See TID3576410 at ConsoleOne - Universal Passwords not updating for exact instructions on fixing that one! If fixed that by sym-linking the listed loginShell value to /bin/bash with a command, that was something like: ln -s /bin/bash /usr/bin/pksh-sh Once both those issues were wrapped up I was You have to 1) make sure the universal password policy is assigned Go to Solution 3 Comments LVL 35 Overall: Level 35 Novell Netware 30 Message Active 1 day ago Simple Password did not last long, as it too had limitations, and work was underway to get to a better solution. http://kreativexpert.com/nmas-error/nmas-error.html
ERROR: -601 dal_createUserContext: resolveFilteredReplica for test.IT.OBECNJ1 ERROR: -16049 DALCreateLoginSession:createUserContext 4: ERROR: -16049 CheckIfLocalUser: DALCreateLoginSession 4: CheckIfLocalUser failed -16049 4: Client Session Destroy Request 4: Destroy NMAS Session 4: Aborted Session Destroyed Depending on the Unix variant (AIX, HPUX, Solaris, or Linux family) the implementation is slightly different. We debated modifying schema to allow it, but since we only had 4 sub containers (all Organization objects) to set it on, we decided it was safer to just set it What is nice is that you can see the tool even notes this case, with a message of: # Entry has no Universal Password value Universal Password does not match the
Slightly different error this time, just a 16049 error, which is no NMAS secret found, which makes sense as there was no Simple Password set, but later now, we get a If you are just using SuSE Linux Enterprise Server (SLES) you would just enable it via yast2, Network Services, LDAP Client. Then magic happens. What this means is that there is an API (Application Programing Interface) that someone writing a tool on Linux that authenticates would use to handle authentication and authorization events.
It can specify for a variety of services which modules to use. I wrote a troubleshooting article for Kanaka a few years ago that reminded me of some of the easy things that needed to be fixed: Kanaka Troubleshooting All the easy stuff Revoked keys are only used to unencyrpt information and not encrypt new information. So I tried again with NMAS tracing enabled in DStrace, and look what I saw as the bind with a bad password happened: 13:03:28 B72EBBA0 NMAS: 43: Create NMAS Session 13:03:28
As expected from the discussion above there is files, nis, and others. SDI is very similar to PKI, except it has one major feature, which is old keys can remain around, but revoked. Learn more about IT Operations Management Understand how IT events impact business Troubleshoot and fix IT problems faster Free IT staff from routine, mundane tasks Consolidate IT tools into a master NMAS error codes A side tip, if you are searching for error codes, you need to include the minus sign.
ERROR: -601 dal_createUserContext: resolveFilteredReplica for test.OBECNJ1 ERROR: -16049 DALCreateLoginSession:createUserContext 3: ERROR: -16049 CheckIfLocalUser: DALCreateLoginSession 3: CheckIfLocalUser failed -16049 3: Client Session Destroy Request 3: Destroy NMAS Session 3: Aborted Session Destroyed Wow! October 20, 2016 Ceph Cloud Configuration High availability IBM Installing Linux Linux Administration Open Source OpenStack Partners SAP SAP HANA Security SLES Storage Supported SUSE SUSE Cloud SUSECON SUSE Linux Enterprise To start viewing messages, select the forum that you want to visit from the selection below.
If you have a couple of replicas available, it would make sense to pick the least busy, and if possible an idle server so that you can more easily find the https://www.netiq.com/communities/cool-solutions/examples-jim-willekes-dump-tool/ You can really see how the power of this tool shines, and this is only scratching the surface of its abilities. You need to enable a password policy, that specifically enables Admin to retrieve passwords, and in the later versions of NMAS (Novell Modular Authentication Services, one of those bits and pieces It also turns out that there is an excellent driver for Novell Identity Manager that will synchronize users to and from NIS, NIS+, or even files on Unix machines.
This was the worst kind of red herring. http://kreativexpert.com/nmas-error/nmas-error-code.html User with no Simple Password at all: java -jar DumpPasswordInformation.jar -h 10.1.1.91 -Z SSL -p 636 -D cn=admin,ou=admins,o=acme -e MyKeyStore -w password -b "cn=tuser2,ou=Migrated,dc=acme,dc=corp" # dn: cn=tuser2,ou=Migrated,dc=acme,dc=corp Password: acme1234 Password Policy Password Re: NMAS Error 16049 on PcProx Method You can view the discussions, but you must login before you can post. Still getting the same 669 error on login, so I tried what my other tree had shown in the Simple Password sequence, which was just the one, and it looks like
Imagine how much space that would have taken up a decade ago! In the Universal Password case, the password is stored AES encrypted in a hidden attribute in eDirectory. Results 1 to 2 of 2 Thread: Re: NMAS Error 16049 on PcProx Method Thread Tools Show Printable Version Subscribe to this Thread… Display Switch to Linear Mode Switch to Hybrid this contact form Resolution A password policy is linked to all of its assignments and each object that is assigned is also linked back to the password policy itself.
In this case it was possible to have a NIS server and configure other servers to authenticate to the NIS server. The default is known as ‘files', which means use the /etc/passwd to store user names, passwords, and other needed information. See Universal Password Deployment Guide. 12:15:00 9ABD1360 NMAS: 39: ..LSMAFP3: GetSimplePassword 12:15:00 9ABD1360 NMAS: 39: ERROR: -16049 MAF_GetAttribute LSM 0x0000001E AID: 24 12:15:00 9ABD1360 NMAS: 39: ..LSMAFP3: GetSimplePassword: MAF_GetAttribute failed with
Solved System error -16049 when assigning universal password policy Posted on 2007-03-05 Novell Netware 1 Verified Solution 5 Comments 570 Views Last Modified: 2012-06-21 I am in the process of setting NMAS is the way Novell handles different authentication methods from things as simple as passwords to more complex things like smart cards, biometrics, or even Active Directory via CIFS in domain Join & Ask a Question Need Help in Real-Time? Crazy that a missing unneeded auxiliary class on a user object was the root cause, and looked like a Simple Password login problem, but that seems to have really been it!
Learn more about Disaster Recovery Recover workloads reliably after an outage Get back to business after an outage Protect from site-wide outages Protect both physical and virtual servers High-performance disaster recovery: Password: null Password Policy for Entry: cn=All Users Policy,cn=Password Policies,cn=Security Does Current password meet password policy assigned to user? Ok, so troubleshooting pam_ldap, where do we start… Well the name is something of a giveaway, pluggable authentication module for LDAP. http://kreativexpert.com/nmas-error/nmas-error-1649.html Go to the previous site to read in my language Stay here and read in English × Give Us Feedback Got some feedback about the website?
Also this line: Is UPwd older than NDSPwd: true suggests that Client32 sans NMAS was used to set a password. There is a C1 bug that is maddening. Bookmark Email Document Printer Friendly Favorite Rating: Error -1697 while setting a Universal PasswordThis document (3629717) is provided subject to the disclaimer at the end of this document. You can do this using ConsoleOne. (just as a test to locate the issue). -- Cheers, Edward 2008-03-06 21:561. "You are saying that you are using simple password to authenticate.
No Comments By: geoffc Apr 10, 2009 April 10, 2009 4:42 pm Reads: 2,575 Score: Unrated Print PDF Search for: Recent Commentsnsanson on NAM4, enable multiple SSL certificates for domain based I had only granted the ldapibm user a limited set of rights. 13:14:00 B5FD8BA0 LDAP: New cleartext connection 0xa39da00 from 10.1.1.10:47546, monitor = 0xb63dcba0, index = 113 13:14:00 B68E1BA0 LDAP: (10.1.1.10:47546)(0x0003:0x63) Join Now For immediate help use Live now! Same for NFS.
Ok, so the users DN is good, and the Simple Password login sequence definition is found. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND. Now as it happens, we also edited the sys:\etc\afpvol.cfg to alias the volumes on the cluster resource, because of an issue with how AFP makes clustered volumes appear. Verify that the server keys are correct and all the same on all servers.
Learn more about Security Management Solution Brief: Identity Powered Security Detect and disrupt security threats quickly Get compliant, stay compliant Configure systems to protect against threats Protect sensitive data Monitor the The policy-side attribute (nsimAssignments) is not currently required for proper functionality and is there to prevent querying the entire tree for assignments each time a policy is modified. Is there a read/write replica of [Root] or of the Security container's partition if not [Root] on the server running NMAS? To watch these events happen as users login, you need to watch in NMAS trace.
Connect with top rated Experts 13 Experts available now in Live!