OES client able to login with a differing case password

OES user with ID from well before Universal Password was configured, and somehow missed the push to change passwords (the client was rather soft on the change, please rather than forced)
Windows PW and eDir password are different only by the case of the first character.

All the LDAP based logins work correctly with the lowercase password, and fail with the mixed case version.  Windows local is the mixed case, and OES client works just fine with it which is my worry.

Versions, this has slid by without a problem until recently, so from the end of NetWare days, to now current OES (other parts may vary)

I am assuming a forced reset will fix this (aimed for tomorrow, once her new Laptop is otherwise ready).  But why is this working now?  I can log in with the OES client from other systems just fine with either case, which is suspect. 


An oddity found in testing. Even though I disconnected after each test logging, we still ran out of simultaneous logins.  So there is a small lag in the accounting of them for that particular limit, but at least we could change that limit for the user while we sort this out.

________________________

Andy of KonecnyConsulting.ca in Toronto
Please use the "Like" and/or "Verified Answers" as appropriate as that helps us all.

Parents
  • 0  

    Is there a way to force OES servers to only accept NMAS authenticated NCP connections via the OES Client?  It is too easy for that to be turned off at the client end, as I have found out.

    Is there a way for Universal Passwords to force a password change when the current password no longer meets any newly changed rules?

    Note that turning on Universal Passwords:
     - Does Not force a 'must change password if the old one doesn't correspond to the new rules'
        On this system, I see 9 users who failed to change their passwords since UP was configured, and at least one clearly does NOT meet the rules.
     - Still allows for login with wrong cased passwords if the client side NMAS is disabled in any way.  

    Having diagpwd figured out and working got me to these issues.  KM000033499 now does the trick.

    ________________________

    Andy of KonecnyConsulting.ca in Toronto
    Please use the "Like" and/or "Verified Answers" as appropriate as that helps us all.

Reply
  • 0  

    Is there a way to force OES servers to only accept NMAS authenticated NCP connections via the OES Client?  It is too easy for that to be turned off at the client end, as I have found out.

    Is there a way for Universal Passwords to force a password change when the current password no longer meets any newly changed rules?

    Note that turning on Universal Passwords:
     - Does Not force a 'must change password if the old one doesn't correspond to the new rules'
        On this system, I see 9 users who failed to change their passwords since UP was configured, and at least one clearly does NOT meet the rules.
     - Still allows for login with wrong cased passwords if the client side NMAS is disabled in any way.  

    Having diagpwd figured out and working got me to these issues.  KM000033499 now does the trick.

    ________________________

    Andy of KonecnyConsulting.ca in Toronto
    Please use the "Like" and/or "Verified Answers" as appropriate as that helps us all.

Children
  • 0   in reply to   

    Hi Andy, there is something called nmas login sequence. You can find more information in the NetIQ documentation. The SDK contains the error codes for nmas and there is a diagnostic guide. Unfortunately, I can only access the corresponding NetIQ page here from Germany, the request goes nowhere

    Please also check which login methods have been selected for the home server of the affected user, as far as I can remember, only 3 of 6 possible login methods are installed by default when OES login is installed for the first time.

    George

    “You can't teach a person anything, you can only help them to discover it within themselves.” Galileo Galilei