDirectory server that has a writable replica of a partition containing the User object. If the AFP login method is not yet synchronized to that particular eDirectory server, the authentication request fails.

To avoid login failures and user frustration, you should make sure that all of your eDirectory servers that hold replicas are synchronized as soon as possible after OES services are installed.

For more information on synchronization, see Synchronization in the NetIQ eDirectory 8.8 SP8 Administration Guide.