Environment
Novell Client for Windows XP/2003
NMAS Client
Challenge Response Client (LCM)
NMAS Client
Challenge Response Client (LCM)
Situation
Steps to duplicate:
1. Challenge Response LSM version 2.7.5 or earlier
2. Windows XP with Client 4.91 SP4 (includes Challenge Response LCM 2.7.5)
3. Create a Challange Set with a single mandatory question.
4. Assign a Universal Password policy with the Forgotten password options to a user.
5. Login with the user, answer the Challenge Question. Use an extended character in the answer, such as "ä"
6. Logout, click on the "Did you forget your password link?" and provide the answer entered in number 5. and the following error is displayed from the client:
Error: NMAS: Login failed, Unable to Login using Challenge Response, See your administrator
From the server, a DSTRACE +NMAS of login shows the following:
59: ClientPut: message size=68 queue Size 0
59: [CR] MSG: LCM HMAC Algs:0x00000100 readLTSValue: GetXKey key value count: 1
59: MAF_GetAttribute LSM 0x0000001F AID: 23
59: MAF_Read LSM 0x0000001F
59: ServerGet: message size=8 queue size 0
59: ClientPut: message size=8 queue Size 0
59: ServerGet: message size=36 queue size 0
59: ClientPut: message size=36 queue Size 0
59: [CR] MSG: LCM HMAC Proof #0
59: [CR] Failure: Invalid Response/Proof
59: [CR] Failure: Sending error to LCM: -1642
59: MAF_Write LSM 0x0000001F
59: ServerPut: message size=8 queue size 0
59: ServerPut: message size=16 queue size 8
59: ERROR: -1642 MAF_End LSM 0x0000001F
7. Login with the user again.
NoteL Changing the Challenge Response to an non extended character (for example from "ä" to "a") will allow Forgotten Password to work.
1. Challenge Response LSM version 2.7.5 or earlier
2. Windows XP with Client 4.91 SP4 (includes Challenge Response LCM 2.7.5)
3. Create a Challange Set with a single mandatory question.
4. Assign a Universal Password policy with the Forgotten password options to a user.
5. Login with the user, answer the Challenge Question. Use an extended character in the answer, such as "ä"
6. Logout, click on the "Did you forget your password link?" and provide the answer entered in number 5. and the following error is displayed from the client:
Error: NMAS: Login failed, Unable to Login using Challenge Response, See your administrator
From the server, a DSTRACE +NMAS of login shows the following:
59: ClientPut: message size=68 queue Size 0
59: [CR] MSG: LCM HMAC Algs:0x00000100 readLTSValue: GetXKey key value count: 1
59: MAF_GetAttribute LSM 0x0000001F AID: 23
59: MAF_Read LSM 0x0000001F
59: ServerGet: message size=8 queue size 0
59: ClientPut: message size=8 queue Size 0
59: ServerGet: message size=36 queue size 0
59: ClientPut: message size=36 queue Size 0
59: [CR] MSG: LCM HMAC Proof #0
59: [CR] Failure: Invalid Response/Proof
59: [CR] Failure: Sending error to LCM: -1642
59: MAF_Write LSM 0x0000001F
59: ServerPut: message size=8 queue size 0
59: ServerPut: message size=16 queue size 8
59: ERROR: -1642 MAF_End LSM 0x0000001F
7. Login with the user again.
NoteL Changing the Challenge Response to an non extended character (for example from "ä" to "a") will allow Forgotten Password to work.
Resolution
Download and apply Challenge Response Client 2.7.6 FTF (or
greater).