Error: -1660 in NMAS when attempting to authenticate to a server that doesn't hold a copy of the security container

  • 7005951
  • 30-Apr-2012
  • 06-May-2012

Environment

NetIQ Modular Authentication Service (NMAS)
NetIQ eDirectory

Situation

Server holds a cached copy of the security container and objects - not a copy of the partition that contains the security container.

Users had been able to authenticate to the server, but are now unable to authenticate.

DSTRACE with +NMAS returns a -1660 error when attempting to authenticate.

Login method exists in the nmas-methods directory - On Linux:  /var/opt/novell/eDirectory/data/nmas-methods

In iMonitor, the method shows a byte size of 0

-  EX:  In iMontor, browse to the Authorized Login Methods under the security container.  Find the desired login method.  Check the byte size on the sasLoginServerMethod for the platform and version.  (EX:  sasLoginServerMethodLinuxX64 - for Linux 64bit).  The byte size should be greater than zero 0.

On Linux:  lsof -p `pgrep ndsd` | grep <method>   doesn't return anything.  <method> would be the name of the method that should be loaded, EXAMPLE:  cifs

Resolution

1.  Add a replica of the partition that contains the security container to the server.

2.  Run the backlink process
     Linux: set ndstrace=*b  from the ndstrace prompt
     Netware:  set dstrace=*b

Cause

The reason why the cached security attributes become zero 0 is under investigation.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.