NOVELL FORUMS

mmerrell · #1 28-Oct-2009, 01:09 PM

Hi everyone,

I've been struggling with getting Universal Password to run on my network (netware 6.5 SP7 w/ ss206 and LDAP). I finally got it to accept case sensitivity, but when I tested expiring the password after the initial set by the user, they get a Login-LGNWNT32-100: Access has been denied error (Vista64 SP2 with Client 2 and Client 2IR1a).

I ran a DSTRACE for NMAS and discovered it throwing this error:

DSAFinishLogin failed, failed authentication (-669)

My UP Password Policy has Remove the NDS password when setting Universal Password and Synchronize Simple Password when setting UP checked. My LDAP Groups have the TLS requirement checked.

Here's a chunk of the Trace:

VCLN: [2009/10/28 11:55:57.166] DCFreeContext context 6a1d00ca idHandle 0000000c, connHandle 00004400, SYS:SYSTEM\NMAS.NLM
VCLN: [2009/10/28 11:55:57.166] DCFreeContext context 6a1d00e1 idHandle 0000000c, connHandle 00005d00, SYS:SYSTEM\NMAS.NLM
AREQ: [2009/10/28 11:55:57.170] Calling DSAResolveName conn:244 for client .ldapuniversal.Administration.Pocatello.PHD6.SDHD.
AREQ: [2009/10/28 11:55:57.171] Calling DSARead conn:244 for client .ldapuniversal.Administration.Pocatello.PHD6.SDHD.
AREQ: [2009/10/28 11:55:57.172] Calling DSAResolveName conn:244 for client .ldapuniversal.Administration.Pocatello.PHD6.SDHD.
AREQ: [2009/10/28 11:55:57.172] Calling DSARead conn:244 for client .ldapuniversal.Administration.Pocatello.PHD6.SDHD.
AREQ: [2009/10/28 11:55:57.178] Calling DSAResolveName conn:244 for client .ldapuniversal.Administration.Pocatello.PHD6.SDHD.
AREQ: [2009/10/28 11:55:57.180] Calling DSAResolveName conn:244 for client .ldapuniversal.Administration.Pocatello.PHD6.SDHD.
AREQ: [2009/10/28 11:55:57.193] Calling DSAResolveName conn:265 for client .[Public].
AREQ: [2009/10/28 11:55:57.194] Calling DSAResolveName conn:244 for client .ldapuniversal.Administration.Pocatello.PHD6.SDHD.
AREQ: [2009/10/28 11:55:57.195] Calling DSARead conn:244 for client .ldapuniversal.Administration.Pocatello.PHD6.SDHD.
AREQ: [2009/10/28 11:55:57.195] Calling DSABeginAuthentication conn:265 for client .[Public].
AREQ: [2009/10/28 11:55:57.214] Calling DSAFinishAuthentication conn:265 for client .[Public].
VCLN: [2009/10/28 11:55:57.225] DCCreateContext context 760f00e1 moduleHandle 8d0a05e0 SYS:SYSTEM\DS.NLM, idHandle 00000000
AREQ: [2009/10/28 11:55:57.225] Calling DSARead conn:0 for client .POCATELLO.Pocatello.PHD6.SDHD.
AREQ: [2009/10/28 11:55:57.225] DSARead failed, no such attribute (-603).
VCLN: [2009/10/28 11:55:57.225] request DSARead by context 760f00e1 ,cFlags=00010587 , scflags=00000000 failed, no such attribute (-603)
VCLN: [2009/10/28 11:55:57.225] DCFreeContext context 760f00e1 idHandle 00000000, connHandle 00004400, SYS:SYSTEM\DS.NLM
AREQ: [2009/10/28 11:55:57.232] Calling DSAGetServerNetAddress conn:265 for client .ldapuniversal.Administration.Pocatello.PHD6.SDHD.
AREQ: [2009/10/28 11:55:57.233] Calling DSAResolveName conn:244 for client .ldapuniversal.Administration.Pocatello.PHD6.SDHD.
AREQ: [2009/10/28 11:55:57.234] Calling DSARead conn:244 for client .ldapuniversal.Administration.Pocatello.PHD6.SDHD.
AREQ: [2009/10/28 11:55:57.234] Calling DSABeginLogin conn:265 for client .ldapuniversal.Administration.Pocatello.PHD6.SDHD.
AREQ: [2009/10/28 11:55:57.277] Calling DSASetKeys conn:265 for client .ldapuniversal.Administration.Pocatello.PHD6.SDHD.
AREQ: [2009/10/28 11:55:57.282] DSASetKeys failed, no access (-672).
AREQ: [2009/10/28 11:55:57.291] Calling DSAResolveName conn:244 for client .ldapuniversal.Administration.Pocatello.PHD6.SDHD.
AREQ: [2009/10/28 11:55:57.432] Calling DSAGetServerNetAddress conn:265 for client .[Public].
AREQ: [2009/10/28 11:55:57.433] Calling DSAResolveName conn:244 for client .ldapuniversal.Administration.Pocatello.PHD6.SDHD.
AREQ: [2009/10/28 11:55:57.434] Calling DSARead conn:244 for client .ldapuniversal.Administration.Pocatello.PHD6.SDHD.
AREQ: [2009/10/28 11:55:57.434] Calling DSABeginLogin conn:265 for client .[Public].
AREQ: [2009/10/28 11:55:57.437] Calling DSAFinishLogin conn:265 for client .[Public].
AREQ: [2009/10/28 11:56:00.420] DSAFinishLogin failed, failed authentication (-669).
VCLN: [2009/10/28 11:56:01.610] DCDuplicateContextEx: flags: 00000000

Anyone got any ideas, or should I open an incident?

Thanks so much!

Merrell