Novell/Windows 2003 PW Syncing problem - Netware

This is a discussion on Novell/Windows 2003 PW Syncing problem - Netware ; Hi- please forgive my ignorance here as I know nothing about NDS. We installed a new Dell 2850/Win 2003 imaging server. The XP scanning stations connect UNC drive mapping and all have the standard Netware client installed. Every 45 days, ...

+ Reply to Thread
Results 1 to 13 of 13

Thread: Novell/Windows 2003 PW Syncing problem

  1. Novell/Windows 2003 PW Syncing problem

    Hi-

    please forgive my ignorance here as I know nothing about NDS. We
    installed a new Dell 2850/Win 2003 imaging server. The XP scanning
    stations connect UNC drive mapping and all have the standard Netware
    client installed. Every 45 days, Netware forces the users to change
    passwords which undoes the sync between our windows clients (scanning
    stations) and the server, so our UNC drive mappings no longer work. In
    order to fix this, we'd have to add users to the server and manually
    update their passwords every 45 days. There has to be utility that does
    this or another way around...I just can't find it. A kick in the right
    direction would be much appreciated!

    Thanks-
    Bill


  2. Re: Novell/Windows 2003 PW Syncing problem

    On Thu, 01 Jun 2006 16:15:02 -0400, Bill wrote:
    > please forgive my ignorance here as I know nothing about NDS. We
    > installed a new Dell 2850/Win 2003 imaging server. The XP scanning
    > stations connect UNC drive mapping and all have the standard Netware
    > client installed. Every 45 days, Netware forces the users to change
    > passwords which undoes the sync between our windows clients (scanning
    > stations) and the server, so our UNC drive mappings no longer work.


    I'm inferring from this that your users have Windows passwords as well,
    but that they're not being changed at the same time as your NDS password.
    Is that correct?

    > order to fix this, we'd have to add users to the server and manually
    > update their passwords every 45 days.


    Add users to which server?

    > There has to be utility that does
    > this or another way around...I just can't find it. A kick in the right
    > direction would be much appreciated!


    There are several possibilities here, but they depend on knowing what you
    have and how it works.

    What version of NetWare are you using? What service pack is installed?
    If you don't know, go to the console and type "version" at the prompt.
    Post the results.

    Your new Win2003 server, how are your users logging in to it? I'm assuming
    that you're using the MS client for MS networking, which would lead me to
    think that you have it installed so that there are users defined in the
    MS network. Maybe.


    --
    | David Gersic http://www.zaccaria-pinball.com |
    | Real Newspaper Headline: POLICE BEGIN CAMPAIGN TO RUN DOWN JAYWALKERS |
    | Email address is a spam trap. Visit the web site for contact info. |

  3. Re: Novell/Windows 2003 PW Syncing problem



    David Gersic wrote:
    > On Thu, 01 Jun 2006 16:15:02 -0400, Bill wrote:
    >
    >> please forgive my ignorance here as I know nothing about NDS. We
    >>installed a new Dell 2850/Win 2003 imaging server. The XP scanning
    >>stations connect UNC drive mapping and all have the standard Netware
    >>client installed. Every 45 days, Netware forces the users to change
    >>passwords which undoes the sync between our windows clients (scanning
    >>stations) and the server, so our UNC drive mappings no longer work.

    >
    >
    > I'm inferring from this that your users have Windows passwords as well,
    > but that they're not being changed at the same time as your NDS password.
    > Is that correct?


    In fact the novell client changes the windows passwords automatically in
    order to make windows login automatic. This is the root of the problem
    because now the windows password that gets shipped to the server is
    incorrect and the drive map doesn't happen.


    >
    >
    >>order to fix this, we'd have to add users to the server and manually
    >>update their passwords every 45 days.

    >
    >
    > Add users to which server?


    The imaging server but I'm trying to avoid that.

    >
    >
    >>There has to be utility that does
    >>this or another way around...I just can't find it. A kick in the right
    >>direction would be much appreciated!

    >
    >
    > There are several possibilities here, but they depend on knowing what you
    > have and how it works.
    >
    > What version of NetWare are you using? What service pack is installed?
    > If you don't know, go to the console and type "version" at the prompt.
    > Post the results.
    >

    Client is 4.83 SP3 and 4.90 SP2

    > Your new Win2003 server, how are your users logging in to it? I'm assuming
    > that you're using the MS client for MS networking, which would lead me to
    > think that you have it installed so that there are users defined in the
    > MS network.


    We don't actually log in to it at the moment- we map the server folder
    we need to access using a single account name and password with assigned
    permissions. This is what we want to change.


    Maybe.
    >
    >



  4. Re: Novell/Windows 2003 PW Syncing problem

    On Fri, 02 Jun 2006 08:51:18 -0400, Bill wrote:


    >In fact the novell client changes the windows passwords automatically in
    >order to make windows login automatic. This is the root of the problem
    >because now the windows password that gets shipped to the server is
    >incorrect and the drive map doesn't happen.


    Is it a big deal to have separate Netwware/Windows passwords?

    Alternatively is it really necessary to alter your Novell password
    every 3 months or is that out of your control?


    --
    AnthonyL

  5. Re: Novell/Windows 2003 PW Syncing problem

    On Fri, 02 Jun 2006 08:51:18 -0400, Bill wrote:
    >> I'm inferring from this that your users have Windows passwords as well,
    >> but that they're not being changed at the same time as your NDS password.
    >> Is that correct?

    >
    > In fact the novell client changes the windows passwords automatically in
    > order to make windows login automatic. This is the root of the problem
    > because now the windows password that gets shipped to the server is
    > incorrect and the drive map doesn't happen.


    If I recall correctly, the user is prompted for which passwords to change
    at this point. Can you train them _not_ to change the one being used for
    your Win2003 box?

    >> What version of NetWare are you using? What service pack is installed?
    >> If you don't know, go to the console and type "version" at the prompt.
    >> Post the results.
    >>

    > Client is 4.83 SP3 and 4.90 SP2


    That's the client version. I'm interested in the server version.

    >> Your new Win2003 server, how are your users logging in to it? I'm assuming
    >> that you're using the MS client for MS networking, which would lead me to
    >> think that you have it installed so that there are users defined in the
    >> MS network.

    >
    > We don't actually log in to it at the moment- we map the server folder
    > we need to access using a single account name and password with assigned
    > permissions. This is what we want to change.


    Ok, I see what you're doing. I can think of two ways to make this less
    painful, assuming you can't train your users not to do this. But, either
    you'll need to have upgraded to NetWare 6.5, or you'd have to buy some
    additional software.


    --
    | David Gersic http://www.zaccaria-pinball.com |
    | Any minimum criteria set will be the maximum value used. |
    | Email address is a spam trap. Visit the web site for contact info. |

  6. Re: Novell/Windows 2003 PW Syncing problem



    AnthonyL wrote:
    > On Fri, 02 Jun 2006 08:51:18 -0400, Bill wrote:
    >
    >
    >
    >>In fact the novell client changes the windows passwords automatically in
    >>order to make windows login automatic. This is the root of the problem
    >>because now the windows password that gets shipped to the server is
    >>incorrect and the drive map doesn't happen.

    >
    >
    > Is it a big deal to have separate Netwware/Windows passwords?
    >


    From a work standpoint- no. It will probably only take a couple of
    minutes. Still, I was hoping for a cleaner way to do things....


    > Alternatively is it really necessary to alter your Novell password
    > every 3 months or is that out of your control?


    I don't think it's necessary but (you're right) it's out of my
    control. I guess their theory is that as time goes by, the chance of
    password leaks increase. I guess that's true on some level but I'm not
    sure that a malicious person would say something like "Well, now that
    I've got the password, I'd better hurry up and hack away before the
    3 months is up (in our case- 45 days). On the other hand, I've never
    seen any reason to change a password from something hackers don't know
    to something else they don't know. . .


    Thanks!
    Hope the weekend was good..
    >
    >



  7. Re: Novell/Windows 2003 PW Syncing problem



    David Gersic wrote:

    > On Fri, 02 Jun 2006 08:51:18 -0400, Bill wrote:
    >
    >>>I'm inferring from this that your users have Windows passwords as well,
    >>>but that they're not being changed at the same time as your NDS password.
    >>>Is that correct?

    >>
    >>In fact the novell client changes the windows passwords automatically in
    >>order to make windows login automatic. This is the root of the problem
    >>because now the windows password that gets shipped to the server is
    >>incorrect and the drive map doesn't happen.

    >
    >
    > If I recall correctly, the user is prompted for which passwords to change
    > at this point. Can you train them _not_ to change the one being used for
    > your Win2003 box?


    But that's the problem- it doesn't change that one. If there is a way to
    get it to change the windows password on both the client as well as on
    the Win2003 box, I'm all eyes.

    >
    >
    >>>What version of NetWare are you using? What service pack is installed?
    >>>If you don't know, go to the console and type "version" at the prompt.
    >>>Post the results.
    >>>

    >>
    >>Client is 4.83 SP3 and 4.90 SP2

    >
    >
    > That's the client version. I'm interested in the server version.
    >


    Not sure and don't use it. Does something like "6.2" sound right?

    >
    >>>Your new Win2003 server, how are your users logging in to it? I'm assuming
    >>>that you're using the MS client for MS networking, which would lead me to
    >>>think that you have it installed so that there are users defined in the
    >>>MS network.

    >>
    >>We don't actually log in to it at the moment- we map the server folder
    >>we need to access using a single account name and password with assigned
    >>permissions. This is what we want to change.

    >
    >
    > Ok, I see what you're doing. I can think of two ways to make this less
    > painful, assuming you can't train your users not to do this. But, either
    > you'll need to have upgraded to NetWare 6.5, or you'd have to buy some
    > additional software.
    >
    >

    Not a surprise. What's the additional software??

    hope the weekend was good,
    B


  8. Re: Novell/Windows 2003 PW Syncing problem

    On Mon, 05 Jun 2006 07:12:29 -0400, Bill wrote:
    >> On Fri, 02 Jun 2006 08:51:18 -0400, Bill wrote:
    >>
    >>>>I'm inferring from this that your users have Windows passwords as well,
    >>>>but that they're not being changed at the same time as your NDS password.
    >>>>Is that correct?
    >>>
    >>>In fact the novell client changes the windows passwords automatically in
    >>>order to make windows login automatic. This is the root of the problem
    >>>because now the windows password that gets shipped to the server is
    >>>incorrect and the drive map doesn't happen.

    >>
    >>
    >> If I recall correctly, the user is prompted for which passwords to change
    >> at this point. Can you train them _not_ to change the one being used for
    >> your Win2003 box?

    >
    > But that's the problem- it doesn't change that one. If there is a way to
    > get it to change the windows password on both the client as well as on
    > the Win2003 box, I'm all eyes.


    Ok, you've lost me here. Please re-describe exactly what it is that is
    happening, what isn't happening, and what it is that you're trying to
    accomplish here.

    From your previous description, it sounded like you have person Bob.
    Bob has an account in your eDirectory tree. Bob has a local machine
    account on a Windows workstation. And Bob and all of your other people
    are sharing a guess account that gives them access to this new Win2003
    server you're talking about.

    Right? Wrong?

    When Bob's password expires (in eDirectory), he changes it from old-password
    to new-password. That much is ok.

    From your previous description, you were saying that the password on the
    shared guest account for access to the Win2003 box is also being changed,
    at which time nobody else in the office can use the box anymore.

    Yes? No?

    >>>>What version of NetWare are you using? What service pack is installed?
    >>>>If you don't know, go to the console and type "version" at the prompt.
    >>>>Post the results.
    >>>>
    >>>
    >>>Client is 4.83 SP3 and 4.90 SP2

    >>
    >> That's the client version. I'm interested in the server version.

    >
    > Not sure and don't use it. Does something like "6.2" sound right?


    No.

    Like I said, go to the server console. It'll have a prompt something like
    "MYSERVER:" on it. If you're seeing some other screen there, press Ctrl-Esc
    to bring up the screens menu, then press Esc to get to the console. Once
    you get there, type the word "version" and hit return. Copy down the text
    that results from this, and post it here.


    --
    | David Gersic http://www.zaccaria-pinball.com |
    | A rind is a terrible thing to taste... |
    | Email address is a spam trap. Visit the web site for contact info. |

  9. Re: Novell/Windows 2003 PW Syncing problem



    David Gersic wrote:
    >>

    > From your previous description, it sounded like you have person Bob.
    > Bob has an account in your eDirectory tree. Bob has a local machine
    > account on a Windows workstation. And Bob and all of your other people
    > are sharing a guess account that gives them access to this new Win2003
    > server you're talking about.
    >
    > Right? Wrong?
    >
    > When Bob's password expires (in eDirectory), he changes it from old-password
    > to new-password. That much is ok.
    >
    > From your previous description, you were saying that the password on the
    > shared guest account for access to the Win2003 box is also being changed,
    > at which time nobody else in the office can use the box anymore.
    >
    > Yes? No?


    Sorry for the confusion- No-. Bob is using a client called AX. AX uses
    UNC drive mapping to map a shared folder on the Win2003 server, where it
    stores scanned images. It maps the folder using Bob's windows password.
    IE Bob's account on his own pc is mirrored by an account on the Win2003
    server (same pw) and AX maps the folder successfully by automatically
    using Bob's Windows PW. But every 45 days, the Novell
    Client forces Bob to update his Novell PW, while at the same time
    updating his Windows login pw so Bob doesn't have to log in twice or
    remember 2 passwords. But now Bob's mirror account on the server still
    has the old password, and the AX client on Bob's windows pc is suddenly
    sending the wrong credentials to map the shared folder.... So the
    question: Is there a utility or something that can also update Bob's pw
    on the server?


    thanks for hanging,
    b


    >
    >
    >>>>>What version of NetWare are you using? What service pack is installed?
    >>>>>If you don't know, go to the console and type "version" at the prompt.
    >>>>>Post the results.
    >>>>>
    >>>>
    >>>>Client is 4.83 SP3 and 4.90 SP2
    >>>
    >>>That's the client version. I'm interested in the server version.

    >>
    >> Not sure and don't use it. Does something like "6.2" sound right?

    >
    >
    > No.
    >
    > Like I said, go to the server console. It'll have a prompt something like
    > "MYSERVER:" on it. If you're seeing some other screen there, press Ctrl-Esc
    > to bring up the screens menu, then press Esc to get to the console. Once
    > you get there, type the word "version" and hit return. Copy down the text
    > that results from this, and post it here.
    >
    >



  10. Re: Novell/Windows 2003 PW Syncing problem

    On Mon, 05 Jun 2006 16:22:05 -0400, Bill wrote:
    > Sorry for the confusion- No-. Bob is using a client called AX. AX uses
    > UNC drive mapping to map a shared folder on the Win2003 server, where it
    > stores scanned images. It maps the folder using Bob's windows password.
    > IE Bob's account on his own pc is mirrored by an account on the Win2003
    > server (same pw) and AX maps the folder successfully by automatically


    Ah, I see. So your Win2003 server _has_ users (accounts) and passwords.
    Gotcha. That's not what you originally said.

    > Client forces Bob to update his Novell PW, while at the same time
    > updating his Windows login pw so Bob doesn't have to log in twice or
    > remember 2 passwords. But now Bob's mirror account on the server still
    > has the old password, and the AX client on Bob's windows pc is suddenly
    > sending the wrong credentials to map the shared folder.... So the
    > question: Is there a utility or something that can also update Bob's pw
    > on the server?


    Yes. Several possibilities, actually. But recommending something depends
    on what you have now, too.

    Since I still don't know what server version you're running, I'll just
    lay out a couple of options for you, assuming you're running something
    reasonably recent (NetWare 6.0 or 6.5). If you're running something
    older (5.1, 5.0, 4.*), you'll need to upgrade, or find another answer.

    1) Use Novell's Identity Manager (IDM) - the starter pack is included
    with NetWare. It would be best if you were running Netware 6.5, as
    that would mean that you have a license for IDM v2. If you're running
    something older, you have v1 (aka DirXML 1.1a), which will also work,
    but is a lot harder to set up.

    With this, you'd change your Win2003 server over to running Active
    Directory, then synchronize your accounts and passwords between
    eDirectory and Active Directory. Your workstations will be joined
    to the domain, eliminating the need to deal with local machine
    accounts and passwords.

    This can be a fairly complex solution, but may not be too bad for
    a relatively simple configuration.

    2) Use Novell's Native File Access (NFAP) stuff. This is included as
    well. You can use the NFAP configuration to set your NetWare server
    up as a domain controller, then bring your Win2003 server in to the
    domain as a member server. Again, this should eliminate your problem.

    It's a bit simpler to set up, probably, but doesn't gain you much
    beyond solving your immediate need. If that's enough, maybe this would
    be the way to go.


    --
    | David Gersic http://www.zaccaria-pinball.com |
    | Tower case? Nah, fell off the desk and landed that way. |
    | Email address is a spam trap. Visit the web site for contact info. |

  11. Re: Novell/Windows 2003 PW Syncing problem



    David Gersic wrote:
    > On Mon, 05 Jun 2006 16:22:05 -0400, Bill wrote:
    >
    >>Sorry for the confusion- No-. Bob is using a client called AX. AX uses
    >>UNC drive mapping to map a shared folder on the Win2003 server, where it
    >>stores scanned images. It maps the folder using Bob's windows password.
    >>IE Bob's account on his own pc is mirrored by an account on the Win2003
    >>server (same pw) and AX maps the folder successfully by automatically

    >
    >
    > Ah, I see. So your Win2003 server _has_ users (accounts) and passwords.


    No, it doesn't. We currently use a single user for drive mapping. In
    order to remedy the solution, we will have to add user accounts. I went
    with your analogy since that' what you offered!

    > Gotcha. That's not what you originally said.


    Correct. We currently use a single account, unique to the Win2003
    server and not present on any user/client pc, to map the server folder.
    In order to plug what could potentially become some security holes, we
    are about to change the way in which users access, and store files on,
    the server. This will probably include the addition of 10 or so
    accounts, but they aren't actually there yet.
    Clearer now?


    >
    >
    >>Client forces Bob to update his Novell PW, while at the same time
    >>updating his Windows login pw so Bob doesn't have to log in twice or
    >>remember 2 passwords. But now Bob's mirror account on the server still
    >>has the old password, and the AX client on Bob's windows pc is suddenly
    >>sending the wrong credentials to map the shared folder.... So the
    >>question: Is there a utility or something that can also update Bob's pw
    >>on the server?

    >
    >
    > Yes. Several possibilities, actually. But recommending something depends
    > on what you have now, too.
    >
    > Since I still don't know what server version you're running, I'll just
    > lay out a couple of options for you, assuming you're running something
    > reasonably recent (NetWare 6.0 or 6.5). If you're running something
    > older (5.1, 5.0, 4.*), you'll need to upgrade, or find another answer.
    >
    > 1) Use Novell's Identity Manager (IDM) - the starter pack is included
    > with NetWare. It would be best if you were running Netware 6.5, as
    > that would mean that you have a license for IDM v2. If you're running
    > something older, you have v1 (aka DirXML 1.1a), which will also work,
    > but is a lot harder to set up.
    >
    > With this, you'd change your Win2003 server over to running Active
    > Directory, then synchronize your accounts and passwords between
    > eDirectory and Active Directory. Your workstations will be joined
    > to the domain, eliminating the need to deal with local machine
    > accounts and passwords.
    >
    > This can be a fairly complex solution, but may not be too bad for
    > a relatively simple configuration.
    >
    > 2) Use Novell's Native File Access (NFAP) stuff. This is included as
    > well. You can use the NFAP configuration to set your NetWare server
    > up as a domain controller, then bring your Win2003 server in to the
    > domain as a member server. Again, this should eliminate your problem.
    >
    > It's a bit simpler to set up, probably, but doesn't gain you much
    > beyond solving your immediate need. If that's enough, maybe this would
    > be the way to go.
    >




    Worth investigating!!! Thanks! I believe solving the immediate need will
    be ok since after the pending install, the server config and user base
    will remain fairly static.

    Owe you one-
    Cheers,
    Bill
    >



  12. Re: Novell/Windows 2003 PW Syncing problem

    Bill wrote:
    >
    > Worth investigating!!!


    Sure is =)

    If you need more W2003 AD & NDS eDirectory co-operation, IDM is the way
    go with the synchronization of data between the directories.. like users
    and passwords.

    -sk

  13. Re: Novell/Windows 2003 PW Syncing problem

    On Wed, 07 Jun 2006 11:27:42 -0400, Bill wrote:
    >
    >
    > David Gersic wrote:
    >> On Mon, 05 Jun 2006 16:22:05 -0400, Bill wrote:
    >>
    >>>Sorry for the confusion- No-. Bob is using a client called AX. AX uses
    >>>UNC drive mapping to map a shared folder on the Win2003 server, where it
    >>>stores scanned images. It maps the folder using Bob's windows password.
    >>>IE Bob's account on his own pc is mirrored by an account on the Win2003
    >>>server (same pw) and AX maps the folder successfully by automatically

    >>
    >>
    >> Ah, I see. So your Win2003 server _has_ users (accounts) and passwords.

    >
    > No, it doesn't. We currently use a single user for drive mapping. In
    > order to remedy the solution, we will have to add user accounts. I went
    > with your analogy since that' what you offered!


    It's quite a bit harder to attempt to help you if you change the story
    mid-stream.

    >> Gotcha. That's not what you originally said.

    >
    > Correct. We currently use a single account, unique to the Win2003
    > server and not present on any user/client pc, to map the server folder.


    Ok, in that case, from what I recall (I could be wrong), there shouldn't
    be any change to this account's password happening.


    --
    | David Gersic http://www.zaccaria-pinball.com |
    | #define while(x) if(x) |
    | Email address is a spam trap. Visit the web site for contact info. |

+ Reply to Thread