Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Unable to change or set password, err = system failure (-632)

262 views
Skip to first unread message

Nico Hoffmann

unread,
Sep 22, 2006, 11:06:30 AM9/22/06
to
Hi,

in my environment we have some eDirectory 873 on Netware 65 (in one tree).
We have DirXML (IDM2) running to sync our users to an Actice Directory.
Someone told me he has problem logging into the AD (Universal password is
enabled).

So I checked the Password status for that user and it says: No Distributiuon
Password. When I try to set the password using iManager I only get an error
message (non specific). Setting the UP from iManager is also not working.

When I try to set the password via ldap I get:

12:19:46 8E2981C0 LDAP: (192.168.0.124:2477)(0x0004:0x66) Unable to change
or set password, err = system failure (-632)
12:19:46 8E2981C0 LDAP: (192.168.0.124:2477)(0x0004:0x66) Sending operation
result 80:"":"NDS error: system failure (-632)" to connection 0x90e151c0

in dstrace.

SDIDiag says all is fine. And the universal password diagnostic tool says to
that user:

Object DN: cn=***,o=***
EMail: ***
Password Status: Enabled, Not set
Simple Password Status: Not set
Password Policy DN: cn=UP Enabled,cn=Password Policies,cn=Security

Who can help me, it's quite important to solve this. The invalid account is
our boss. Other accounts work fine.

Thanks,
Regards,
Nico

a...@novell.com

unread,
Sep 23, 2006, 11:24:46 PM9/23/06
to
-632 means System Failure. Can you set the password with the client?
Can you try diagpwd to see if your passwords are consistent? When you
say 'sdidiag says all is fine' what exactly do you mean? Sdidiag
doesn't say many mean things even when things are not happy.
CoolSolution tkinfo.pl may help you find out what you need. Perhaps
attach the process.txt file from TID# 10088626 so we can get to the
bottom of this. Can you change the password with an NMAS-less client?

Good luck.

nico.h...@cuc.de

unread,
Sep 25, 2006, 4:10:11 AM9/25/06
to
I did try to set the password via iManager, ConsoleOne (Novell Client 4.91
SP2).

I also did diagpwd on that account. The result is:

Password Status: Enabled, Not set
Simple Password Status: Not set

PasswordPolicyDN: cn=myPolicy,o=SomeO

Even when I do set a password via ConsoleOne, there is no error message.
But DirXML doesn't even fetch a event for that user. So the password
doesn't get sync'ed to the da domain. Other working user have a diagpwd
output like:

Password Status: Enabled, Set
Simple Password Status: Set
PasswordPolicyDN: cn=myPolicy,o=SomeO

I did also sdidiag to see wether the sdi is fine. And the CHECK says: all
servers are good. So that is not the problem.

What else can be wrong with the account?

I will try the CoolSolutins tool on that user.

Thank you,
regards,
Nico Hoffmann

a...@novell.com

unread,
Sep 27, 2006, 1:46:21 AM9/27/06
to
I'm fairly sure, from many other posts in here, that sdidiag's 'CHECK'
is exactly worthless. Let me know what the CoolSolution tells you from
TID# 10088626's output.

Good luck.

Nico Hoffmann

unread,
Sep 27, 2006, 11:19:47 AM9/27/06
to
Hi,

thanks for your help. I fixed the problem by removing corrupt
SASLoginConfiguration, SASLoginConfigurationKey attributes from the user.
Now all is fine.

Thank you,
Nico Hoffmann

>>> a...@novell.com<a...@novell.com> schrieb am 27.09.2006 um 07:46 in
Nachricht
<NeoSg.1818$0h7....@prv-forum2.provo.novell.com>:

a...@novell.com

unread,
Sep 27, 2006, 11:43:10 PM9/27/06
to
Thanks for posting back. Glad I could help.
0 new messages