Login to workstation only & persistent mappings triggers intruder lockout

  • 7000595
  • 25-Feb-2009
  • 29-Apr-2013

Environment

Novell Client 2.1 for Windows 7
Novell Client for Windows 2000/XP/2003 4.91 Support Pack 3 Login
Novell Client for Windows 2000/XP/2003 4.91 Support Pack 4 Login
Novell Client for Windows 2000/XP/2003 4.91 Support Pack 5 Login
Novell eDirectory 8.7.3.10 for Linux
Novell eDirectory 8.7.3.10 for Netware
Novell eDirectory 8.8.5x

Situation

Workstations with persistent drive mappings to NetWare servers lock their eDirectory user accounts when performing a workstation only login.  There are no prompts or login screens presented to the desktop advising to use correct user ID and password. The local Windows user or Active Directory user is not the same name as the eDirectory user object. Packet traces show multiple authentication attempts to eDirectory with correct user ID, but null password.  This issue will take place even if the Windows user and eDirectory user have the same password.

This issue also takes place with earlier 4.91 clients.  With 4.83x using  the same configuration resulted in login attempts to eDirectory with an incorrect ID.  This resulted in a -601 return, and no  lockout.

Resolution

This issue has been resolved with in the Novell Client for Windows 2000/XP/2003.  You can find post login updates for both sp4 and sp5 in the Novell Patch Finder at located at support.novell.com.  After the update has been applied, there are additional steps needed.   In order to activate the new feature that halts the the undesired login attempts, the following registry key will need to be added to the problem workstations:

under [HKEY_LOCAL_MACHINE\SOFTWARE\Novell\Network Provider], add  "AllowLoginAttemptsWithDefaultPassword" with a value of 0x00000000

This behavior is optional meaning by default, the Novell Client  will  attempt to automatically login to eDirectory based on the Windows user credentials.  To suppress these attempts in environments where the Windows credentials are known not to work & intruder detection is an issue, you will need to distribute the registry setting to the workstations via ZENworks or any other workstation management method that can distribute the registry change.  This update is only available for 4.91 sp4 and 4.91 sp5.


This issue has not been resolved for Novell Client 2.1 IR3 for Windows 7. The fix has been checked in for the IR4 release.