DSfW Universal password changes don't modify Kerberos password

  • 7005617
  • 02-Apr-2010
  • 27-Apr-2012


Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 2
Novell Domain Services for Windows


This issue primarily affects users who have been provisioned in Domain Services for Windows.  The problem is usually observed in this scenario.
  1. User A has password 'hello'
  2. In Novell iManager, administrator changes User A's universal password to 'goodbye'.
  3. User A can login with password 'goodbye' using Novell Client, ldap, etc.
  4. User A can not login to the Domain using 'goodbye'
  5. However, User A can still login to the Domain using 'hello'

    Typically, Universal password changes will modify the kerberos password for some period of time after the Domain Services for Windows processes, eg xadsd, have started.  The exact period can be as long as a few days or as little as a few hours.


This issue has been fixed in the May Maintenance patch
The specific rpm is novell-xad-framework-2.1.5339-0.6.1

If the patch can not be applied the work around is to restart all the Domain Services for Windows processes.  Run 'xadcntrl reload'.  This usually will need to be done every 30 minutes.