?
Solved

NMAS.NLM intruder detection locked user account

Posted on 2007-08-02
5
Medium Priority
?
1,003 Views
Last Modified: 2011-09-20
Hi there

We get alot of these errors on the console on a customer site. I'm not entire sure if every user is creating this error pop up on the server. Some of the users are already using the Novell Client 4.9~

This TID asking me to complete a few things which could be related to this. As my knowledge on this site is limited, could someone explain to me in laymans terms what is necessary? Or perhaps do you know what is precisely causing this?

http://support.novell.com/cgi-bin/search/searchtid.cgi?/10070792.htm

Ta!
0
Comment
Question by:MarkMichael
  • 2
  • 2
5 Comments
 
LVL 19

Accepted Solution

by:
alextoft earned 1400 total points
ID: 19616572
Which version of Netware is being used? If you've got 6.5, the easiest thing to do is enable a Universal Password policy and associate it with the tree (or the container your users are in). That way the simple password will be automatically populated by policy upon a successful login from an NMAS enabled client (Novell Client 4.9+ with NMAS and NICI installed).

If you try to connect to a Netware server running CIFS from a machine without a Novell Client, the standard NDS password in eDirectory cannot be reversed in order to validate it. This is why the simple password exists. It's stored in a fashion which can be used to compare with the hash sent in a CIFS request. Universal Password is just that, universal. It is secure, yet reversable enough to allow the system to populate password attributes compatible with other systems from it.

If all the machines which access your Netware server have a Novell Client installed, you don't need CIFS/AFP loaded at all, so simply comment out CIFSSTRT and AFPSTRT in the autoexec.ncf file and all the errors will (should) go away as noone will be able to attempt non-NCP filesystem mounts.
0
 
LVL 15

Author Comment

by:MarkMichael
ID: 19616926
Hi

We have NetWare 6.5 Installed and eDirectory 8.7.3.7. Reading the TID, it explains that NMAS is installed with eDirectory. Is there a way of turning this off too, since none of the clients are meant to have this client protocol  installed.
0
 
LVL 15

Author Comment

by:MarkMichael
ID: 19617431
Btw, thanks for your answers. I have now turned off CIFS/AFP and there are no errors as of yet! :D
0
 
LVL 35

Assisted Solution

by:ShineOn
ShineOn earned 600 total points
ID: 19618389
The only purpose of NFAP/AFP is for Apple/Mac "native" access.  The purpose for NFAP/CIFS is for Windows "native" access and the purpose for NFAP/NSS is for native *nix/linux access.  So, if you also don't connect your NetWare volumes to *nix, presenting them as NSS mount points, you don't need to have *any* of the NFAP modules loading.

You should, however, plan to implement NMAS Universal Password, because in addition to being the basis for so many cross-platform interoperability features, it's also the way to establish "strong password" rules.  

Other NMAS methods can be incorporated as well, as needed, to provide smart-card/token authentication, biometrics, etc.
0
 
LVL 19

Expert Comment

by:alextoft
ID: 19619144
I wouldn't recommend the NMAS documentation if you can avoid it though - it makes my head hurt. Unfortunately the current certifications are quite keen on it :/
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the below post we have mentioned the best hosting type for startups. Also, check out some of the superlative web hosting companies that are proposing affordable web hosting solutions to host your startup website.
Exchange administrators are always vigilant about Exchange crashes and disasters that are possible any time. It is quite essential to identify the symptoms of a possible Exchange issue and be prepared with a proper recovery plan. There are multiple…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…
Suggested Courses

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question