Environment
Novell Client 4.9 SP1a for Windows NT/2000/XP
Novell Client 4.90 for Windows NT/2000/XP
Novell Client 4.83 for Windows NT/2000/XP
Novell Client 4.91 SP2 for Windows NT/2000/XP
Problem occurs with or without ZENworks Dynamic Local User (DLU) policy effective for the user and workstation.
Situation
NMAS Client Components were installed on the workstation
Option to synchronize Windows password with NetWare password during login is disabled when NMAS is present.
"Change your Windows password to match your NetWare password after a successful login" checkbox is grayed out on the Windows-only credential dialog if the NMAS client is installed.
Windows login dialog to supply corrected credentials is required after NetWare login; for example, if the NDS password didn't match the Windows account password, so Windows must prompt to allow the user to supply corrected Windows credentials.
Resolution
(When NMAS is installed, whether the "Password:" field is actually displayed is an optional setting in the Location Profile configuration. This is so environments where a password simply isn't being used can remove the "Password:" field entirely.)
If the "Password:" field on the login dialog is enabled, then
the "Change your Windows password to match your NetWare password
after a successful login" checkbox will be available on the
Windows-only credential dialog. The password with which the Windows
account will be synchronized if this checkbox is selected will be
whatever password was entered in the "Password:" field of the login
dialog.
Other workarounds, and workaround for previous releases of the
Novell Client:
1. If NMAS is required - Enable Single Sign On option
NOTE: With the 4.90 Client the Windows password is stored in
the registry. With newer client versions, 4.91sp2 for
example, the Windows password is stored in the user's SecretStore
eDir attributes.
2. If NMAS is NOT required - Remove NMAS
3. Apply Novell Client 4.90 SP1a and then disable the use of NMAS
authentication by changing the setting under the Novell Client
Properties. On the "Advanced Login" tab uncheck the option "NMAS
Authentication". Note that de-selecting "NMAS Authentication" in
the 4.90 client (prior to 4.90 SP1a) would not cause the "Change
your Windows password..." checkbox to be available. The "NMAS
Authentication" option is not available in the 4.83 and earlier
clients, even if NMAS has been installed.
Additional Information
By disabling NMAS (either by removing NMAS completely, or by disabling the "NMAS Authentication" setting), the enhanced"Universal Password" features and the automatic synchronization of NDS, Simple, and Universal passwords will no longer occur. Novell recommends enabling Single Sign-On for the local Windows account component instead, unless re-deployment of the NMAS client & settings is planned once the NMAS-enabled password features are required.
Additional information regarding control of the "Change your Windows password to match your NetWare password after a successful login" option can be found in the document How to disable Change your Windows password to match your NetWare password after a successful login.
Formerly known as TID# 10081981