Hi,

I have a problem loging in with NMAS (windows NW client)
and/or AFP from our MACs.
Using simple password logs in with the client OK
but AFP relies on Universal password wich uses NMAS for this

So what can be wrong?

Have followed the Universal password implementation guide and have doublechecked.

Have used sdidiag to see if everything is allright - no errors
Have checked security keys using nmasinst -i xxxxx (no visible errors) have even recreated the keys.

Did an LDAP trace on the server when logging in from the client (nothing I could detect)
from a MAC the trace below and if I correctly interpret it it's trying to use simplepassword instead of other (afpproxyuser) - is this right?

-------------------

(127.0.0.1:49430)(0x0000:0x00) Completed TLS handshake on connection 0xd224500
(127.0.0.1:49430)(0x0001:0x60) DoBind on connection 0xd224500
(127.0.0.1:49430)(0x0001:0x60) Bind name:cn=afp_proxy,o=dba, version:3, authentication:simple
(10.10.10.1:50519)(0x0002:0x63) Activating pending operation 0x2:0x63 on connection 0xc4d7500
(127.0.0.1:49430)(0x0001:0x60) Sending operation result 0:"":"" to connection 0xd224500
(127.0.0.1:49430)(0x0002:0x63) DoSearch on connection 0xd224500
(127.0.0.1:49430)(0x0002:0x63) Search request:
base: ""
scope:0 dereference:0 sizelimit:0 timelimit:0 attrsonly:0
filter: "(objectclass=*)"
no attributes
(127.0.0.1:49430)(0x0002:0x63) Empty attribute list implies all user attributes
(127.0.0.1:49430)(0x0002:0x63) Server configured to also include operational attributes
(127.0.0.1:49430)(0x0002:0x63) Sending search result entry "" to connection 0xd224500
(127.0.0.1:49430)(0x0002:0x63) Sending operation result 0:"":"" to connection 0xd224500
(127.0.0.1:49430)(0x0003:0x42) DoUnbind on connection 0xd224500
Connection 0xd224500 closed
New TLS connection 0xd224500 from 127.0.0.1:49433, monitor = 0xa8c53ba0, index = 7
Monitor 0xa8c53ba0 initiating TLS handshake on connection 0xd224500
(127.0.0.1:49433)(0x0000:0x00) DoTLSHandshake on connection 0xd224500
BIO ctrl called with unknown cmd 7
(127.0.0.1:49433)(0x0000:0x00) Completed TLS handshake on connection 0xd224500
(127.0.0.1:49433)(0x0001:0x60) DoBind on connection 0xd224500
(127.0.0.1:49433)(0x0001:0x60) Bind name:cn=afp_proxy,o=dba, version:3, authentication:simple
(10.10.10.1:50519)(0x0002:0x63) Activating pending operation 0x2:0x63 on connection 0xc4d7500
(127.0.0.1:49433)(0x0001:0x60) Sending operation result 0:"":"" to connection 0xd224500
(127.0.0.1:49433)(0x0002:0x77) DoExtended on connection 0xd224500
(127.0.0.1:49433)(0x0002:0x77) DoExtended: Extension Request OID: 2.16.840.1.113719.1.39.42.100.13
(127.0.0.1:49433)(0x0002:0x77) Sending operation result 0:"":"" to connection 0xd224500
(127.0.0.1:49433)(0x0003:0x42) DoUnbind on connection 0xd224500
Connection 0xd224500 closed
New TLS connection 0xd224500 from 127.0.0.1:49435, monitor = 0xa8c53ba0, index = 7
Monitor 0xa8c53ba0 initiating TLS handshake on connection 0xd224500
(127.0.0.1:49435)(0x0000:0x00) DoTLSHandshake on connection 0xd224500
BIO ctrl called with unknown cmd 7
(127.0.0.1:49435)(0x0000:0x00) Completed TLS handshake on connection 0xd224500
(127.0.0.1:49435)(0x0001:0x60) DoBind on connection 0xd224500
(127.0.0.1:49435)(0x0001:0x60) Bind name:cn=admin,o=dba, version:3, authentication:simple
(10.10.10.1:50519)(0x0002:0x63) Activating pending operation 0x2:0x63 on connection 0xc4d7500
(127.0.0.1:49435)(0x0001:0x60) Sending operation result 0:"":"" to connection 0xd224500
Monitor 0xa8c53ba0 found connection 0xd224500 ending TLS session
(127.0.0.1:49435)(0x0002:0x42) DoUnbind on connection 0xd224500
(127.0.0.1:49435)(0x0000:0x00) Preempting operation 0x0:0x0 on connection 0xd224500 before processing because connection is closing
Connection 0xd224500 closed
(10.10.10.1:50640)(0x0006:0x42) DoUnbind on connection 0xcb51780
New TLS connection 0xd224500 from 10.10.10.1:44707, monitor = 0xa8c53ba0, index = 7
Monitor 0xa8c53ba0 initiating TLS handshake on connection 0xd224500
Connection 0xcb51780 closed
(10.10.10.1:44707)(0x0000:0x00) DoTLSHandshake on connection 0xd224500
BIO ctrl called with unknown cmd 7
(10.10.10.1:44707)(0x0000:0x00) Completed TLS handshake on connection 0xd224500
(10.10.10.1:44707)(0x0001:0x60) DoBind on connection 0xd224500
(10.10.10.1:44707)(0x0001:0x60) Treating simple bind with empty DN and no password as anonymous
(10.10.10.1:44707)(0x0001:0x60) Bind name:NULL, version:3, authentication:simple
(10.10.10.1:44707)(0x0001:0x60) Sending operation result 0:"":"" to connection 0xd224500
(10.10.10.1:44707)(0x0002:0x63) DoSearch on connection 0xd224500
(10.10.10.1:44707)(0x0002:0x63) Search request:
base: "cn=UNIX Workstation - one,o=dba"
scope:0 dereference:0 sizelimit:0 timelimit:0 attrsonly:0
filter: "(objectclass=*)"
attribute: "groupMembership"
(10.10.10.1:44707)(0x0002:0x63) Sending search result entry "cn=UNIX Workstation - one,o=dba" to connection 0xd224500
(10.10.10.1:44707)(0x0002:0x63) Sending operation result 0:"":"" to connection 0xd224500
(10.10.10.1:44707)(0x0003:0x63) DoSearch on connection 0xd224500
(10.10.10.1:44707)(0x0003:0x63) Search request:
base: "cn=admingroup,o=dba"
scope:0 dereference:0 sizelimit:0 timelimit:0 attrsonly:0
filter: "(objectclass=*)"
attribute: "cn"
attribute: "gidNumber"
(10.10.10.1:44707)(0x0003:0x63) Sending search result entry "cn=admingroup,o=dba" to connection 0xd224500
(10.10.10.1:44707)(0x0003:0x63) Sending operation result 0:"":"" to connection 0xd224500
(10.10.10.1:44707)(0x0004:0x63) DoSearch on connection 0xd224500
(10.10.10.1:44707)(0x0004:0x63) Search request:
base: "cn=www,o=dba"
scope:0 dereference:0 sizelimit:0 timelimit:0 attrsonly:0
filter: "(objectclass=*)"
attribute: "cn"
attribute: "gidNumber"
(10.10.10.1:44707)(0x0004:0x63) Sending search result entry "cn=www,o=dba" to connection 0xd224500
(10.10.10.1:44707)(0x0004:0x63) Sending operation result 0:"":"" to connection 0xd224500
(10.10.10.1:44707)(0x0005:0x63) DoSearch on connection 0xd224500
(10.10.10.1:44707)(0x0005:0x63) Search request:
base: "cn=novlxtier,o=dba"
scope:0 dereference:0 sizelimit:0 timelimit:0 attrsonly:0
filter: "(objectclass=*)"
attribute: "cn"
attribute: "gidNumber"
(10.10.10.1:44707)(0x0005:0x63) Sending search result entry "cn=novlxtier,o=dba" to connection 0xd224500
(10.10.10.1:44707)(0x0005:0x63) Sending operation result 0:"":"" to connection 0xd224500
(10.10.10.1:44707)(0x0006:0x63) DoSearch on connection 0xd224500
(10.10.10.1:44707)(0x0006:0x63) Search request:
base: "o=dba"
scope:2 dereference:0 sizelimit:0 timelimit:0 attrsonly:0
filter: "(uid=afp_proxy)"
attribute: "uid"
attribute: "uidNumber"
attribute: "gidNumber"
attribute: "gecos"
attribute: "1.3.6.1.1.1.1.3"
attribute: "loginShell"
attribute: "groupMembership"
(10.10.10.1:44707)(0x0006:0x63) Sending operation result 0:"":"" to connection 0xd224500
(10.10.10.1:44707)(0x0007:0x63) DoSearch on connection 0xd224500
(10.10.10.1:44707)(0x0007:0x63) Search request:
base: "cn=admingroup,o=dba"
scope:0 dereference:0 sizelimit:0 timelimit:0 attrsonly:0
filter: "(objectclass=posixGroup)"
attribute: "uniqueMember"
(10.10.10.1:44707)(0x0007:0x63) Sending search result entry "cn=admingroup,o=dba" to connection 0xd224500
(10.10.10.1:44707)(0x0007:0x63) Sending operation result 0:"":"" to connection 0xd224500
(10.10.10.1:44707)(0x0008:0x63) DoSearch on connection 0xd224500
(10.10.10.1:44707)(0x0008:0x63) Search request:
base: "cn=www,o=dba"
scope:0 dereference:0 sizelimit:0 timelimit:0 attrsonly:0
filter: "(objectclass=posixGroup)"
attribute: "uniqueMember"
(10.10.10.1:44707)(0x0008:0x63) Sending search result entry "cn=www,o=dba" to connection 0xd224500
(10.10.10.1:44707)(0x0008:0x63) Sending operation result 0:"":"" to connection 0xd224500
(10.10.10.1:44707)(0x0009:0x63) DoSearch on connection 0xd224500
(10.10.10.1:44707)(0x0009:0x63) Search request:
base: "cn=novlxtier,o=dba"
scope:0 dereference:0 sizelimit:0 timelimit:0 attrsonly:0
filter: "(objectclass=posixGroup)"
attribute: "uniqueMember"
(10.10.10.1:44707)(0x0009:0x63) Sending search result entry "cn=novlxtier,o=dba" to connection 0xd224500
(10.10.10.1:44707)(0x0009:0x63) Sending operation result 0:"":"" to connection 0xd224500

----------------------


Hope somone can jump in and give me a hint.


DB