Error Login Failure 0xFFFFFDA7

  • 7006629
  • 12-Aug-2010
  • 21-Aug-2013

Environment

Novell Client for Vista 1.0.0 Login

Situation

Multiple users accessing the same workstation. When booting up the workstation, the LDAP lookup is only performed on the first username entered into the username field. If you change the username to some other username after tabbing to the password field, then the LDAP lookup is not performed and the information from the default profile is used instead. At this point login with the second user id will fail because of the wrong context. Attempting to login at this point will result in the error "Login Failure"  0xFFFFFDA7.

To duplicate use the following configuration...

Create the following information in eDirectory
user1.users1.novell
user2.users2.novell

In the client configure the LDAP settings as...

Treeless login - No
Contextless login - Yes
LDAP search scope - Yes

Tree Name - Make sure to enter the eDirectory Tree NAME (not the ip address)

Under the properties of the Tree name
Search context and subcontext

Define the contexts of:
ou=users1,o=novell
ou=users2,o=novell

Click ok and then back at the LDAP settings window enter the LDAP server ip address. All other LDAP settings are left at default.

Now go to the system login profile.
On the general tab
Disable the checkbox for save profile on successful login

On the NDS tab
Enter the name of the tree - (Do not enter an IP address)
Enter the context of novell
Enter the IP address of eDirectory server

All other client settings are left at default.

Now click ok and close the client properties.

Perform a logout of user to get back to the Novell login.

Now in the username field type the user user1 followed by the tab key to get to the password field. If you now click on the advanced login link you will see the context of users1.novell. Click cancel and then enter the username of user2 followed by the tab key to get to the password field. Then click on the advanced login link and you will see that the context is now set to novell.. Not to users2.novell.

Packet traces show that an LDAP lookup is performed only on the first username entered. Subsequent names are never searched for. If you click on the link to login locally, then click on the link to go back to the Novell login, then you
can actually perform the search again but only for the first username entered.

Resolution

Fixed in Novell Client 2 SP1 for Windows (IR6) or later.