LDAP error 49 (invalid credentials) is returned on the Branch Office Console
(Last modified: 19Apr2006)
This document (10081058) is provided subject to the disclaimer at the end of this document.
fact
Novell Nterprise Branch Office 1.0
When Branch Office users login to the Branch Office tree, an LDAP authentication is also made to the Central Office tree.
LDAP authentication uses the NMAS Simple Password Method.
symptom
Roughly 10 minutes after successfully authenticating to the Branch Office server via the user portal interface, any NCP connection attempts made by the same user fails.
LDAP error 49 (invalid credentials) is returned from the Central Office tree in response to the LDAP (simple password) login attempt.
NMASMON log file captured on the Central Office server during this event shows error -1418 (NICI encrypted data invalid).
Error -1418 was returned when the user initially logged in to the central office tree through Portal, the event that created the simple password in the first place.
cause
The NICI tree key was out of sync on the servers in the Central Office replica ring.
fix
Obtain SDIDIAG.EXE from Novell Technical Support and synchronize the NICI tree key among all 5.x and 6.x servers. All servers in the Central Office tree should be updated to the current eDirectory and NICI versions prior to running SDIDIAG. TROUBLESHOOTING: All references to tree related changes in this document are specific to the CO tree only. Because LDAP uses the NMAS simple password method, errors can be captured in an NMASMON log file at the Central Office. To create this log file, 1. At the NetWare server console type: LOAD NMASMON * SYS:\filename.txt (this file can be created anywhere by simply changing the path and filename) 2. Generate the error. 3. Close and create the log file at the server console typing UNLOAD NMASMON (On a non-NetWare server, running DSTRACE with the NMAS option selected will generate a file with the same information.)
To see the LDAP errors on the Branch Office server you must login to the Branch Office console with Supervisor credentials, unlock the console, and toggle to the NMAS LDAPX LSM screen.
LDAP error 49 may be seen when the simple password method has not been installed.
Install the NMAS provided with the Central Office CD (see documentation).
Setup Guide Documentation for importing the simple password method:
6 From ConsoleOne, install the new Simple Password method.
IMPORTANT: If you already have NMAS Simple Passwords enabled, you must
update it with the methods included with your Nterprise software.
6a Map a drive to the server and launch ConsoleOne and locate the
central office LDAP server in your eDirectory tree.
6b Select the Security container.
6c Right-click the Authorized Login Methods container.
6d Select New > Object. The New Object Wizard starts.
6e Select the SAS:NMAS Login Method class, then click OK.
6f Specify the configuration file located at
directory_where_NMAS_was_extracted_to\nmasmethods\novell\simplepassword\config.txt
6g Click Next.
6h From the license agreement screen, click Accept > Next.
6i Accept the default method name or rename it, then click Next.
6j Review the available modules for this method, then click Next.
6k Click Finish > OK > OK.
7 Restart the server.
LDAP error 49 may also be seen while attempting to auto provision a user for the first time via an NCP connection if a simple password for the user has not been previously set in the Central Office tree. Set the simple password for the user in Central Office Tree. This password should match the current NDS password.
Confirm that there is only one Simple Password Method under the Security Container | Authorized Login Methods. This Simple Password Method needs to be updated with the config.txt file found in NMAS METHODS\NOVELL\SIMPLE PASSWORDS\CONFIG.TXT. This path and file will be on the workstation used to extract and install the NMAS zip file from the Central Office installation CD. Refer to the steps above in this solution for the NMAS install and steps to update the simple password method.
document
| Document Title: | LDAP error 49 (invalid credentials) is returned on the Branch Office Console |
| Document ID: | 10081058 |
| Solution ID: | NOVL87749 |
| Creation Date: | 13Mar2003 |
| Modified Date: | 19Apr2006 |
| Novell Product Class: | NetWare |
disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.