We have enabled NSS AD on all our servers and setup our AD Domain with a mirrored user set and mirrored passwords etc.

This is working brilliantly for 90% of our users. but certain users seem to be able to login to AD and with the same user name and password can login to eDir using the Novell Client. With the Novell client loaded they can see the NSS volumes and rights etc, but they cannot see some of their NSS Volumes when they login to the AD only. All other users set up the same way in the same groups etc are fine.

I have tried setting their Universal Passwords to also be the same. Otherwise I cannot see the difference with users that are working fine. They all have the password policies set.

The only thing that may be of consequence or could be a red herring is that the users with issues have started off in the O=xx partition but then moved to the o=xx,ou=yy partition. BUT this was before this was implemented.

My initial thoughts as that as part of o=xx initially they got some eDirectory attributes that are not copying across properly or are affecting this process. I have had DSFW running at o=xx in the past so not sure if that has left remnants in these users credentials.

After a lot of playing around and resetting etc one of the users just started working but not sure why.

Any ideas would be good.

Thanks Rob.