Hello All,

New install of DSfW.

All provisioning tasks completed successfully except for samify. It looks like most users were samifyed since they have the sAMAccountName attribute populated.

However, when a samifyed user attempts to login, they received the following error. "The system cannot log you on now because the domain <<DOMAINNAME>> is not available.

The docs state: However, if the Universal Password Policy is already enabled in your environment and if you don't want to override it, then you must select the Retain existing Novell Password Policies on Users check box during DSfW installation. For more information, see Step 9.d. Beginning with OES2SP3, selecting this check box will mean that the already enabled Universal Password Policy in your environment is applicable to all the partitions that is being planned to be mapped to a particular DSfW domain. If you do not select this check box, then the users belonging to a partition (mapped to a DSfW domain) that does not have Universal Password Policy defined, will not be able to login to the DSfW domain.

I did not check this box during the install, which goes to reason why users cannot login.

Further, I came across TID 7009299. #2 of TID - The user does not have the supplementalCredentials attribute populated. The supplementalCredentials is required for authentication. Usually this means the Universal Password is not populated (nmas). If the user has a password policy then the Universal Password can be populated by logging in with an ldap client, from a workstation with the Novell client, or by doing a ndslogin from the terminal.

The users do not have the attribute supplementalCredentials. I have not setup Universal Passwords.

I'm assuming if I setup UP then the users will receive this attribute.

However, the client pc's are installed without NMAS.

So my questions are:

Will enabling UP add SupplementalCredentials?

If I enable UP, will the Novell clients without NMAS installed be able to authenticate to the tree using NDS rather than UP or will it break the login process?

Thanks for your time.