wferguson1 Absent Member.
Absent Member.
599 views

nmas operation failed during pw reset via userapp


I have one user that cannot change his pw via userapp. I can change his
password administratively from ConsoleOne, but the user cannot log into
the password portal in user app(error: login failed). I had the user
walk through the forgot password link and to try and change his pw using
the challenge response questions, he was able to get passed those but
when he typed his new password in, I saw in the logs the error "Error #:
-1, 681, Error Msg: NMAS Operation failed." and so obviously he could
not set a new pw. I created a test user in the same context as his
account and I can change the pw just fine and log into the userapp
password portal with no issues.

I have no idea why userapp would stop this.....as stated above, I can
change the pw for him in ConsoleOne perfectly fine and log in with his
new credentials via iManager....just not userapp. Any help is
appreciated.
Thank you,


--
wferguson
------------------------------------------------------------------------
wferguson's Profile: https://forums.netiq.com/member.php?userid=360
View this thread: https://forums.netiq.com/showthread.php?t=54361

Labels (1)
0 Likes
9 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: nmas operation failed during pw reset via userapp

Please post the full trace from ndstrace during the password change
attempt via the UserApp. Use these commands:


ndstrace
set dstrace=nodebug
dstrace +time +tags +nmas +nici
set dstrace=*m9999999
dstrace file on
set dstrace=*r
#perform the test here from the UserApp
dstrace file off
quit


Post the resulting ndstrace.log file, which by default will be under
something like /var/opt/novell/eDirectory/log

Possible issues include SDI key problems, where they are not consistent.
If your UserApp is pointed to a box that lacks a key another box had, then
verifying the new password is not the same as an old password (current or,
if history is enabled, older) could fail.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
wferguson1 Absent Member.
Absent Member.

Re: nmas operation failed during pw reset via userapp


I looked at the server where the userapp is running I ran the ndsmanage
command and it is showing that my instance is INACTIVE. This is news to
me and I don't know how long it has been that way. Other accounts can
log into userapp fine....but could this be my issue and would it be ok
to just set this instance back to active? I just don't want to cause any
replication issues. thanks


--
wferguson
------------------------------------------------------------------------
wferguson's Profile: https://forums.netiq.com/member.php?userid=360
View this thread: https://forums.netiq.com/showthread.php?t=54361

0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: nmas operation failed during pw reset via userapp

In a regular old environment (ignoring the last few threads you've had
about cloning systems) you should almost certainly have them all
active/running at once. 'ndsmanage startall' will start things owned by
the current user (probably 'root' usually).

It may be worthwhile to review the ndsd.log file to see if anything
indicates a crash in there. Similarly, look for core files in the DIB
directory (/var/opt/novell/eDirectory/data/dib by default). If you see
one, try to figure out what may have happened at the time it was created,
but perhaps first be sure you are fully patched as it may be an old/fixed bug.


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
wferguson1 Absent Member.
Absent Member.

Re: nmas operation failed during pw reset via userapp


I have completely steered away from cloning / ndsbackup for systems on
behalf of communications strongly suggesting to not do that. This is
just one of our prod servers that I noticed the eDir instance was not
running. Let me start it back and see what it fixes. Thank you, I will
update this in a bit.


--
wferguson
------------------------------------------------------------------------
wferguson's Profile: https://forums.netiq.com/member.php?userid=360
View this thread: https://forums.netiq.com/showthread.php?t=54361

0 Likes
wferguson1 Absent Member.
Absent Member.

Re: nmas operation failed during pw reset via userapp


[root@server log]# ps ax | grep -i ndsd
4066 pts/1 S+ 0:00 grep -i ndsd
5126 ? Sl 50090:08 /opt/novell/eDirectory/sbin/ndsd
[root@server log]# ndsdstatus
-bash: ndsdstatus: command not found
[root@server log]# ndsd status
The NetIQ eDirectory DIB directory (/var/opt/novell/eDirectory/data/dib)
does not exist. ndsd will not start up.


--
wferguson
------------------------------------------------------------------------
wferguson's Profile: https://forums.netiq.com/member.php?userid=360
View this thread: https://forums.netiq.com/showthread.php?t=54361

0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: nmas operation failed during pw reset via userapp

Eeeekkkk!!!!

On 09/28/2015 12:14 PM, wferguson wrote:
>
> [root@server log]# ps ax | grep -i ndsd
> 4066 pts/1 S+ 0:00 grep -i ndsd
> 5126 ? Sl 50090:08 /opt/novell/eDirectory/sbin/ndsd


It is running, and has been running a lot. A better command would be 'ps
aux' so you can see as which user, since that may matter here.

> [root@server log]# ndsdstatus
> -bash: ndsdstatus: command not found


Indeed; the command is 'ndsstat'

> [root@server log]# ndsd status


Do not run this command anymore. You're invoking the 'ndsd' binary
directly, which you should never do. The only ways to start/stop
instances are via the ndsmanage or /etc/init.d/ndsd commands, and you
really should use the former as the latter gets too-easily confused with
the command you ran (/etc/init.d is not in your PATH, so it is never the
one called, which confuses some) and Sys-V is going away, and ndsmanage
should work with its replacement, systemd.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
wferguson1 Absent Member.
Absent Member.

Re: nmas operation failed during pw reset via userapp


[root@server dib]# ps aux | grep -i ndsd
root 4489 0.0 0.0 61228 804 pts/1 R+ 14:32 0:00 grep -i
ndsd
root 5126 33.1 3.2 1698588 538524 ? Sl Jun15 50092:27
/opt/novell/eDirectory/sbin/ndsd


--
wferguson
------------------------------------------------------------------------
wferguson's Profile: https://forums.netiq.com/member.php?userid=360
View this thread: https://forums.netiq.com/showthread.php?t=54361

0 Likes
wferguson1 Absent Member.
Absent Member.

Re: nmas operation failed during pw reset via userapp


so eDirectory is running I confirmed

[root@server dib]# rcndsd status
Tree Name: Bob
Server Name: .CN=server4.OU=IDM.OU=SVS.O=Bob.T=Bob.
Binary Version: 20801.46
Root Most Entry Depth: 0
Product Version: eDirectory for Linux x86_64 v8.8 SP8 [DS]


the DIB directory being used is
[root@server dib]# find / -iname dib
/var/opt/novell/eDirectory/instances/Bob/data/dib


ndsmanage shows
[root@server dib]# ndsmanage
Server instances management utility for NetIQ eDirectory 8.8 SP8
v20801.42
The following are the instances configured by root
[1] /var/opt/novell/eDirectory/instances/Bob/nds.conf :
..server4.IDM.SVS.Bob.Bob Bob. : serverIP@524
serverIP@524 : INACTIVE

yes the server ip is listed twice just as I copied and pasted it...


--
wferguson
------------------------------------------------------------------------
wferguson's Profile: https://forums.netiq.com/member.php?userid=360
View this thread: https://forums.netiq.com/showthread.php?t=54361

0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: nmas operation failed during pw reset via userapp

Ah ha! This is an easy one; you have duplicated lines in your nds.conf
file, which is throwing off utilities like ndsmanage. If you were to try
to patch your instance, especially with older patches, that would probably
fail as a result too. Find the lines that are duplicated in your nds.conf
file (the one listed from ndsmanage) and remove the duplicate lines and
then things should be fine.

If you want to report this, you should get your Service Request (SR)
credited. Engineering is looking hard to figuring out why this happens so
they can stop it. Duplicating it is tricky, though, so if you're willing
they are probably happy to try out some things.

Refer to Bug# 729238 if you open the SR.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.