Environment
Novell NetWare 6.5 Support Pack 6
Novell NetWare 6.5 Support Pack 7
Novell NetWare 6.5 Support Pack 8
Novell eDirectory 8.7.3 for NetWare 6.5
Novell eDirectory 8.8 for NetWare 6.5
Situation
Due to security reasons, the following parameter was set on the server side:
"Server Parameters | NCP | Enable UDP Checksums on NCP packets=2"
By default this parameter is set to: 1
"Server Parameters | NCP | Enable UDP Checksums on NCP packets=2"
By default this parameter is set to: 1
After that, any attempts to login from a Novell Client on Windows (4.91 SP4/SP5), will return an error:
"-684: DSERR_SECURE_NCP_VIOLATION (FFFFFD54)"
"-684: DSERR_SECURE_NCP_VIOLATION (FFFFFD54)"
Resolution
As of now, the only fix is to change the set parameter back to its default:
"Server Parameters | NCP | Enable UDP Checksums on NCP packets=1"
"Server Parameters | NCP | Enable UDP Checksums on NCP packets=1"
The Engineering has been already notified and the problem is under investigation.
Additional Information
When troubleshooting this problem we noticed the following points:
- Both clients (Windows and Linux) behave differently on this issue:
- On Windows
- We see a -684 error and authentication will not proceed
- On Linux
- We don't see any error/problem during the authentication. However, when trying to read/access files and directories we don't have access to anything.
- On Windows
- This problem only affects Netware servers once the setting in question ("Enable UDP Checksums on NCP packets=2") does not exist on OES/OES2 Linux.
- If we change the "NCP over UDP" setting to "OFF" on the server side, both clients (Windows and Linux) will log in with no problems. However, this will disable the server-to-server UDP communication.