dchunt Absent Member.
Absent Member.
1292 views

User assigned to UP policy not receiving it

We have started to roll out a Universal Password Policy to our users. We are running SLES 11 SP4 / OES 2015 SP1 with the client on the WS being "Client for Open Enterprise Server 2 SP4 (IR6)".

IN general everything is going good with users getting prompted to change their password to meet the complexity requirements in the policy and being asked to answer the challenge/response questions and supply a password hint. But we have one user (so far) who doesn't seem to be getting the policy, although they are assigned to the password policy in iManager. Also in iManager if I go to 'View Policy Assignments' and put in the user, it shows the correct Password Policy as being assigned to her.

Nevertheless, when the user logs in, they are not prompted for challenge/response questions, asked for a password hint or asked to change their password to meet the password policy requirements. Also, if at the WS I right click on the OES Client icon in the system tray and choose "User Administration of xxx tree", then Challenge/Response administration, I get the dialog "Cannot administer Challenge/Response because the current user does not have a password policy"!

We have a simple eDir tree with 3 servers in the replica ring. I ran ndsrepair on all 3 servers checking time sync, replica sync, external references and stuck obits and everything is coming up clean.

What could be the problem?

Thanks,

Dan
Labels (1)
0 Likes
7 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: User assigned to UP policy not receiving it

What if that user logs in from another machine which works for a different
user?


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
dchunt Absent Member.
Absent Member.

Re: User assigned to UP policy not receiving it

That was it, the Client for Open Enterprise Server was apparently installed on this WS without the Challenge/Response and some other NMAS methods. Removing the client and re-installing it fixed the problem.

Thanks,

Dan
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: User assigned to UP policy not receiving it

Awesome! Thank-you for sharing your results. If you ever find out how
that happened, feel free to update us as I have heard of a similar issue
just recently and they, too, were sure that the NMAS pieces were all in
place recently due to automatic builds or images.


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
dchunt Absent Member.
Absent Member.

Re: User assigned to UP policy not receiving it

I think if you manually install the client instead of using the scripted method, there is a place where you can pick the NMAS methods that you want to install??? That's all I can think of.

dan
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: User assigned to UP policy not receiving it

Agreed; that's what I remember from the 4.9x client on XP, but that was
years ago. I suppose maybe that can mess up in other ways, but we'll see.
Thanks for sharing your results.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
dchunt Absent Member.
Absent Member.

Re: User assigned to UP policy not receiving it

Ab, FWIW, we did a test where we installed an old client on a WS that didn't have one and there is an option to not install NMAS if you go through the custom installation. Having done that, we now had a person who was associated with a Universal Password policy log into the WS,and go to change the challenge/response questions, it reported that no policy was assigned to the user. Then using the Client setup Install.ini and setting the parameter 'InstallNMAS=Always', then installing the new client, it put in the NMAS components and then UP would work correctly on that WS.

Dan
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: User assigned to UP policy not receiving it

Ah, this sounds a lot like your original description, so perhaps this is
the reason why things are as they are, and older client lacking NMAS.
Good testing all around.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.