OES client able to login with a differing case password

OES user with ID from well before Universal Password was configured, and somehow missed the push to change passwords (the client was rather soft on the change, please rather than forced)
Windows PW and eDir password are different only by the case of the first character.

All the LDAP based logins work correctly with the lowercase password, and fail with the mixed case version.  Windows local is the mixed case, and OES client works just fine with it which is my worry.

Versions, this has slid by without a problem until recently, so from the end of NetWare days, to now current OES (other parts may vary)

I am assuming a forced reset will fix this (aimed for tomorrow, once her new Laptop is otherwise ready).  But why is this working now?  I can log in with the OES client from other systems just fine with either case, which is suspect. 


An oddity found in testing. Even though I disconnected after each test logging, we still ran out of simultaneous logins.  So there is a small lag in the accounting of them for that particular limit, but at least we could change that limit for the user while we sort this out.

________________________

Andy of KonecnyConsulting.ca in Toronto
Please use the "Like" and/or "Verified Answers" as appropriate as that helps us all.

Parents
  • 0  

    Hello Andy,

    I want to add something to my post, I had forgotten nmas and overlooked the link from Kevin. Kevin gives the first good quick tip to investigate. But there are really other topics that correspond to what I have thrown into the room.

    yes the problem exists exactly as you described. It is an upper-case lower-case problem. I even remember that it affected some special characters. If I remember correctly it is a configuration problem of the NDS and is, if I remember correctly, due to entries in the nam.conf and something else that I really can't think of. Open a case, the backliners know immediately where to go. I'll rummage around in my head, I had this issue with a big customer and I think I wrote scripts to filter out the users who have this problem with the Universam password.

    Please look for the diagpwd tool if it is available in your OES installation.  One thing in the whole topic is also important, the replica design of your NDS on site. To explain this in one sentence is too complex, it needs a deep dive. Soory

    Further keywords are SDI Domain Key servers and SDI consistency. Unfortunately, I have no information about the OES version and eDir versions of the servers in the tree.

    “You can't teach a person anything, you can only help them to discover it within themselves.” Galileo Galilei

  • 0   in reply to   

    That tool sounds about right, but to get diagpwd to actually behave, as it is spitting errors at me from a couple of boxes that have all the partitions.

    ERROR -1 ldap_simple_bind_s
    Segmentation fault (core dumped)

    any quick ideas? I have the CA public key, freshly exported as a DER, and converted to the PEM needed. So that should be OK.  some packet captures up soon, as this is not something the client considers a high priority yet.

    ________________________

    Andy of KonecnyConsulting.ca in Toronto
    Please use the "Like" and/or "Verified Answers" as appropriate as that helps us all.

  • 0 in reply to   

    This one might be helpful
    portal.microfocus.com/.../KM000033499

    Everyone is a genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is stupid. [A. Einstein]

Reply Children
No Data