User Passwords Not Changed in 4.x
(Last modified: 28Feb1998)
This document (2921653) is provided subject to the disclaimer at the end of this document.
Symptom
When user password expires and/or user attempts to change password for Netware 4.10/4.11 network using SETPASS it confirms that password is changed, but it doesn't work - only old password works. Other means (such as nwadmin or the client 32 dialog) may or may not work.
Cause
In this particular case, the server was migrated from 3.x to 4.x, and was set up as a SINGLE time reference, and got ahead of the other servers in the tree. The user changed his/her password locally, but because the time stamp on the change was ahead of what the rest of the network had, it was invalidated and therefore not propagated throughout the rest of the NDS database. The user reconfigured the time sync type, synchronized the time, and the passwords could be changed normally thereafter. In other cases there was no time source specified, so the server didn't know which server to sync to, causing the same problems.
SEE ALSO TID 2919120 for Single server Tree and time stamp problems with password changes.
Keywords: Novell Directory Services passwords expired grace logins NWAdmin netadmin setpass nwadmn3X nwadmn95 nwadmnNT client 32 windows 95 dos/windows vlms Netware 4.10 4.11
Solutions
Check following; some or all of the following will likely correct the problem:
1. Load DSRepair at server and check on time sync status. There are several things you should look at: DS Version should be 5.06 or later for 4.10 servers. Under "Time source" there should only be one single reference, or at least two primary - any deviation from the rules could cause a time synchronization problem (see the documentation on the time source rules for servers). If this is the case, use SET TIMESYNC TYPE = <Single|Secondary|Reference, etc> to make changes.
2. Check the "Time is in Sync" column; if any server is out of sync (or is behind/ahead) then at the server prompt type SET TIMESYNC DEBUG = 7, then SET TIMESYNC IMMEDIATE SYNCHRONIZATION = ON. Toggle to the Timesync debug screen and look for a weight = 16 statement, which means the time source server(s) was successfully contacted. If weight = 0, that means the server wasn't contacted. The latter means you may have a router filtering out timesync SAP packets (type 26b) or the WAN link/LAN segment may have excessive traffic or the lan card/driver may be bad.
3. At the server console type SET TIMESYNC TIME SOURCE. If there is no value, repeat the set command and add = <TIME SOURCE SERVER NAME>. Eg. SET TIMESYNC TIME SOURCE = SERVER1. Repeat items in step 2.
This problem has also been seen in situations where there was only one primary time source server on the network. If you choose this configuration you need to have at least 2 primary time servers, preferably in conjuction with a reference time server. See TID 2930686 for general rules on configuring time on NDS networks.
document
| Document Title: | User Passwords Not Changed in 4.x |
| Document ID: | 2921653 |
| Creation Date: | 24Feb1997 |
| Modified Date: | 28Feb1998 |
| Revision: | 7 |
| Novell Product Class: | NetWare |
disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.