Slow login with NMAS enabled on the Novell Client when the Security Container is not available

  • 3917037
  • 29-May-2007
  • 26-Apr-2012


Novell eDirectory 8.8 SP1 for All Platforms
Novell Client for Windows 2000/XP/2003 4.91 Support Pack 2
Novell Modular Authentication Service (NMAS)
Security Services 2.0.4 


In eDirectory 8.8 (and greater) there is a new feature that allowed the server to cache necessary information from the Security Container for the NMAS Server.   The NMAS Client can not take advantage of the cached data (Password Policies, etc).  To complete this feature for the NMAS Client a fix was included in the Security Services 2.0.4 patch that allowed for the option to create Password Policies (and Challenge Sets) outside of the Security Container (or closer to the users).

With these 2 new features in eDirectory 8.8 SP1 and Security Services 2.0.4, NMAS logins can continue to succeed, even when the Security Container is not available.

However, slow logins were noticed when a user logs in from the Novell Client Gina and the Security Container is not available.  (Although logins were succeeding, they were extremely slow.  In this case the only server holding the Security container was either down or the user was on the other side of a wan link where the Security Container resided and the WAN link was down).

Looking at a lan trace taken of the workstation logging in, it was found that there was a login delay (around 3 minutes) when the Novell Client made a NMAS Graded Authentication request.  (Filter on ncp.func==91 to see this request ).

The current work around is to make the Security Container available or temporarily turn off NMAS authentication from the Novell Client.

Note:  Not all configurations will run into this extreme slowness when logging in.


This has been reported to Engineering.


Reported to Engineering