hi,

we have:
NW65sp4a
eDir 8.7.3.7
cifs 3.23.04
nmas 2.3.9
nici 2.6.7

some accounts are not able to login using cifs, when trying from the same XP
machine.
newly created accounts are never able to login using cifs, but also some of
the elder accounts can't either, even one that's admin equivalent!

pkidiag and sdidiag don't report errors.

cifsctxs.cfg:

-----------
Adpnl
Cap.Adpnl
Ia.Ops.Cap.Adpnl
Specials.Ia.Ops.Cap.Adpnl
----------

excerpt from dstrace.log with error:
( account cifs.Specials.Ia.Ops.Cap.Adpnl exists )
3: Create NMAS Session

3: NCPCheckIfLocalUser: client supplied user DN cifs.Cap.Adpnl

3: ERROR: -601 NCPCheckIfLocalUser: DDCResolveName

3: ERROR: -601 NCPCheckIfLocalUser failed.

3: NCPCheckIfLocalUser failed -601

3: Client Session Destroy Request

3: Destroy NMAS Session

3: Aborted Session Destroyed (with MAF)

4: Create NMAS Session

4: NCPCheckIfLocalUser: client supplied user DN cifs.Ia.Ops.Cap.Adpnl

4: ERROR: -601 NCPCheckIfLocalUser: DDCResolveName

4: ERROR: -601 NCPCheckIfLocalUser failed.

4: NCPCheckIfLocalUser failed -601

4: Client Session Destroy Request

4: Destroy NMAS Session

4: Aborted Session Destroyed (with MAF)

5: Create NMAS Session

5: NCPCheckIfLocalUser: client supplied user DN
cifs.Specials.Ia.Ops.Cap.Adpnl

5: ERROR: -601 NCPCheckIfLocalUser: DDCResolveName

5: ERROR: -601 NCPCheckIfLocalUser failed.

5: NCPCheckIfLocalUser failed -601

5: Client Session Destroy Request

5: Destroy NMAS Session

5: Aborted Session Destroyed (with MAF)

--------------------

excerpt from dstrace.log with success:

18: NCPCheckIfLocalUser: client supplied user DN petervdm.Ia.Ops.Cap.Adpnl

18: NCPCheckIfLocalUser: checking actual user DN
CN=PetervdM.OU=Ia.OU=Ops.OU=Cap.O=Adpnl

18: NCPCheckIfLocalUser is NOT a local user.

18: Contacted .CN=GW01.OU=Cap.O=Adpnl.T=ADPNL. (NMAS 2.6) for remote login

18: Remote login will use .CN=GW01.OU=Cap.O=Adpnl.T=ADPNL. (NMAS 2.6)

18: sendProxyClientInfo: client address not available

18: NMAS_CanDo sendMessage 0

18: NMAS_CanDo sendMessage 0

18: NMAS_CanDo disassembleDoPacket 0

18: MAF_Begin LCM 0x00000000

18: MAF_Write LCM 0x00000000

18: MAF_Read LCM 0x00000000

18: MAF_Write LCM 0x00000000

18: MAF_Read LCM 0x00000000

18: MAF_End LCM 0x00000000

18: NMAS_SetIdentity was successful

18: Client Session Destroy Request

18: Remote Session Destroyed

18: Destroy NMAS Session

18: Aborted Session Destroyed (with MAF)

-------------------

and another faulty one:

35: Create NMAS Session

35: NCPCheckIfLocalUser: client supplied user DN erikvw.Ia.Ops.Cap.Adpnl

35: NCPCheckIfLocalUser: checking actual user DN
CN=ErikVW.OU=Ia.OU=Ops.OU=Cap.O=Adpnl

35: NCPCheckIfLocalUser is NOT a local user.

35: Contacted .CN=GW01.OU=Cap.O=Adpnl.T=ADPNL. (NMAS 2.6) for remote login

35: Remote login will use .CN=GW01.OU=Cap.O=Adpnl.T=ADPNL. (NMAS 2.6)

35: sendProxyClientInfo: client address not available

35: NMAS_CanDo sendMessage 0

35: NMAS_CanDo sendMessage 0

35: NMAS_CanDo disassembleDoPacket 0

35: MAF_Begin LCM 0x00000000

35: MAF_Write LCM 0x00000000

35: MAF_Read LCM 0x00000000

35: MAF_Write LCM 0x00000000

35: MAF_Read LCM 0x00000000

35: MAF_End LCM 0x00000000

35: Client Session Destroy Request

35: Remote Session Destroyed

35: Destroy NMAS Session

35: Aborted Session Destroyed (with MAF)

----------



i'm baffled. please help.