Environment
Novell eDirectory 8.8 SP1 for All Platforms
Novell Client for Windows 2000/XP/2003 4.91 Support Pack 2
Novell Modular Authentication Service (NMAS)
Security Services 2.0.4
Novell Client for Windows 2000/XP/2003 4.91 Support Pack 2
Novell Modular Authentication Service (NMAS)
Security Services 2.0.4
Situation
In eDirectory 8.8 (and greater) there is a new feature that allowed
the server to cache necessary information from the Security
Container for the NMAS Server. The NMAS Client can not take
advantage of the cached data (Password Policies, etc). To
complete this feature for the NMAS Client a fix was included in the
Security Services 2.0.4 patch that allowed for the option to create
Password Policies (and Challenge Sets) outside of the Security
Container (or closer to the users).
With these 2 new features in eDirectory 8.8 SP1 and Security Services 2.0.4, NMAS logins can continue to succeed, even when the Security Container is not available.
However, slow logins were noticed when a user logs in from the Novell Client Gina and the Security Container is not available. (Although logins were succeeding, they were extremely slow. In this case the only server holding the Security container was either down or the user was on the other side of a wan link where the Security Container resided and the WAN link was down).
Looking at a lan trace taken of the workstation logging in, it was found that there was a login delay (around 3 minutes) when the Novell Client made a NMAS Graded Authentication request. (Filter on ncp.func==91 to see this request ).
The current work around is to make the Security Container available or temporarily turn off NMAS authentication from the Novell Client.
Note: Not all configurations will run into this extreme slowness when logging in.
With these 2 new features in eDirectory 8.8 SP1 and Security Services 2.0.4, NMAS logins can continue to succeed, even when the Security Container is not available.
However, slow logins were noticed when a user logs in from the Novell Client Gina and the Security Container is not available. (Although logins were succeeding, they were extremely slow. In this case the only server holding the Security container was either down or the user was on the other side of a wan link where the Security Container resided and the WAN link was down).
Looking at a lan trace taken of the workstation logging in, it was found that there was a login delay (around 3 minutes) when the Novell Client made a NMAS Graded Authentication request. (Filter on ncp.func==91 to see this request ).
The current work around is to make the Security Container available or temporarily turn off NMAS authentication from the Novell Client.
Note: Not all configurations will run into this extreme slowness when logging in.
Resolution
This has been reported to Engineering.