Option to synchronize Windows password with NetWare password during login is disabled when NMAS is present.

Novell Client 4.90 for Windows NT/2000/XP was installed on the workstation and the NMAS client component was included as part of the default options
NMAS Client Components were installed on the workstation
Option to synchronize Windows password with NetWare password during login is disabled when NMAS is present.
"Change your Windows password to match your NetWare password after a successful login" checkbox is grayed out on the Windows-only credential dialog if the NMAS client is installed.
Windows login dialog to supply corrected credentials is required after NetWare login; for example, if the NDS password didn't match the Windows account password, so Windows must prompt to allow the user to supply corrected Windows credentials.

The Novell Client 4.90 SP2 for Windows NT/2000/XP and later support allowing the "Change your Windows password to match your NetWare password after a successful login" checkbox to be available even when NMAS is installed if the "Password:" field is enabled on the Novell login dialog.

(When NMAS is installed, whether the "Password:" field is actually displayed is an optional setting in the Location Profile configuration. This is so environments where a password simply isn't being used can remove the "Password:" field entirely.)

If the "Password:" field on the login dialog is enabled, then the "Change your Windows password to match your NetWare password after a successful login" checkbox will be available on the Windows-only credential dialog. The password with which the Windows account will be synchronized if this checkbox is selected will be whatever password was entered in the "Password:" field of the login dialog.
Other workarounds, and workaround for previous releases of the Novell Client:

1. If NMAS is required - Enable Single Sign On option

Check the "Enable Single Sign On" box on the Single Sign-on tab in properties of the Novell Client. The"synchronize password with Windows" box will still be grayed out. But with the Enable Single Sign On box checked users will be prompted for the windows password only once. The Windows password is stored in the registry, and the client will supply it to windows on subsequent logins.

SecureLogin has been installed with SecretStore, the Windows password will be stored in the SecretStore instead of the registry.
NOTE: With the 4.90 Client the Windows password is stored in the registry. With newer client versions, 4.91sp2 for example, the Windows password is stored in the user's SecretStore eDir attributes.

2. If NMAS is NOT required - Remove NMAS

If the 4.90 client workstation is being used in environment where NMAS Client Componenets are not required, they can be uninstalled.

a. Control Panel
b. Add or Remove Programs
c. remove the NMAS Client Components

Once removed, the option to synchronize the Windows Password will no longer be grayed out.
3. Apply Novell Client 4.90 SP1a and then disable the use of NMAS authentication by changing the setting under the Novell Client Properties. On the "Advanced Login" tab uncheck the option "NMAS Authentication". Note that de-selecting "NMAS Authentication" in the 4.90 client (prior to 4.90 SP1a) would not cause the "Change your Windows password..." checkbox to be available. The "NMAS Authentication" option is not available in the 4.83 and earlier clients, even if NMAS has been installed.

Since an NMAS login can include a biometric, a smartcard, and/or a password, historically the NMAS client did not provide credential information back to NWGINA.DLL which could be used for providing a synchronization option. The password, if a password was even being used, was known only to NMAS during the login process, regardless of the specific NMAS login method chosen. The manner in which NMAS environments are expected to successfully maintain a Windows login without a password (for example, when a fingerprint or other biometric is the verification being provided) is to enable the Single Sign-On support for the local Windows account, such that authentication to NDS retrieves a Windows credential from the Secret Store without the user having provided an actual "Windows password".
By disabling NMAS (either by removing NMAS completely, or by disabling the "NMAS Authentication" setting), the enhanced"Universal Password" features and the automatic synchronization of NDS, Simple, and Universal passwords will no longer occur. Novell recommends enabling Single Sign-On for the local Windows account component instead, unless re-deployment of the NMAS client & settings is planned once the NMAS-enabled password features are required.

Additional information regarding control of the "Change your Windows password to match your NetWare password after a successful login" option can be found in the document How to disable Change your Windows password to match your NetWare password after a successful login.

Formerly known as TID# 10081981