Environment
Novell Filr 2.0
Novell Open Enterprise Server (OES) Linux
Novell Modular Authentication Service (NMAS)
Novell Open Enterprise Server (OES) Linux
Novell Modular Authentication Service (NMAS)
Situation
After the successful upgrade to Filr 2.0 LDAP imported Filr users are not able to fully log into Filr.
The initial login succeeds, but when trying to access a Home or Net Folder an LDAP error "You need to authenticate again due to an LDAP credential change" appears and the user is returned to the Filr login screen.
The famtd.log shows these errors:
ERROR:NWDSOpUtils::FAMT_GetXplatContext_For_Proxy NWDSLoginEx() returned UNKNOWN ERROR (-669)
ERROR:NCPSession::FAMT_GetXplatContext:NCPSession::FAMT_GetXplatContext NWDSLoginEx() returned UNKNOWN ERROR (-669)
ERROR:ConvertXplatRespValToStr :: Unknown error code 0xfffffd63
ERROR:NCPOperations::FAMT_Login:[sid - 3SCLnb2hwwwrDdLKErpzqw==] FAMT_GetXplatContext() FAILED statuscode - 0xfffffd63 (UNKNOWN ERROR)
ERROR:thread_handler: request processing failed - FAMT_INVALID_PASSWORD
ERROR:sendStatus: sending status ret: FAMT_INVALID_PASSWORD
Error -669 (dec) and 0xfffffd63 (hex) translate into: FAILED AUTHENTICATION.
Especially users with a Home Directory are affected.
Users without a home directory are able to log in, but are unable to access the Net Folders.
The initial login succeeds, but when trying to access a Home or Net Folder an LDAP error "You need to authenticate again due to an LDAP credential change" appears and the user is returned to the Filr login screen.
The famtd.log shows these errors:
ERROR:NWDSOpUtils::FAMT_GetXplatContext_For_Proxy NWDSLoginEx() returned UNKNOWN ERROR (-669)
ERROR:NCPSession::FAMT_GetXplatContext:NCPSession::FAMT_GetXplatContext NWDSLoginEx() returned UNKNOWN ERROR (-669)
ERROR:ConvertXplatRespValToStr :: Unknown error code 0xfffffd63
ERROR:NCPOperations::FAMT_Login:[sid - 3SCLnb2hwwwrDdLKErpzqw==] FAMT_GetXplatContext() FAILED statuscode - 0xfffffd63 (UNKNOWN ERROR)
ERROR:thread_handler: request processing failed - FAMT_INVALID_PASSWORD
ERROR:sendStatus: sending status ret: FAMT_INVALID_PASSWORD
Error -669 (dec) and 0xfffffd63 (hex) translate into: FAILED AUTHENTICATION.
Especially users with a Home Directory are affected.
Users without a home directory are able to log in, but are unable to access the Net Folders.
Resolution
A fix for this issue is available in the Filr 2.0 Hot Patch 2, available via the Novell Patch Finder.
Cause
In the Novell Open Enterprise Server Environment a Password Policy is active.
This Password Policy has the "Remove the NDS password when setting Universal Password" option set to true, or has the "Synchronize NDS password when setting Universal Password" set to False.
By default the Novell XPLat client uses just the NDS password, unless it is configured to first use an other Authentication provider, following which then cascades down to the NDS password.
This Password Policy has the "Remove the NDS password when setting Universal Password" option set to true, or has the "Synchronize NDS password when setting Universal Password" set to False.
By default the Novell XPLat client uses just the NDS password, unless it is configured to first use an other Authentication provider, following which then cascades down to the NDS password.