UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21. Read more.
UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21.Read more.
Absent Member.
Absent Member.
1458 views

Kanaka password not case sensitive?

Does anyone know what kanaka uses for the initial user authentication when a user first logs into a mac? I assume it must be LDAP because the initial login accepts passwords entered in upper or lower case, though AFP does not.

This causes a problem. If the user logs in for the first time ever but enters their password in the wrong case (caps lock on), an "unknown" error occurs, I assume because the account will not be created without access to the users home directory.

If the user logs in with the proper password, logs out and then logs in again with the password in opposite case (caps lock) it lets them in to the desktop but AFP connections fail and we get question marks on the dock.

We do have two netware servers still running on our network. I know that LDAP on these edir 8.7 servers allows for passwords to be not case sensitive, but our linux servers with edir 8.8 are case sensitive, so how do I tell Kanaka which server to look to for authentication? Or does it not use LDAP at all??

I could find no documentation on this or anything in the config files.... as usual.
Labels (1)
0 Likes
5 Replies
Absent Member.
Absent Member.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I was told just last week (or maybe late the week before) that Kanaka
did NOT do anything with LDAP. As a result it must use NCP like
everything else. Now is Kanaka NMAS-enabled? No idea, but I'd guess
like most things it looks locally for replicas and then starts asking
around like any client looking for referrals. You should be able to see
attempts using ndstrace by turning everything off and then enabling
+AUTH and maybe +NMAS along with the usual +TIME +TAGS for more meta info.

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBAgAGBQJQs/aFAAoJEF+XTK08PnB5SUMP/AjIkVEtK0yNqooNDiKu48P7
doOA/d0Der0SmTBQxFuCpxPRID3hD1FM5DRJcsswI0MBDm9HxF3stLi/iHS7L36S
wQTsvQNJpewLC8xKQlaWsKasKkCPdowo6fTuZoh/Mlw4W0OlgHXxev4dQL7JR7x4
fOcfT06ig+56XCvoyhDnpdjCkBHXxHkI1vNKy5CyA0A0tRXu4N0gLxetoNArhKz2
e3/J/y1b20CTKmsVc4ebEKktTOvdDXH743pzU/LeJw/Ai7FygHDpQ/2VBjtjNoEd
wQHVXurmoOgKO4FMD4Jl+HBG1yArryjTtUVrKjpmSxG8KV6EvEH+Es7qmYBThomi
p8TC/eucCHaWn8giP/N1JuIJCWuUR5q+CUdIl/e7y1m3YhY5D5WUsSuWgtwfzSMz
IZ5njPb8PRU+Fiu+W+Qiolxz7kflEhkhavKac7EvEX1SGIQN8gbYELhFAhL1juNN
iRZDSWN7RevC1RGk9jVuhUOCaf7Vro+lS8rewnnhskAWV/+F1ZoLvfKHHqXgCS00
H0dLPKk9kjll2SFwwm8dSZVt1SlJ6Mqse3pfjNmCkUodthddsdniOr1zKAsu6K4/
MS/DWr1iRMvqbp7rGepJqHEAPHzoe6rTP9vp3nNIUuAMRNjgoTVEy2UnPXj9QAfe
RcNED+ihsJ5CCcBiSA9x
=JJVi
-----END PGP SIGNATURE-----
0 Likes
Absent Member.
Absent Member.

Interesting. I found this really old cool solutions article from 2004 that states that kanaka does use ldap, but of course that was so long ago, it may have changed. Cool Solutions: Condrey Consulting Announces Kanaka Plug-in for Mac

So if its not using ldap and uses the NDS password, there is no way we could enforce case sensitivity. But if this is the case, what if the NDS password is obscured/blanked out and we only use a universal password? Wouldn't logins fail completely or does it fail over to universal password instead? And if so how can we default to UP? So many questions...

Even if it does use ldap but doesnt let you specify an ldap server, thats still a design flaw. If I didnt have to pay to open an SR, I would.
0 Likes
Absent Member.
Absent Member.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm checking into more of the specifics and will get back to you if they
come. In the meantime, feel free to do that testing mentioned before.

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBAgAGBQJQtAJYAAoJEF+XTK08PnB5Y6kP/2jGIVSUPPfXghWiYWm95WHV
BGsOvtNUJuEeD8dU7JsLSj9hXLRu2saeFaqvTPeGIdWE58nblEuA0pNVUtQTGCf7
qERTU1OoqwHAVq9pA7ncoAz4GjDhp/irN6MQyFrnYpajZ3Wk5ncwiarOwihKM/ss
SJbxdVW+Mu5Sq91cS5gOE+h1ynyvraVbcQEJk9fQcY4v7gsbHmywU85FiZH/PgwU
NT1xECW9Ko9uL7rYUdcUjboiYeKU06OVNILFuq/2qetQWNBVNAWdTNjbb+0Ks+Py
cBmDN1UhqqZiDkZy92a77qaWI6Rindm5lFGSMm1RkSahOxDOy4/npEyXg1lL4+ax
SZWwolDTphF1O9770QNsl6BinDnHTwtglqOeh/KY2BArIRQQTjeN+C97hC3H8HAX
18vYjwfk9T9hNa4TrRUdt5Zl+BevDL0sPs6rNktiniCUf8UQ2q5VGDzZP1BMwVwB
ZyG2bbTqUQbcHqCk/CXKE3niRIYDo1IARVUf/U4814WTmxYCnhyEQmzDzAkOce8T
lXuakZk7cd9UrNt3bHWbzrVWw0vssTaKGeKE0f50rnjA79eIJTgNn2IMNCHfgEYY
o+lpfzE9G0bQsH4mqKRG57bKUAKH0QyR4++m5207EoGM9HK6yMlv5PZRgFPSzdyE
mVQ/xWP+toOcTRwhW1mq
=6ryN
-----END PGP SIGNATURE-----
0 Likes
Absent Member.
Absent Member.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Based on what I've been told not only does Kanaka not use LDAP but its
calls to eDirectory usually result in requirements for case sensitivity,
which would seem to imply that, when configured properly on the server
side, NMAS and Universal Password are used. Why not in your case? I
don't know... time to start tracing a bit more it would seem.

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBAgAGBQJQtQszAAoJEF+XTK08PnB5GEcP/2GMvkpu3ylkt4HE8Vqds/Ng
lxsQPi8FyDkXB/x0LZ1nrYXRJLgJ75/FGP+TRl0vaWVKBF1D2Kw/fPP+MT3CkExZ
gYcIqSMumiInm8pz73ws3w+6/nyRVG1wbYUg9yckOuYKA+jVWf3ATcXS5RZ/xtrZ
BWVNtWzI4DSHkiH8ikCJeQvlQUFTb2eEibKG57VZO7s1MvGgYVrlC8+ZGJ7JgOHR
nmRpUsBDEtdeuZaQdn3wJ+RVztoiiJn3eNdI6YxMOhV8Wl6/qug7OKp3OpwUOO9/
hiWMe9CV1BqQHAFiat78TqM1xDR84UpxvpVZy4VN7Zm1DC2oLLSVx8X1dHyFpTwi
P1JTt2HH96ch7YQTklUKmFuWXOdqhIrCmBg36UI9afBR/QsnmsLkwUEl3Oco8s26
JGqgB2MPCb4mFd4KRLXFYU0Ld5M4gvHceBh9Pu2dg4ytEt5JsyO+uWopnhCVUj3A
y75w6eBP52+gyy89k5ui32C3oPLQumZNNygAmLQYXYzJvNUdh9KJtAQ1hp/L7FLM
dpHXKRS0av0EcOAiYCGgUL0oghEheOWGYmL2me05JXJ15UIeo8wVePXH/S6WN1OC
ZmzfXYbqo305fxXUWxOZXuPbtxffgjAo8fy8vJGzygJ9ZBesGA1GhGgS2JWoDxJg
KPi26cUftzrr0Ir2jGz+
=ewoU
-----END PGP SIGNATURE-----
0 Likes
Absent Member.
Absent Member.

I couldnt see the authentication occuring with NMAS LDAP TIME TAGS AUTH. Could be me.

This article says that UP or SP are used. Kanaka: Single Login Novell eDirectory Access for Mac OS X Users | Departments | Connection Magazine

I can see the same problem when I log in to the web console, logging in as username.ou and putting my password in with incorrect case.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.