amolina1568 Absent Member.
Absent Member.
355 views

Error SSPR_50_26 bad authentication

Hi Everyone,

I have a problem with the activation section with the version of sspr v4.1.0.0, when logging an unauthenticated user goes to the first acceptance window, but the following error comes out SSPR_50_26 bad authentication.


https://drive.google.com/open?id=14uPC87Ps4iuGpO4J97EkUojS3z4dl7sJ

I consulted on the internet and the solutions have already been applied:
1. Password polices pointing to the proxy user of the sspr.
2. Define in the user activation of the sspr configuration editor the login diabled as false.


I appreciate any help.
Thank you
0 Likes
2 Replies
Knowledge Partner
Knowledge Partner

Re: Error SSPR_50_26 bad authentication

On 05/09/2019 06:04 PM, amolina1568 wrote:
>
> Hi Everyone,
>
> I have a problem with the activation section with the version of sspr
> v4.1.0.0, when logging an unauthenticated user goes to the first
> acceptance window, but the following error comes out SSPR_50_26 bad
> authentication.
>
>
> https://drive.google.com/open?id=14uPC87Ps4iuGpO4J97EkUojS3z4dl7sJ
>
> I consulted on the internet and the solutions have already been
> applied:
> 1. Password polices pointing to the proxy user of the sspr.


I think you might misunderstand here; you need to have a Universal
Password (UP) policy applied to the container (or partition root, or
entire tree) where the to-be-activated user is created. Once created,
then SSPR will generate a password for that user, according to its (not
the proxy's) password policies. If you lack a password policy applied to
that user somehow, then the password-set operation fails because a random
password cannot be generated per the policy.

You may want to get the debug logs from SSPR, or perhaps an NMAS trace
from the eDirectory server being used by SSPR for this operation.


ndstrace
set dstrace=nodebug
dstrace +time +tags +ldap +nmas
set dstrace=*m9999999
dstrace file on
set dstrace=*r

#perform test here

dstrace file off
quite


By default the file will be under
/var/opt/novell/eDirectory/log/ndstrace.log and you should look for errors
starting with -16 (-16xx or -16xxx for example). Those errors are
probably closer to the actual problem and may give you a clue.

Wild guesses, other than the lack of a policy being applied (which you can
easily check with iManager or other UP-specific tools), maybe you have a
password requirement that the password NOT include certain of the user's
attributes (e.g. CN, full name, etc.). I know that, at least with
Identity Manager's ability to generate random passwords, that kind of
restriction causes problems when generating the random password, but I
think that's an IDM limitation because a user is not specified, where SSPR
may actually specify the user involved and thus make those calculations
possible. Still, seeing your entire policy would be nice, preferably
exported via LDAP as it is text, easy for us to duplicate, and easier to
search.


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
amolina1568 Absent Member.
Absent Member.

Re: Error SSPR_50_26 bad authentication

Hello, thanks for answering
I have already reviewed security policies and the assignment to all users from the root without success, in addition to reviewing the log does not appear the error that starts with -16

This is the definition of politics as it is currently

https://drive.google.com/open?id=1mkHrjWAfoLAUVlJb01qIt8T2-z_7M0Rz


I would like to contact by private message

Thank you
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.