Environment
Novell Open Enterprise Server 11 SP1 (OE11SP1)
Novell Open Enterprise Server 2 SP3 (OES2SP3)
Novell Open Enterprise Server 2 SP3 (OES2SP3)
Domain Services for Windows
DSFW
DSFW
Situation
Kerberos authentication from NAM to DSfW for the user without UserPrincipalName(UPN) attribute fails.
Resolution
When a user is created using consoleOne or imanager, it does not get the UPN attribute by default.
With the latest oes2sp3 eDir patch, follow the steps to have a UPN populated by default when the user is created.
1. Apply the latest oes2sp3 eDir patch
1. Apply the latest oes2sp3 eDir patch
2. In iManager or ConsoleOne select DSfW Domain root container
3. Add the adminDescription attribute with the value "dnsDomainName=UPNSuffix"
4. Restart ndsd on all the Domain Controllers
3. Add the adminDescription attribute with the value "dnsDomainName=UPNSuffix"
4. Restart ndsd on all the Domain Controllers
For ex:
DSfW domain container ou=dsfw,o=novell is modified to add adminDescription attribute with value "dnsDomainName=dsfw.com". Restart ndsd (rcndsd restart).
After restarting ndsd the newly created user will get the userPrincipalName: Newuser@dsfw.com
Existing users will get a UPN when the object gets modified. If the existing user object has a UPN already populated, the value will be retained.
See TID 7004782 for more information.
Additional Information
Prior to the November 2012 Maintenance Patch the attribute to "dnsDomainName=UPNSuffix" was description.