Supervisor or Admin Password not working for unlocking console
(Last modified: 09May2002)
This document (10011187) is provided subject to the disclaimer at the end of this document.
fact
Novell NetWare 4.10
Novell NetWare 4.11
Formerly TID 292661
symptom
Supervisor or Admin Password not working for unlocking console
Error: "LOGIN-4.12-870: An unknown error was returned during logins attempt to attach. Error code: 893b."
Error: 893b
cause
Locking the system console using the MONITOR.NLM and selecting "Lock File Server Console" is a popular option for requiring a password to gain access to the console. The recommended way for locking the console this way is to enter in the password of choice when it prompts for one. An alternate method is just to hit ENTER twice, this will take the default password of the supervisor and use it as the password. Using this alternate method has had some ramifications. When attempting to unlock the console with the supervisor password it does not work.
fix
When working in a 4.x environment, it is critical you do not have a user object named SUPERVISOR, this will supercede the hidden object and will not allow many of the steps, described below, to work.
Many times a combination of steps will need to be used. If the password does not seem to be changing, try logging into the server as supervisor and see if it returns an error message. Most often these error messages are due to intruder detection or login has been disabled.
Solution #1:
Try entering the original password for admin when the tree was created.
Solution #2:
Try entering the original password for admin when the server was first created in the tree. When the admin user is first created it also creates a bindery supervisor object with the same password.
Solution #3:
Try entering the previous admin password. Often times the admin password will be changed and the changed password will not unlock the console. This is due to the fact that since the supervisor bindery object is a hidden object, the password value is not changed the same time the admin is changed.
Note: The following suggestions will require changing the supervisor password. In order to modify the supervisor password, the server must have at least one RW replica of any partition in it's database. This allows changes to be made to the hidden supervisor object in the database.
Solution #4:
Change the supervisor password using SETPASS.
1. Login or attach to the server in bindery mode, using the /b option. Use WHOAMI to verify you have a bindery connection. This connection must be made using the admin user or an admin-equivalent user. Example: LOGIN my_server/admin /b
2. To use SETPASS:
a. Type "SETPASS <server_name>/supervisor", hit ENTER
b. It will then prompt for the password of the object used to login/attach to this server.
c. It will then prompt for the new password for the supervisor. Enter in the new password.
d. It will then prompt to re-enter the password. Type in the same password used in the previous step. At this point, you should be able to go back to the console and unlock the server. If it does not work, continue with the next steps:
3. Verify you can login as supervisor to the server. If you receive the error message "LOGIN-4.12-870: An unknown error was returned during logins attempt to attach. Error code: 893b.". This error code means that the supervisor user has been essentially locked out, most likely because of an intruder detection. TID1007151 describes how to rectify this situation when you have access to the console. Since the console is locked, access to the console is unavailable so the following alternative will work. It will require the use of a 3.1x utility called FCONSOLE.EXE. In order to use this utility, the following support files will be needed:
FCONSOLE.EXE
FCONSOLE.HLP
SYS$MSG.DAT
SYS$ERR.DAT
SYS$HELP.DAT
IBM$RUN.OVL
These files can be located on a 3.1x server or found in the TABND2.EXE file. Run FCONSOLE, go to status and enable login. This will reset the supervisor account to enable login. At this point you will need to use SETPASS to change the password.
Another option to disable intruder lockout for the supervisor is to use 3.x syscon if a 3.x server is on the network. Login into the 4.x server as admin in bindery and run syscon from the 3.x server. Change servers to the 4.x server. Select supervisor options and Intruder Detection/Lockout and disable intruder detection. You should be able to unlock the console with the password set above. Then type "enable login" at the console and use syscon to re-enable intruder detection.
Solution #5:
If none of the above steps work, the only way to get past this is to down the server and bring it back up. An option to just powering it off would be to use the FCONSOLE utility to down the server.
Other documents discussing this problem:
TID1001120 - Create a program using DOS debugger to force down the server
TID1006299 - Logging in bindery to change supervisor password
TID1007919 - Another document describing the bindery
TID2908785 - Alternate method for disabling intruder detection
TID2918164 - Questions to make sure you can change the password .
document
| Document Title: | Supervisor or Admin Password not working for unlocking console |
| Document ID: | 10011187 |
| Solution ID: | 4.0.1280113.2201061 |
| Creation Date: | 24Jun1999 |
| Modified Date: | 09May2002 |
| Novell Product Class: | Management Products NetWare |
disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.