Solved

Netstorage and iFolder login problems

Posted on 2006-06-19
18
1,508 Views
Last Modified: 2008-03-17
I have a problem.  We are testing using iFolder for our students using the netstorage interface.  I have a student who can login to netstorage without a problem.  When they click on iFolder, it asks to set the passphrase a usual for logining in the first time.  When she tries to enter a new passphrase, she gets the following error.

Possible cause: NetStorage Authentication Domain setting may not be correct.
Possible cause: Passphrase form may be submitting to wrong server, port or protocol.
Possible cause: NetStorage Authentication domain not readwrite replica.
Please forward this information to your system administrator.

Everyone else seems to be logining in fine.  I had this problem with mine to start and I reset my account and it worked.  If I set the user up to use iFolder and then use the client it works fine.  Do you have any idea on how I can resolve this issue?

Thanks,

Jason
0
Comment
Question by:durham23jd
  • 7
  • 5
  • 5
  • +1
18 Comments
 
LVL 6

Expert Comment

by:engineer_dell
Comment Utility
Hi Durham,

The 'iFolder Server' parameter must be set to the iFolder server's IP address and port number (port# is only specified if other than port 80)
- The 'Secure Port' setting must be set to the secure port number used by the NetStorage server and not the iFolder server.  (I.e. 51443 if Apache for NetStorage is listening on this port, otherwise it's 443

If you are using any previous version of iFolder 2.1.3 then you should Download it as it has resolved the issue where iFolder Passphrase cannot be set if the full DNS is not given for NetStorage access.

http://support.novell.com/cgi-bin/search/searchtid.cgi?2969386.htm
http://support.novell.com/cgi-bin/search/searchtid.cgi?10076634.htm

Regards,

Engineer_Dell
0
 

Author Comment

by:durham23jd
Comment Utility
If this is the case, then why does everyone else's login work, but not this particular person?

Thanks,

Jason
0
 
LVL 6

Expert Comment

by:engineer_dell
Comment Utility
If the user password assigned through the Add User page does not conform to the Active Directory password polices, creating users gives problems.

The account is created in the directory but is not activated. Activate the account with a valid password using Active Directory management tools. This enables the account for using iFolder.

HTH

Engineer_Dell
0
 

Author Comment

by:durham23jd
Comment Utility
I am not using Active Directory, I am using Novell Directory Services.  Also we have a standard password scheme for each user when they are created so that should not be the issue.

Thanks,

Jason
0
 
LVL 34

Expert Comment

by:PsiCop
Comment Utility
Note that EE has a NetWare TA, which would probably be the best place for this --> http://www.experts-exchange.com/Networking/Netware/

I'm personally not familiar with iFolder, but I'm going to put a pointer Question in the NetWare TA to attrack the attention of folx who are.
0
 
LVL 35

Expert Comment

by:ShineOn
Comment Utility
I guess it would help if you'd tell us what version of NetWare, eDirectory and iFolder you're working with, to give us a reference point...
Support packs and patches would be nice to know, too.

That said, have you checked these TIDs?

http://support.novell.com/cgi-bin/search/searchtid.cgi?10075429.htm
http://support.novell.com/cgi-bin/search/searchtid.cgi?10075168.htm
0
 

Author Comment

by:durham23jd
Comment Utility
Netware 6.5.5, eDirectory 8.7.3.7 SMP, iFolder 2.1.7.

Thanks,

Jason
0
 
LVL 6

Expert Comment

by:engineer_dell
Comment Utility
Hi Jason,

When troubleshooting a NetStorage and Novell iFolder issue, it is important to first determine if it is a NetStorage problem or an iFolder problem. It is easy to spend a great deal of time working the problem from the NetStorage end only to find that the user cannot access iFolder directly. A few simple points can help speed the identification of the problem.

>Take NetStorage out of the equation. Make sure the User can successfully log into iFolder with the iFolder client or applet. If login is unsuccessful, the problem is with iFolder and should be addressed there. If the user successfully logs in to iFolder, begin troubleshooting the NetStorage application.

>Some problems are user-specific and some problems affect all users. For User Specific problems you should concentrate on particular user workstation and his ifolder client installation.

When a user logs in, the iFolder client authenticates to the iFolder server by sending the encrypted username and password through an Internet connection to the iFolder server. The iFolder server uses this information to verify that the user exists, and then checks to see if the User object has been enabled in the iFolder Management Console to use iFolder.

After the User object has been enabled, a user's iFolder account must be initialized on the iFolder server before the user can begin using iFolder on his or her local workstation. An iFolder account is initialized the first time a user logs in to the iFolder server with the iFolder client or NetStorage or with the iFolder Java applet. After the user account is created, the administrator can manage the account via the iFolder Management Console.

Here are some useful links for you,

http://www.novell.com/documentation/ifolder21/index.html?page=/documentation/ifolder21/admin/data/ac1inlo.html
http://www.novell.com/documentation/ifolder21/index.html
http://www.novell.com/documentation/nw65/index.html?page=/documentation/nw65/netstor/data/al14ccg.html

Hope this helps,

Engineer_Dell
0
 
LVL 35

Accepted Solution

by:
ShineOn earned 500 total points
Comment Utility
Engineer_Dell: the original Question says "If I set the user up to use iFolder and then use the client it works fine."

That implies that the user's iFolder account is OK, and that the problem is in accessing iFolder through NetStorage, and it's related to setting the xtier passphrase.

durham23jd:  have you verified that the NetStorage proxy user has rights to add the "xTier-iFolderPassphrase" attribute to the affected student's user object?  If so, have you then tried deleting that attribute from that student's user object, as per TID 10075429?

Is this student's user object in the same context as the other students' user objects that successfully set the iFolder passphrase from NetStorage?  If so, then it's not likely an LDAP issue, unless there's a problem with the username using characters that are OK in eDirectory but are on the "reserved character" list for LDAP.
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 35

Expert Comment

by:ShineOn
Comment Utility
More on LDAP (since that's the authentication vehicle) - I could see LDAP possibly being an issue if the user (as I mentioned before) is in a different context than the users that work, if the LDAP server can't access that context for whatever reason, including the anonymous proxy user not having appropriate trustee rights.  That would be the LDAP proxy user, not the netstorage proxy user.  Make sure LDAP is configured so it can do a contextless search if the user isn't found in one of the configured netstorage authentication domain contexts.  Presuming you have configured a netstorage domain and added any contexts to it... ;)

If the user is in a different context, that also could be why the authentication domain errors are popping up - perhaps you neglected to add that context to the NetStorage authentication domain, which would preclude the need for ldap to do a contetxtless search.  See: http://support.novell.com/cgi-bin/search/searchtid.cgi?10081763.htm

For more info on the netstorage proxy user and its role, see  this tid: http://support.novell.com/cgi-bin/search/searchtid.cgi?10100945.htm
0
 

Author Comment

by:durham23jd
Comment Utility
Ok, I think the proxy user may be my problem.  I took the default install on NetStorage so I am assuming that my Admin account is the proxy user.  I had to change my admin password and I think that is about the time problems started happening.  Now, how and where do I go to change this password in NetStorage so that the proxy user account will work again?

Thanks,

Jason
0
 
LVL 35

Expert Comment

by:ShineOn
Comment Utility
I think you can change it using NoRM, on NW6.5 anyway.  Choose the option to modify the NetWare registry, and navigate to the key:
"My Server\Software\Novell\XTier\Configuration\Xsrv" and modify the proxy user password key by erasing the encrypted value and putting the admin password in in clear-text, and when you restart the middle-tier server it'll re-encrypt the password.

You could, at that time, change both the user and the password to a user other than "admin" if you so desire.  You'd have to make sure the new proxy user ID has adequate rights to do everything the proxy user has to do, of course.  That's all spelled out in the TIDs too, IIRC.
0
 

Author Comment

by:durham23jd
Comment Utility
Ok, I have changed the password, but I need to restart the server.  I am going to do this in the morning.  I will let everyone know how it goes.

Thanks,

Jason
0
 

Author Comment

by:durham23jd
Comment Utility
Ok, that didn't work.  One thing that I am noticed is that when the new users try to login to the iFolder webaccess is that on the apache logger screen, it says that there is a login encryption mismatch.  Does that help anyone help me solve my problem?

Thanks,

Jason
0
 
LVL 6

Expert Comment

by:engineer_dell
Comment Utility
Hi Jason,

This one probably applies to all versions of iFolder, at least up to 2.1.5. In the iFolder configuration file (in this case, httpd_ifolder_nw.conf), there are lines which call out the iFolder data volume and directory. Here is the example which led to this tip:

# iFolder Volume \ directory for user files
#
# Edit the iFolderServerRoot
# Edit the iFolderUserRoot (same as iFolderServerRoot, used by iFolderUser module)
# =================================
iFolderServerRoot IFOLDER:\iFolder
iFolderUserRoot IFOLDER:\iFolder

And the problem is simple, but subtle. The directory name you enter is CASE-SENSITIVE. The directory I had set up was ifolder, and when I renamed it to iFolder, everything started working.

I hope it helps,

Regards,

Engineer_Dell

---- Edited by ShineOn, Page Editor, NetWare/Linux:
---- This is cut-n-pasted verbatim from Craig Johnson's website: http://nscsysop.hypermart.net/ifolder.html
---- see Tip #23.
0
 
LVL 6

Expert Comment

by:engineer_dell
Comment Utility
If you plan to use the encryption option for your iFolder user account, you must initialize the account by logging in for the first time while using the iFolder client or the Java applet. After the account is initialized, you can log in using the iFolder client, the Java applet, Novell NetStorage, or NetDrive.

If you attempt to initialize the account by logging in for the first time with Novell NetStorage, the account is set up as a clear text account with no encryption option. This occurs even if the administrator sets up encryption as a mandatory policy for all users. Unless your account is already set up for encryption, NetStorage does not offer you a passphrase entry option.

When you use NetStorage for the first time for an iFolder account with encryption, you must enter the passphrase. NetStorage might request the information two times. NetStorage stores the passphrase as an attribute of the User object in eDirectory. After that, NetStorage requests only a password during login.

HTH :)

Engineer_Dell

----- Edited by ShineOn, Page Editor, NetWare/Linux
----- Cut-n-pasted verbatim from the Novell iFolder 2.1 documentation, section 2.2.1:
----- http://www.novell.com/documentation/ifolder21/index.html?page=/documentation/ifolder21/readme/data/ajjl5us.html
0
 
LVL 35

Expert Comment

by:ShineOn
Comment Utility
durham23jd,

When you say "when the new users try to login..." do you mean it works fine for anyone you'd already had working, but whenever you add someone new it gives that error?

Any other errors when that happens?

What engineer_dell cut-n-pasted from the iFolder documentation may apply to this issue, if you're not first initializing the user's iFolder account through either the iFolder client or the java applet for iFolder access (not through NetStorage, but directly.)  

It ends up being an encryption thing, since they don't have an encrypted password stored by virtue of initializing their iFolder account through either the iFolder client or the java applet, and if mandatory encryption is set, the process won't find an encrypted password to match against in the user object...

You may need to set up a procedure where first-time login to iFolder is to be through the iFolder java applet, if you don't want to be installing the iFolder client on all the students' PC's.
0
 

Author Comment

by:durham23jd
Comment Utility
The problem is resolved.  It was the proxyuser account.  Here is the TID I used to fix it.  

http://support.novell.com/cgi-bin/search/searchtid.cgi?10098297.htm

Thanks for all the help.

Jason
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
#Citrix #POC #XenDesktop #vCenter #VMware #ESX
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now