| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 520.1 | Reformatted for 80 columns. | IROCZ::D_NELSON | Dave Nelson LKG1-3/A11 226-5358 | Tue Feb 18 1997 11:02 | 11 |
| <<< Note 520.0 by KERNEL::PHILLIPSN "Neil Phillips" >>>
-< DRAS on VMS host authentication, restricted/captive user fix doe >-
I have a customer, who is running drassrv on a VMS machine, managed from NT.
He is using host authentication, and has problems with restricted/captive user
authentication. I have pointed him to the update 2, on the internet. He has
installed this "patch", but it doesn't appear to make any difference. Are we
doing something wrong ?
NJP
|
| 520.2 | Double check all of the reasons for reject | CSC32::R_BUCK | Authenticated and assimilated | Tue Feb 18 1997 18:58 | 26 |
| Might want to take a look at note 455.* again for possible reasons for
Host authentication to fail. Also we have created a customer readable
article that documents the reasons as follows:
Username not found in SYSUAF.DAT
User account is Disabled
User account is Expired
User account is Captive
User account is Restricted
User account has no network access "now"
User password expired because PWD_EXPIRED flag is set
User password pre-expired
User password expired because password lifetime has passed
User password didn't match supplied password
User account has a secondary password
As far as the patch goes, as long as the callout modules is placed in
the proper directory, the Captive check should no longer be made.
Do not believe you have to stop and restart the DRAS server, but it
would be a good idea to do so after putting the new images on the
OpenVMS system. If the only reason the user was refused access is
because the account had the Captive flag set, the new image should take
care of everything.
Randall Buck
MCS - Network Support
|
| 520.3 | All checks made & still no progress. | KERNEL::PHILLIPSN | Neil Phillips | Fri Feb 21 1997 05:30 | 12 |
| Thanks for the reply Randall,
I have checked out the things you suggested, & looked at note 455.*. Unfortunately I have been unable to
cleared problem.
I have checked the callout file being used (SDA channels), and done an analy/image on the file. The file has a
date of Jan 96.
Any other ideas ?, the machine is running VMS v7.0 (VAX).
Thanks again
NJP
|
| 520.4 | Reformatted for 80 columns... | IROCZ::D_NELSON | Dave Nelson LKG1-3/A11 226-5358 | Fri Feb 21 1997 10:09 | 16 |
| <<< Note 520.3 by KERNEL::PHILLIPSN "Neil Phillips" >>>
-< All checks made & still no progress. >-
Thanks for the reply Randall,
I have checked out the things you suggested, & looked at note 455.*.
Unfortunately I have been unable to cleared problem.
I have checked the callout file being used (SDA channels), and done an
analy/image on the file. The file has a date of Jan 96.
Any other ideas ?, the machine is running VMS v7.0 (VAX).
Thanks again
NJP
|
| 520.5 | Couple more ideas and things to check | CSC32::R_BUCK | Authenticated and assimilated | Mon Feb 24 1997 14:44 | 21 |
| Well you really have me stumped at this point. As a troubleshooting
technique, I would create an account with no restrictions and ses if
the DRAS HOST authentication works with it. Make sure to check those
accounting records in DRAS$MANAGER to see if there is a problem with
the username or password. Have seen situations where authentication
fails with the Local -1107- error is the secret value does not match
up. All the usual checks for the DRAS account apply also. Make sure
it is enabled. If the connection is dedicated PPP then you need to
make sure Framed or Framed Callback is selected, otherwise, NAS Prompt
is usually sufficent.
Any error message from the DECserver? Does PASSWORD authentication
work? If yes, then this would verify that DRAS is installed and
running correctly on the OpenVMS system. Have seen UCX get hosed up
and cause problems trying to communication with the DRAS client
(DECserver).
Hopefully some of these questions/ideas will help.
Randall Buck
MCS - Network Support
|