ndsconfig will fail with Universal Passwords only

  • 7003908
  • 17-Jul-2009
  • 26-Apr-2012


Novell eDirectory 8.8 for Linux


An administrator decides to implement Universal Passwords across the tree and does not want NDS passwords to work. In the UP policy the admin can configure it such that it removes NDS password. Adding another server to the tree fails with error "ERROR -669: Unable to login - Authentication failed" even though the password provided is correct.


This may fail because ndsconfig uses a server side login which uses the NDS login by default. NDS login fails because the NDS password is no longer valid per the defined policy.

For this to work, set "NDSD_TRY_NMASLOGIN_FIRST" to true and export it so that an NMAS login is used first.

1. Add the following in the pre_ndsd_start script located in /opt/novell/eDirectory/sbin (formerly located in /etc/init.d):



2. Retry running `ndsconfig add` to create the new eDirectory instance.