Environment
Novell eDirectory 8.7.3 for All Platforms
Novell eDirectory 8.8 for All Platforms
Novell Modular Authentication Service (NMAS) version 3.1.0
Novell Modular Authentication Service (NMAS) version 3.1.1
Novell eDirectory 8.8 for All Platforms
Novell Modular Authentication Service (NMAS) version 3.1.0
Novell Modular Authentication Service (NMAS) version 3.1.1
Situation
For certain users using Radius to authenticate to eDirectory, NMAS
seems to be taking up utilization on the server causing it to reach
100% CPU utilization.
Users are using graded authentication
Users are using graded authentication
Resolution
There are two situations that will cause this problem:
1. If a user has a sufficient number of authorized clearances assigned (enough that NMAS must make multiple DS calls to read them all), then NMAS will get stuck in an infinite loop.
2. Authorized clearances will be ignored by the server. If NMAS is able to read all of the authorized clearances on the first DS call, then the routine which reads the clearances erroneously reports to the caller that zero clearances were read. The caller then assumes that the user is authorized for all clearances.
This has been fixed in NMAS version 3.1.1, dated August 4, 2006, which is available in the Security Services 2.0.2 patch or greater.
1. If a user has a sufficient number of authorized clearances assigned (enough that NMAS must make multiple DS calls to read them all), then NMAS will get stuck in an infinite loop.
2. Authorized clearances will be ignored by the server. If NMAS is able to read all of the authorized clearances on the first DS call, then the routine which reads the clearances erroneously reports to the caller that zero clearances were read. The caller then assumes that the user is authorized for all clearances.
This has been fixed in NMAS version 3.1.1, dated August 4, 2006, which is available in the Security Services 2.0.2 patch or greater.