Symantec Access Management

  • Private Community

  • 1.  User is neither NT nor LDAP!!!

    Posted Jul 28, 2015 05:55 PM

    With R12.52 SP1 CR1 we are seeing below error in smps.log

     

    "User is neither NT nor LDAP!!!"

     

    Any idea what that error indicate? and what is the cause for policy server to log that error?

     

    Platform Details -

     

    OS - Windows 2008 R2

    Policy Server - R12.52 SP1 CR1

     

     

    Thanks,

    Chandra



  • 2.  Re: User is neither NT nor LDAP!!!

    Posted Jul 28, 2015 06:34 PM

    Hi Chandra,

     

    Sometimes this message is triggered by Advanced Password Services (APS). If you are not using APS, try disabling APS by renaming smaps.dll under <siteminder>\bin directory.

     

    Best regards,

    Kelly



  • 3.  Re: User is neither NT nor LDAP!!!

    Posted Jul 28, 2015 06:58 PM

    Hi Kelly,

     

    Thanks for the update.

     

    We are not using Advance Password Services (APS).  I will try renaming the DLL as suggested to see if that helps eliminate that error.

     

    Thanks,

    Chandra



  • 4.  Re: User is neither NT nor LDAP!!!
    Best Answer

    Posted Jul 29, 2015 03:17 AM

    Hi Chandra,

     

    It seems that you have enabled APS but not configured it ( that is not using it). It is easy to overlook this option while installing/configuring Policy server.

    There are couple of options to disable APS. You can read following thread for details : https://communities.ca.com/message/241694001#241694001

     

    Cheers,

    Ujwol Shrestha



  • 5.  Re: User is neither NT nor LDAP!!!

    Broadcom Employee
    Posted Feb 22, 2016 04:46 PM

    SiteMinder r12.52 sp2 on Windows 2012 R2.

    I have a user directory in the AD namespace that was working fine, but the directory definition only encompasses the US domain.  Customer requested that I create a new user directory definition that can access the AD Global Catalog.  I set up a separate user directory definition in the AD namespace.  I'm able to view records in this new directory which, like the original user directory, uses sAMAccountName as the universal ID.

     

    I redefined my policy domains to use the new directory and restarted policy servers and login servers.  My test domain is on the login server, but access fails with this error in smps.log:

     

    [4700/4384][Mon Feb 22 2016 15:03:37][SmAuthUser.cpp:692][ERROR][sm-Server-02740] [SM-APS-00117] User is neither NT nor LDAP!!!

     

    I tried Option 2 from the link above to disable APS, but the error still occurs.  And, when I reverted all my policy domains back to the original directory definition which had been working, I'm still getting the error even though I restarted all servers.  So, CA SSO is out of commission until this is resolved.

     

    Any idea what's going on?



  • 6.  Re: User is neither NT nor LDAP!!!

    Posted Feb 22, 2016 06:40 PM

    Hi Richard,

    As a summary of our webex session, the issue was resolved on renaming the SMAPS.dll file and then restarting the web agent & policy server.

    Thanks.