DSfW: Password Restriction Joining a workstation to a DSFW domain

Document ID:7005568
Creation Date:30-Mar-2010
Modified Date:22-Aug-2014
- Micro Focus Products:
  eDirectory
  Open Enterprise Server

Environment

Novell Open Enterprise Server 11 SP2 (OES11 SP2) Linux

Novell Open Enterprise Server 11 SP1 (OES11 SP1) Linux

Novell Open Enterprise Server 2 SP2 (OES11 SP2) Linux
Domain Services for Windows
DSFW

Situation

Upgraded DSFW from OES2SP1 to OES2SP2

Try to join a workstation to the domain after the upgrade

/var/log/messages shows the following when joining a workstation to the domain:

Mar 3 17:35:22 delta xadsd: [NETLOGON] Setting account password for object
<cn=XPWKcn=Computers,dc=mydomain,dc=com>
Mar 3 17:35:22 delta xadsd: [NETLOGON] Setting account password failed:
Password Restriction

Resolution

The machine password is unable to be set.
Verify the Default Password Policy is assigned to the Computers container.
The nspmPasswordPolicyDN attribute is missing from the Computers container. This attribute should be on the computers container and the Default Password Policy.Policies.System.<domain> should show as the value.
Add this attribute and populate it with the Default Password Policy object. The Domain Contollers container should also have this assigment.
Example:

Additional Information

All containers with computers (objectclass=mSDS:Computer) must use this password policy or a password policy with the same settings. If computers are moved to or joined into a different container, the container should contain only computers, no users. If GPOs are used with containers holding computer objects for the password policy, be sure the password policy is similar to the Default Password Policy located in the cn=Password Policies,cn=System,<domain> TID 7004481

If the Default Password Policy is missing, follow TID 7015573 to re-create the password policy.