Network Address in NDS Preventing User Login
(Last modified: 27Dec2002)
This document (10013574) is provided subject to the disclaimer at the end of this document.
fact
Novell NetWare 4.11
Novell NetWare 5.0
Novell NetWare 5.1
Formerly TID 2913235
symptom
Network Address in NDS Preventing User Login
A user object's Network Address attribute contains one or more network addresses (network:node:socket) when it should not.
Even though a user is not logged in to the NDS tree, the user object still shows a value for the Network Address property. (A user's Network Address property can be viewed in NETADMIN or NWADMIN Environment page.)
Error: "LOGIN-4.12-830: You are trying to log in to too many stations simultaneously. The supervisor has limited the number of connections you may have."
cause
The causes are two fold, both of which are being addressed.
1. If the client workstation is not logged out properly, (just turned off, or rebooted), the network address property in the DS database may not get cleared out. When attempting to log back in, there is a good chance that the socket that is used will not be the same as what it was previously because sockets are assigned dynamically. Hence, when the entire address is checked (NETWORK ADDRESS - NODE ADDRESS - SOCKET) it fails the comparison of being the same network address according to DS and therefore will not allow login. Additionally, when DS detects the above condition, the network address property for the user is not removed. An address in this type of scenario currently has no method of timing out. Hence, the address sticks.
2. In some situations, even when the user logs out correctly, the network address attribute is not cleared. This appears to be a bug somewhere in the Novell code. The result is the same as above.
fix
How can these "connections" be cleared out of DS when they don't appear in Monitor and NWAdmin does not have a "delete" option for the Network Address property?
Stuck Network Address attributes can be removed in the following ways:
1. Load DSrepair -Nx (N0, N1, N2 etc.), go to Advanced Options, select "Repair Local DS database", and press F10. This clears the network address attributes for all users connections that are more than (Nx) day old.
2. To clear out a user's Network Address property manually, use a utility called REMADDR.EXE.
Syntax: REMADDR CN=USER1.NOVELL Refer to REMADD.TXT for more information. This clears the attribute for one user at a time.
NOTE: How to get REMADDR.EXE?
Go to http://support.novell.com, select the File Finder, enter the filename "REMADD.EXE" REMADDR.EXE is the utility contained within "REMADD.EXE", the self-extracting download file.
NOTE: In order for DSrepair -Nx and REMADDR to work, you must run either DSrepair or REMADDR on the server that holds the Master replica of the partition where the user object is located. Don't worry, the DSREPAIR -Nx option will not kick users off the network.
NOTE: Both DSREPAIR -Nx and REMADDR.EXE will work in the 4.10, 4.11 and 5.x environments.
NOTE: The only method at this time to easily or quickly determine which server is holding the connection open is to use ManageWise. ManageWise will not clear the connection, but it will show which server has the connection.
Another option is to increase the user's maximum concurrent login count by one or more.
Outstanding Issue:
Even when the latest DS.NLM and the latest OS patches have been applied, there is still one way in which a value can become stuck in a user's Network Address property. If the server console command DISABLE LOGIN is used at a server and a user subsequently attempts to login, the user will be denied access, but the user's Network Address property will be updated with their network address.
Key words: concurrent login , connection number, multiple logins, "the system cannot log you into the network."
Applying or re-applying the latest support pack to the clients seems to resolve the issue, see the minimum patchlist at http://support.novell.com/misc/patlst.htm for further updates.
document
| Document Title: | Network Address in NDS Preventing User Login |
| Document ID: | 10013574 |
| Solution ID: | 4.0.12789122.2260276 |
| Creation Date: | 03Aug1999 |
| Modified Date: | 27Dec2002 |
| Novell Product Class: | Connectivity Products NetWare Novell eDirectory |
disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.