Dial-in properties are displayed incorrectly. (NETIQKB41821)

  • 7741821
  • 02-Feb-2007
  • 19-Jun-2007

Resolution

fact
Directory and Resource Administrator 7.x

symptom
Dial-in properties are displayed incorrectly.

symptom
When viewing a users Dial-in properties, there are three radio button to display what the rights are for the user.  One for 'Allow access', one for 'Deny Access' and one for 'Control Access'.  Approximately 1 out of 4 user accounts are displayed with no radio button selected at all.   This property should always display with one of these selected. 

symptom

The property for all these accounts was set by a VBScript using the OnePoint provider and the Directory and Resource Administrator 6.4 server. 

Example:

set user = getobject("OnePoint://jnjbebedra01/" & ADSpath) user.put "mSNPAllowDialin", true



cause

See the following article on why this would cause problems in 2 situations (This affects Microsoft Windows 2000-based domains in Mixed mode or Microsoft Windows 2000-based domains in Native mode that include RAS servers hosted by Microsoft Windows NT-based computers.):



fix

This is the correct behavior. The Win32 UI does not look at the msNPAllowDialin property to set the radio for "allow access". It checks the rasPermissions property for the  DIALFLG_DialinPrivilege bit set. In the cases with no radio selected, the users in question do not have the RAS flag set.



note

To verify the rasPermissions flag is not set, just check the user's (rasPermissions) setting in AD. It must have the flag for DIALFLG_DialinPrivilege set (Which is 8). The ones that you see with 9, that means they have DIALFLG_DialinPrivilege and DIALFLG_NoCallback (8+1=9). The accounts with only 1, just have DIALFLG_NoCallback, and not DIALFLG_DialinPrivilege.


The flags are:

DIALFLG_NoCallback = 0x00000001;
DIALFLG_AdminSetCallback = 0x00000002;
DIALFLG_CallerSetCallback = 0x00000004;
DIALFLG_DialinPrivilege = 0x00000008;
DIALFLG_CallbackType = 0x00000007;



Additional Information

Formerly known as NETIQKB41821

Feedback service temporarily unavailable. For content questions or problems, please contact Support.