Error 1418 when setting a Simple password

  • 3220312
  • 20-Oct-2006
  • 13-Feb-2017

Environment

Novell eDirectory 8.8 SP7
Novell Native File Access Pack (NFAP)
Novell Modular Authentication Service (NMAS)
Nsure Identity Manager 2.0
DirXML Password Synchronization
Novell International Cryptographic Infrastructure (NICI)

Situation

Error 1418 when setting a Simple password
Error 1418 when attempting to authenticate
Error -1,418 when setting a Simple password
Error -1,418 when attempting to authenticate
Unable to get nspm password(2) failed, -1418

Resolution

When a user tries to authenticate to a server, he may be using a password encrypted by a key which does not match the key to the server to which he is trying to authenticate. This can happen if keys get corrupted, or more likely, were created incorrectly. Each server should have a file generated based on the same encryption information as all the others (though simply copying the file from one server to another is /NOT/ appropriate).

To fix the problem, follow these steps:

1. Determine if the TreeKey is valid on each server in the tree, beginning with the master server. This can be done by completing the following steps:
a) Create a private key for a user. If the private key is created successfully, the tree key is not corrupt. However, this does not mean that the tree key is valid, or in other words, synchronized with the master server.
a1) Launch ConsoleOne and select a user object.
a2) Single click the Security tab and select "Certificates."
a3) Click Create.
a4) Name the certificate, and select the server you are testing from the "Server" drop-down list.
a5) Select the "Standard" creation method, then click Next.
a6) If a message about No E-mail Address appears, click OK
a7) Click Finish
If this process completes without errors, the TreeKey is intact and not corrupt.

b) Next, verify that the tree key is the same as the TreeKey on the master server. SDIDIAG is the best utility to use for checking the SDI tree keys in your tree. SDIDIAG can be downloaded from https://support.novell.com/filefinder. Use TID #10088626 - Using SDIDiag to gather specific SDKey information from servers in order to check your tree keys. You can also use SDIDIAG to fix tree key synchronization problems. For more information on SDIDIAG and its options, see TID #10086669 - Using SDIDiag - Switches and Options.


If you still get the -1418 error when you try to set a user's Simple Password with NetWare Remote Manager after having checked the SDI keys, then you can resolve this error the following way:

- Launch ConsoleOne
- Right-click on the User Object and select the'Other'-tab.
- Delete the attributes 'SAS:Login Configuration' and'SAS:Login Configuration Key'.
- Click 'OK' or 'Apply' to save the changes to the User Object.
- Wait for NDS to synchronize the changes to all read/write replicas of the partition with the User Object.

NOTE: If using ConsoleOne version 1.3.6, the SAS attributes may not show up at all. You will first need to disable the ConsoleOne snapins for Login Methods. To do that, do the following:

- Launch ConsoleOne
- Right-click any User Object and select Properties
- Select the Page Options button in the bottom left corner of the screen
- Highlight the Login Methods folder and then Select Disable
- Click OK and then OK again. Close the Properties window and reopen it
- Go to the Other tab and you should be able to see the SAS attributes now and should be able to delete them

You can also try renaming the consoleone\1.2\snapins\security\SimplePassword.jar file and then re-launch the ConsoleOne and if you go to the Other tab, you should see the SAS attributes.

Additional Information

This error refers to ENCRYPTED DATA INVALID. It occurs when the TreeKey is corrupt, or when there is a mismatch between the various TreeKeys (SYS\SYSTEM\NICI\NICISDI.KEY is the TreeKey) on the servers in the tree.

Formerly known as TID# 10096183