We have a problem with password expiration in our eDirectory/DSfW tree.
User password are set to expire every 365 days. User logs in and receives the message telling her to change the password. User changes password, everything seems to go successfully. Next time the user logs in, they give the new password and Novell login succeeds. But then they are prompted again for the domain password. They need to give the previous password in order to successfully log in to domain.
diagpwd doesn't seem to show any problems with the password - the password change time is correct and I can't see any obvious problems:
The problem only occurs when the user changes password during grace logins. If the user simply changes password by Ctrl+Alt+Del - Change Password, then the domain password also gets changed and they can log in by entering password only once. Even if they change the password on a workstation that is not joined to domain, they can next time successfully log in at a workstation that is joined to domain.
Our DSfW servers are, admittedly, rather outdated, running OES2SP1. Other servers in the tree are NW65 with eDir 8.8 SP5 and NW51 with eDir 8.7.3. Workstations are running Novell Client 4.91 SP5 (WinXP) and Novell Client 2 SP2 (Windows 7). The problem affects users with both client versions. I'm pretty sure there was a time when this problem didn't exist, but it's hard to pinpoint exactly when it started to happen.
User password are set to expire every 365 days. User logs in and receives the message telling her to change the password. User changes password, everything seems to go successfully. Next time the user logs in, they give the new password and Novell login succeeds. But then they are prompted again for the domain password. They need to give the previous password in order to successfully log in to domain.
diagpwd doesn't seem to show any problems with the password - the password change time is correct and I can't see any obvious problems:
Code:
Object DN: cn=Someone,ou=IT,o=TLV
EMail: [NONE]
Last Changed Date: 2013-01-14 06:10:17 Z
Password Status: Enabled, Set
Distribution Password Status: Set
Simple Password Status: Set
Password Policy DN: cn=Domain Password Policy,cn=Password Policies,cn=System,o=TLV
Password Policy DN: cn=Domain Password Policy,cn=Password Policies,cn=System,o=TLV
Options: 0x340 (832)
Universal Password enabled
Advanced policy enabled
Sync NDS
Sync Simple
Synch external
Not user readable
Not admin readableOur DSfW servers are, admittedly, rather outdated, running OES2SP1. Other servers in the tree are NW65 with eDir 8.8 SP5 and NW51 with eDir 8.7.3. Workstations are running Novell Client 4.91 SP5 (WinXP) and Novell Client 2 SP2 (Windows 7). The problem affects users with both client versions. I'm pretty sure there was a time when this problem didn't exist, but it's hard to pinpoint exactly when it started to happen.