DLU may set local SAM account to blank password when non-password method is used to authenticate

  • 7001846
  • 10-Nov-2008
  • 26-Apr-2012

Environment

Novell Modular Authentication Service (NMAS)
Novell ZENworks
Dynamic Local User (DLU)

Situation

Dynamic Local User (DLU) may set local SAM account to blank password when non-password method is used to authenticate


Resolution

The current work around is to NOT use DLU with non-password authentication methods.

Status

Reported to Engineering

Additional Information

Configuration:

1. Use DLU to create local SAM account with Administrator rights and keep the eDirectory and local SAM account having the same password. (Note: this is a non-volatile user)
2. Login with eDirectory name and password and DLU to create the user/password.
3. After local SAM account is created through DLU, use a biometric device, smart card, or any non-password based authentication method without hiding the Password field to authenticate to eDirectory.

Results:

To keep the local SAM account and eDirectory password  in sync when DLU is enabled,  after each successful eDirectory login, the Zenworks client sets the password for the Local SAM account to the same value that was typed in the Password Field from the Novell Client.

Because the Novell Client Password field was not hidden and a user did NOT type in a password in the Password Field (as they were using a non-password method) the Zenworks client sets the local SAM account password to a blank value. The eDirectory password is not touched, just the local SAM account that is managed through ZEN (DLU).

Feedback service temporarily unavailable. For content questions or problems, please contact Support.