UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21. Read more.
UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21.Read more.
Absent Member.
Absent Member.
1617 views

NEW NSS AD not getting rights for certain AD users

We have enabled NSS AD on all our servers and setup our AD Domain with a mirrored user set and mirrored passwords etc.

This is working brilliantly for 90% of our users. but certain users seem to be able to login to AD and with the same user name and password can login to eDir using the Novell Client. With the Novell client loaded they can see the NSS volumes and rights etc, but they cannot see some of their NSS Volumes when they login to the AD only. All other users set up the same way in the same groups etc are fine.

I have tried setting their Universal Passwords to also be the same. Otherwise I cannot see the difference with users that are working fine. They all have the password policies set.

The only thing that may be of consequence or could be a red herring is that the users with issues have started off in the O=xx partition but then moved to the o=xx,ou=yy partition. BUT this was before this was implemented.

My initial thoughts as that as part of o=xx initially they got some eDirectory attributes that are not copying across properly or are affecting this process. I have had DSFW running at o=xx in the past so not sure if that has left remnants in these users credentials.

After a lot of playing around and resetting etc one of the users just started working but not sure why.

Any ideas would be good.

Thanks Rob.
Labels (1)
0 Likes
2 Replies
Absent Member.
Absent Member.

rob,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

These forums are peer-to-peer, best effort, volunteer run and that if your issue
is urgent or not getting a response, you might try one of the following options:

- Visit http://www.novell.com/support and search the knowledgebase and/or check
all the other self support options and support programs available.
- Open a service request: https://www.novell.com/support
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
- You might consider hiring a local partner to assist you.
https://www.partnernetprogram.com/partnerfinder/find.html

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php

Sometimes this automatic posting will alert someone that can respond.

If this is a reply to a duplicate posting or otherwise posted in error, please
ignore and accept our apologies and rest assured we will issue a stern reprimand
to our posting bot.

Good luck!

Your Novell Forums Team
http://forums.novell.com


0 Likes
Absent Member.
Absent Member.

rob_collins;2421098 wrote:
We have enabled NSS AD on all our servers and setup our AD Domain with a mirrored user set and mirrored passwords etc.

This is working brilliantly for 90% of our users. but certain users seem to be able to login to AD and with the same user name and password can login to eDir using the Novell Client. With the Novell client loaded they can see the NSS volumes and rights etc, but they cannot see some of their NSS Volumes when they login to the AD only. All other users set up the same way in the same groups etc are fine.

I have tried setting their Universal Passwords to also be the same. Otherwise I cannot see the difference with users that are working fine. They all have the password policies set.

The only thing that may be of consequence or could be a red herring is that the users with issues have started off in the O=xx partition but then moved to the o=xx,ou=yy partition. BUT this was before this was implemented.

My initial thoughts as that as part of o=xx initially they got some eDirectory attributes that are not copying across properly or are affecting this process. I have had DSFW running at o=xx in the past so not sure if that has left remnants in these users credentials.

After a lot of playing around and resetting etc one of the users just started working but not sure why.

Any ideas would be good.

Thanks Rob.


Hi Rob,

Try re-syncing your NSS trustees on the volumes and see if that make a difference. (ncpson nss resync=volume).

-Marty-
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.