Environment
Novell Modular Authentication Service (NMAS)
Novell ZENworks
Dynamic Local User (DLU)
Novell ZENworks
Dynamic Local User (DLU)
Situation
Dynamic Local User (DLU) may set local SAM account to blank password when non-password method is used to authenticate
Resolution
The current work around is to NOT use DLU with non-password authentication methods.
Status
Reported to EngineeringAdditional Information
Configuration:
1. Use DLU to create local SAM account with Administrator rights and keep the eDirectory and local SAM account having the same password. (Note: this is a non-volatile user)
2. Login with eDirectory name and password and DLU to create the user/password.
3. After local SAM account is created through DLU, use a biometric device, smart card, or any non-password based authentication method without hiding the Password field to authenticate to eDirectory.
Results:
To keep the local SAM account and eDirectory password in sync when DLU is enabled, after each successful eDirectory login, the Zenworks client sets the password for the Local SAM account to the same value that was typed in the Password Field from the Novell Client.
Because the Novell Client Password field was not hidden and a user did NOT type in a password in the Password Field (as they were using a non-password method) the Zenworks client sets the local SAM account password to a blank value. The eDirectory password is not touched, just the local SAM account that is managed through ZEN (DLU).
1. Use DLU to create local SAM account with Administrator rights and keep the eDirectory and local SAM account having the same password. (Note: this is a non-volatile user)
2. Login with eDirectory name and password and DLU to create the user/password.
3. After local SAM account is created through DLU, use a biometric device, smart card, or any non-password based authentication method without hiding the Password field to authenticate to eDirectory.
Results:
To keep the local SAM account and eDirectory password in sync when DLU is enabled, after each successful eDirectory login, the Zenworks client sets the password for the Local SAM account to the same value that was typed in the Password Field from the Novell Client.
Because the Novell Client Password field was not hidden and a user did NOT type in a password in the Password Field (as they were using a non-password method) the Zenworks client sets the local SAM account password to a blank value. The eDirectory password is not touched, just the local SAM account that is managed through ZEN (DLU).