ndsconfig will fail with Universal Passwords only

Document ID:7003908
Creation Date:17-Jul-2009
Modified Date:26-Apr-2012
- Micro Focus Products:
  eDirectory

Environment

Novell eDirectory 8.8 for Linux

Situation

An administrator decides to implement Universal Passwords across the tree and does not want NDS passwords to work. In the UP policy the admin can configure it such that it removes NDS password. Adding another server to the tree fails with error "ERROR -669: Unable to login - Authentication failed" even though the password provided is correct.

Resolution

This may fail because ndsconfig uses a server side login which uses the NDS login by default. NDS login fails because the NDS password is no longer valid per the defined policy.

For this to work, set "NDSD_TRY_NMASLOGIN_FIRST" to true and export it so that an NMAS login is used first.

Steps:

1. Add the following in the pre_ndsd_start script located in /opt/novell/eDirectory/sbin (formerly located in /etc/init.d):

NDSD_TRY_NMASLOGIN_FIRST=true

export NDSD_TRY_NMASLOGIN_FIRST

2. Retry running `ndsconfig add` to create the new eDirectory instance.