Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

NDS for NT 2.01 / NT4.0 password expires

0 views
Skip to first unread message

JFA

unread,
Dec 14, 2000, 5:33:13 PM12/14/00
to
Network Setup:
- NetWare 4.11 w/sp8a on all NetWare Servers
- DS version 6.10
- NT 4.0 (single domain) PDC at master site, BDC in each remote office
- NDS for NT 2.01
- The NT domain OU is partitioned and replicas are located on different
NetWare servers
- No replicas on the NT domain controllers

Situation:
-Server NetWareA has a replica of domain
-Server NetWareB has NO replica of the domain
-Both Servers are in the same NDS context on the same LAN
-Users workstation: Win95osr2, Novell Client 3.1, MS client

User a1 (default Server NetWareA) password just expired and wants to login
to the network. User a1 gets promoted to change password at login. The user
changes the password. The password is changed in NDS and the NT domain. The
user does not notice anything.
User b1 (default Server NetWareB) password just expired and wants to login
to the network. User b1 gets promoted to change password at login. The user
changes the password but User b1 gets promoted to login into the domain. If
the user waits for about two seconds and press enter again, he can login
into the domain with the new password.

Basically, the difference between the two users is the server where ServerA
has replica and ServerB does not.

Q) Is there a way around this issue, other than putting another replica on
ServerB?

James Aladham
jfal...@bryancavellp.com
(314)259-2261


Vikas Mahajan

unread,
Dec 14, 2000, 5:54:27 PM12/14/00
to
James,

Thanks for providing all those details!

Does serverB have a replica with userB1's account? The Force Password
Synch feature (which I assume you have enabled) works with the 3.x
clients by going to NDS and checking if FPS is enabled. If so, the
client is supposed to encrypt the password for both Novell and NT and
send both hash values to NDS. If the NT password change is actually
being handled by the MS client, then that client encrypts the password
and sends it to the PDC. The PDC then sends it to NDS. So there may be
a delay there, which is why the user is experiencing the problem.

Perhaps do a trace when the password change happens to see where the
requests are sent. Maybe try a newer Novell client as well.

Otherwise, you may have to place the domain replica on the NetWareB box
if that is fixing the problem.

Good Luck,

--
Vikas Mahajan
Novell Support Connection Volunteer SysOp


0 new messages