Anonymous_User Absent Member.
Absent Member.
1231 views

NMAS error -222


I'm attempting to configure SSPR_20 the eDirectory that comes with
Identity Manager 4.02

NOTE: I'm using LDAP Promiscuous SSL mode True

I've successfully:
1) added the schema and a PwmProxy user to my eDirectory.
2) setup a "LDAP Test User" in "cn=pwmTest,ou=users,o=data"

After I save the configuration. In the browser I see:
LDAP WARN unexpected policy error while writing test user temporary
random password: nmas error -222

In the catalina.out logs:
2013-07-17 08:29:00, TRACE, provider.JNDIProviderImpl, bind successful
as cn=PwmProxy,ou=sa,o=data (334ms)
2013-07-17 08:29:00, TRACE, provider.ChaiProviderFactory, adding
StatisticsWrapper to provider instance
2013-07-17 08:29:00, DEBUG, impl.AbstractChaiEntry, error testing nmas
password: -1659
2013-07-17 08:29:00, TRACE, health.LDAPStatusChecker, error retrieving
user password from directory, this is probably okay; error reading nmas
password: error -1659
2013-07-17 08:29:00, TRACE, entry.EdirEntries, using active universal
password policy for user cn=pwmTest,ou=users,o=data at cn=Sample
Password Policy,cn=Password Policies,cn=Security
2013-07-17 08:29:00, DEBUG, pwm.PwmPasswordPolicy, discovered assigned
password policy for cn=pwmTest,ou=users,o=data at cn=Sample Password
Policy,cn=Password Policies,cn=Security PwmPasswordPolicy:
{MinimumLowerCase=0, MinimumSpecial=0, MaximumUpperCase=0,
MaximumNumeric=0, MinimumLifetime=0, MinimumUnique=0,
DisallowedAttributes=[], UniqueRequired=FALSE, AllowNumeric=TRUE,
CaseSensitive=TRUE, ChangeMessage=, ExpirationInterval=0,
MaximumLowerCase=0, AllowSpecial=TRUE, MaximumLength=12,
AllowFirstCharNumeric=TRUE, MinimumLength=4, MaximumSequentialRepeat=0,
MinimumNumeric=0, AllowLastCharSpecial=TRUE, PolicyEnabled=true,
MaximumSpecial=0, MinimumUpperCase=0, AllowFirstCharSpecial=TRUE,
DisallowedValues=[], AllowLastCharNumeric=TRUE}
2013-07-17 08:29:00, DEBUG, pwm.PwmPasswordPolicy, merged password
policy with PWM configured policy: PwmPasswordPolicy:
{MinimumLowerCase=0, MinimumSpecial=0, MaximumUpperCase=0,
MaximumNumeric=0, EnableWordlist=true, MinimumLifetime=0, RegExMatch=,
MinimumUnique=0, MinimumNonAlpha=null, DisallowedAttributes=[sn, cn,
givenName], UniqueRequired=false, MinimumStrength=null,
AllowNumeric=true, CaseSensitive=true, ChangeMessage=,
ExpirationInterval=0, MinimumAlpha=null, MaximumLowerCase=0,
AllowSpecial=true, ADComplexity=false, MaximumLength=12,
MaximumRepeat=null, AllowFirstCharNumeric=true, MinimumLength=4,
MaximumSequentialRepeat=0, AllowLastCharSpecial=true, MinimumNumeric=0,
MaximumAlpha=null, PolicyEnabled=true, RegExNoMatch=,
MaximumNonAlpha=null, MaximumSpecial=0, MinimumUpperCase=0,
AllowFirstCharSpecial=true, AllowLastCharNumeric=true,
DisallowedValues=[test, password]}
2013-07-17 08:29:00, TRACE, pwm.PwmPasswordPolicy,
createPwmPasswordPolicy completed in 6ms
2013-07-17 08:29:00, TRACE, util.Helper, externalJudgeMethod
'password.pwm.PwmPasswordJudge' returned a value of 47
2013-07-17 08:29:00, TRACE, util.RandomPasswordGenerator, finished
random password generation in 20ms after 1 tries.
2013-07-17 08:29:00, DEBUG, impl.AbstractChaiEntry, error setting nmas
password: -222
2013-07-17 08:29:00, TRACE, util.Helper, externalJudgeMethod
'password.pwm.PwmPasswordJudge' returned a value of 46
2013-07-17 08:29:00, TRACE, health.HealthMonitor, health check process
completed


--
icsynergymg
------------------------------------------------------------------------
icsynergymg's Profile: https://forums.netiq.com/member.php?userid=5337
View this thread: https://forums.netiq.com/showthread.php?t=48210

0 Likes
3 Replies
Anonymous_User Absent Member.
Absent Member.

Re: NMAS error -222

Error -222 means your password is expired. If you set the password
administratively this happens by default. Setup the user with a Universal
Password (UP) policy that does not automatically expire, or be sure to
enable a few grace logins so that when the password expires at least the
system can login to change the user's password again as part of its tests:

http://www.novell.com/documentation/nwec/nwec_enu/nwec_ids_t_dserr_bad_password.html

Good luck.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: NMAS error -222


Thanks for the quick reply!

So I went into iManager->Roles and Tasks->Passwords->Password Policies
1) Selected my "Sample Password Policy" (which looks to be applied to my
ou=users,o=data), selected the "Do not expire the user's password when
the administrator sets the password" checkbox. Applied the policy.
2) edited my pwmTest user and set the password again.

Tried the SSPR configure and it still fails.

If you look up NMAS error 1659 in:
http://tinyurl.com/l7aasjh

It says NMAS_E_ACCESS_NOT_ALLOWED

Browser:
unexpected policy error while writing test user temporary random
password: nmas error -222

catalina.out:
2013-07-17 10:05:21, DEBUG, wordlist.SharedHistoryManager, skipping
wordDB reduce operation, eldestEntry=20m, maxAge=28d:12h
2013-07-17 10:05:22, TRACE, provider.JNDIProviderImpl, bind successful
as cn=PwmProxy,ou=sa,o=data (332ms)
2013-07-17 10:05:22, TRACE, provider.ChaiProviderFactory, adding
StatisticsWrapper to provider instance
2013-07-17 10:05:22, DEBUG, impl.AbstractChaiEntry, error testing nmas
password: -1659
2013-07-17 10:05:22, TRACE, health.LDAPStatusChecker, error retrieving
user password from directory, this is probably okay; error reading nmas
password: error -1659
2013-07-17 10:05:22, TRACE, entry.EdirEntries, using active universal
password policy for user cn=pwmTest,ou=users,o=data at cn=Sample
Password Policy,cn=Password Policies,cn=Security
2013-07-17 10:05:22, DEBUG, pwm.PwmPasswordPolicy, discovered assigned
password policy for cn=pwmTest,ou=users,o=data at cn=Sample Password
Policy,cn=Password Policies,cn=Security PwmPasswordPolicy:
{MinimumLowerCase=0, MinimumSpecial=0, MaximumUpperCase=0,
MaximumNumeric=0, MinimumLifetime=0, MinimumUnique=0,
DisallowedAttributes=[], UniqueRequired=FALSE, AllowNumeric=TRUE,
CaseSensitive=FALSE, ChangeMessage=, ExpirationInterval=0,
MaximumLowerCase=0, AllowSpecial=TRUE, MaximumLength=12,
AllowFirstCharNumeric=TRUE, MinimumLength=4, MaximumSequentialRepeat=0,
MinimumNumeric=0, AllowLastCharSpecial=TRUE, PolicyEnabled=true,
MaximumSpecial=0, MinimumUpperCase=0, AllowFirstCharSpecial=TRUE,
DisallowedValues=[], AllowLastCharNumeric=TRUE}
2013-07-17 10:05:22, DEBUG, pwm.PwmPasswordPolicy, merged password
policy with PWM configured policy: PwmPasswordPolicy:
{MinimumLowerCase=0, MinimumSpecial=0, MaximumUpperCase=0,
MaximumNumeric=0, EnableWordlist=true, MinimumLifetime=0, RegExMatch=,
MinimumUnique=0, MinimumNonAlpha=null, DisallowedAttributes=[sn, cn,
givenName], UniqueRequired=false, MinimumStrength=null,
AllowNumeric=true, CaseSensitive=false, ChangeMessage=,
ExpirationInterval=0, MinimumAlpha=null, MaximumLowerCase=0,
AllowSpecial=true, ADComplexity=false, MaximumLength=12,
MaximumRepeat=null, AllowFirstCharNumeric=true, MinimumLength=4,
MaximumSequentialRepeat=0, AllowLastCharSpecial=true, MinimumNumeric=0,
MaximumAlpha=null, PolicyEnabled=true, RegExNoMatch=,
MaximumNonAlpha=null, MaximumSpecial=0, MinimumUpperCase=0,
AllowFirstCharSpecial=true, AllowLastCharNumeric=true,
DisallowedValues=[test, password]}
2013-07-17 10:05:22, TRACE, pwm.PwmPasswordPolicy,
createPwmPasswordPolicy completed in 24ms


--
icsynergymg
------------------------------------------------------------------------
icsynergymg's Profile: https://forums.netiq.com/member.php?userid=5337
View this thread: https://forums.netiq.com/showthread.php?t=48210

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: NMAS error -222


This looks to be the issue:
https://code.google.com/p/pwm/issues/detail?id=419&can=1&q=1659


--
icsynergymg
------------------------------------------------------------------------
icsynergymg's Profile: https://forums.netiq.com/member.php?userid=5337
View this thread: https://forums.netiq.com/showthread.php?t=48210

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.