durham23jd
asked on
Netstorage and iFolder login problems
I have a problem. We are testing using iFolder for our students using the netstorage interface. I have a student who can login to netstorage without a problem. When they click on iFolder, it asks to set the passphrase a usual for logining in the first time. When she tries to enter a new passphrase, she gets the following error.
Possible cause: NetStorage Authentication Domain setting may not be correct.
Possible cause: Passphrase form may be submitting to wrong server, port or protocol.
Possible cause: NetStorage Authentication domain not readwrite replica.
Please forward this information to your system administrator.
Everyone else seems to be logining in fine. I had this problem with mine to start and I reset my account and it worked. If I set the user up to use iFolder and then use the client it works fine. Do you have any idea on how I can resolve this issue?
Thanks,
Jason
Possible cause: NetStorage Authentication Domain setting may not be correct.
Possible cause: Passphrase form may be submitting to wrong server, port or protocol.
Possible cause: NetStorage Authentication domain not readwrite replica.
Please forward this information to your system administrator.
Everyone else seems to be logining in fine. I had this problem with mine to start and I reset my account and it worked. If I set the user up to use iFolder and then use the client it works fine. Do you have any idea on how I can resolve this issue?
Thanks,
Jason
ASKER
If this is the case, then why does everyone else's login work, but not this particular person?
Thanks,
Jason
Thanks,
Jason
If the user password assigned through the Add User page does not conform to the Active Directory password polices, creating users gives problems.
The account is created in the directory but is not activated. Activate the account with a valid password using Active Directory management tools. This enables the account for using iFolder.
HTH
Engineer_Dell
The account is created in the directory but is not activated. Activate the account with a valid password using Active Directory management tools. This enables the account for using iFolder.
HTH
Engineer_Dell
ASKER
I am not using Active Directory, I am using Novell Directory Services. Also we have a standard password scheme for each user when they are created so that should not be the issue.
Thanks,
Jason
Thanks,
Jason
Note that EE has a NetWare TA, which would probably be the best place for this --> https://www.experts-exchange.com/Networking/Netware/
I'm personally not familiar with iFolder, but I'm going to put a pointer Question in the NetWare TA to attrack the attention of folx who are.
I'm personally not familiar with iFolder, but I'm going to put a pointer Question in the NetWare TA to attrack the attention of folx who are.
I guess it would help if you'd tell us what version of NetWare, eDirectory and iFolder you're working with, to give us a reference point...
Support packs and patches would be nice to know, too.
That said, have you checked these TIDs?
http://support.novell.com/cgi-bin/search/searchtid.cgi?10075429.htm
http://support.novell.com/cgi-bin/search/searchtid.cgi?10075168.htm
Support packs and patches would be nice to know, too.
That said, have you checked these TIDs?
http://support.novell.com/cgi-bin/search/searchtid.cgi?10075429.htm
http://support.novell.com/cgi-bin/search/searchtid.cgi?10075168.htm
ASKER
Netware 6.5.5, eDirectory 8.7.3.7 SMP, iFolder 2.1.7.
Thanks,
Jason
Thanks,
Jason
Hi Jason,
When troubleshooting a NetStorage and Novell iFolder issue, it is important to first determine if it is a NetStorage problem or an iFolder problem. It is easy to spend a great deal of time working the problem from the NetStorage end only to find that the user cannot access iFolder directly. A few simple points can help speed the identification of the problem.
>Take NetStorage out of the equation. Make sure the User can successfully log into iFolder with the iFolder client or applet. If login is unsuccessful, the problem is with iFolder and should be addressed there. If the user successfully logs in to iFolder, begin troubleshooting the NetStorage application.
>Some problems are user-specific and some problems affect all users. For User Specific problems you should concentrate on particular user workstation and his ifolder client installation.
When a user logs in, the iFolder client authenticates to the iFolder server by sending the encrypted username and password through an Internet connection to the iFolder server. The iFolder server uses this information to verify that the user exists, and then checks to see if the User object has been enabled in the iFolder Management Console to use iFolder.
After the User object has been enabled, a user's iFolder account must be initialized on the iFolder server before the user can begin using iFolder on his or her local workstation. An iFolder account is initialized the first time a user logs in to the iFolder server with the iFolder client or NetStorage or with the iFolder Java applet. After the user account is created, the administrator can manage the account via the iFolder Management Console.
Here are some useful links for you,
http://www.novell.com/documentation/ifolder21/index.html?page=/documentation/ifolder21/admin/data/ac1inlo.html
http://www.novell.com/documentation/ifolder21/index.html
http://www.novell.com/documentation/nw65/index.html?page=/documentation/nw65/netstor/data/al14ccg.html
Hope this helps,
Engineer_Dell
When troubleshooting a NetStorage and Novell iFolder issue, it is important to first determine if it is a NetStorage problem or an iFolder problem. It is easy to spend a great deal of time working the problem from the NetStorage end only to find that the user cannot access iFolder directly. A few simple points can help speed the identification of the problem.
>Take NetStorage out of the equation. Make sure the User can successfully log into iFolder with the iFolder client or applet. If login is unsuccessful, the problem is with iFolder and should be addressed there. If the user successfully logs in to iFolder, begin troubleshooting the NetStorage application.
>Some problems are user-specific and some problems affect all users. For User Specific problems you should concentrate on particular user workstation and his ifolder client installation.
When a user logs in, the iFolder client authenticates to the iFolder server by sending the encrypted username and password through an Internet connection to the iFolder server. The iFolder server uses this information to verify that the user exists, and then checks to see if the User object has been enabled in the iFolder Management Console to use iFolder.
After the User object has been enabled, a user's iFolder account must be initialized on the iFolder server before the user can begin using iFolder on his or her local workstation. An iFolder account is initialized the first time a user logs in to the iFolder server with the iFolder client or NetStorage or with the iFolder Java applet. After the user account is created, the administrator can manage the account via the iFolder Management Console.
Here are some useful links for you,
http://www.novell.com/documentation/ifolder21/index.html?page=/documentation/ifolder21/admin/data/ac1inlo.html
http://www.novell.com/documentation/ifolder21/index.html
http://www.novell.com/documentation/nw65/index.html?page=/documentation/nw65/netstor/data/al14ccg.html
Hope this helps,
Engineer_Dell
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
More on LDAP (since that's the authentication vehicle) - I could see LDAP possibly being an issue if the user (as I mentioned before) is in a different context than the users that work, if the LDAP server can't access that context for whatever reason, including the anonymous proxy user not having appropriate trustee rights. That would be the LDAP proxy user, not the netstorage proxy user. Make sure LDAP is configured so it can do a contextless search if the user isn't found in one of the configured netstorage authentication domain contexts. Presuming you have configured a netstorage domain and added any contexts to it... ;)
If the user is in a different context, that also could be why the authentication domain errors are popping up - perhaps you neglected to add that context to the NetStorage authentication domain, which would preclude the need for ldap to do a contetxtless search. See: http://support.novell.com/cgi-bin/search/searchtid.cgi?10081763.htm
For more info on the netstorage proxy user and its role, see this tid: http://support.novell.com/cgi-bin/search/searchtid.cgi?10100945.htm
If the user is in a different context, that also could be why the authentication domain errors are popping up - perhaps you neglected to add that context to the NetStorage authentication domain, which would preclude the need for ldap to do a contetxtless search. See: http://support.novell.com/cgi-bin/search/searchtid.cgi?10081763.htm
For more info on the netstorage proxy user and its role, see this tid: http://support.novell.com/cgi-bin/search/searchtid.cgi?10100945.htm
ASKER
Ok, I think the proxy user may be my problem. I took the default install on NetStorage so I am assuming that my Admin account is the proxy user. I had to change my admin password and I think that is about the time problems started happening. Now, how and where do I go to change this password in NetStorage so that the proxy user account will work again?
Thanks,
Jason
Thanks,
Jason
I think you can change it using NoRM, on NW6.5 anyway. Choose the option to modify the NetWare registry, and navigate to the key:
"My Server\Software\Novell\XTi
You could, at that time, change both the user and the password to a user other than "admin" if you so desire. You'd have to make sure the new proxy user ID has adequate rights to do everything the proxy user has to do, of course. That's all spelled out in the TIDs too, IIRC.
"My Server\Software\Novell\XTi
You could, at that time, change both the user and the password to a user other than "admin" if you so desire. You'd have to make sure the new proxy user ID has adequate rights to do everything the proxy user has to do, of course. That's all spelled out in the TIDs too, IIRC.
ASKER
Ok, I have changed the password, but I need to restart the server. I am going to do this in the morning. I will let everyone know how it goes.
Thanks,
Jason
Thanks,
Jason
ASKER
Ok, that didn't work. One thing that I am noticed is that when the new users try to login to the iFolder webaccess is that on the apache logger screen, it says that there is a login encryption mismatch. Does that help anyone help me solve my problem?
Thanks,
Jason
Thanks,
Jason
Hi Jason,
This one probably applies to all versions of iFolder, at least up to 2.1.5. In the iFolder configuration file (in this case, httpd_ifolder_nw.conf), there are lines which call out the iFolder data volume and directory. Here is the example which led to this tip:
# iFolder Volume \ directory for user files
#
# Edit the iFolderServerRoot
# Edit the iFolderUserRoot (same as iFolderServerRoot, used by iFolderUser module)
# ==========================
iFolderServerRoot IFOLDER:\iFolder
iFolderUserRoot IFOLDER:\iFolder
And the problem is simple, but subtle. The directory name you enter is CASE-SENSITIVE. The directory I had set up was ifolder, and when I renamed it to iFolder, everything started working.
I hope it helps,
Regards,
Engineer_Dell
---- Edited by ShineOn, Page Editor, NetWare/Linux:
---- This is cut-n-pasted verbatim from Craig Johnson's website: http://nscsysop.hypermart.net/ifolder.html
---- see Tip #23.
This one probably applies to all versions of iFolder, at least up to 2.1.5. In the iFolder configuration file (in this case, httpd_ifolder_nw.conf), there are lines which call out the iFolder data volume and directory. Here is the example which led to this tip:
# iFolder Volume \ directory for user files
#
# Edit the iFolderServerRoot
# Edit the iFolderUserRoot (same as iFolderServerRoot, used by iFolderUser module)
# ==========================
iFolderServerRoot IFOLDER:\iFolder
iFolderUserRoot IFOLDER:\iFolder
And the problem is simple, but subtle. The directory name you enter is CASE-SENSITIVE. The directory I had set up was ifolder, and when I renamed it to iFolder, everything started working.
I hope it helps,
Regards,
Engineer_Dell
---- Edited by ShineOn, Page Editor, NetWare/Linux:
---- This is cut-n-pasted verbatim from Craig Johnson's website: http://nscsysop.hypermart.net/ifolder.html
---- see Tip #23.
If you plan to use the encryption option for your iFolder user account, you must initialize the account by logging in for the first time while using the iFolder client or the Java applet. After the account is initialized, you can log in using the iFolder client, the Java applet, Novell NetStorage, or NetDrive.
If you attempt to initialize the account by logging in for the first time with Novell NetStorage, the account is set up as a clear text account with no encryption option. This occurs even if the administrator sets up encryption as a mandatory policy for all users. Unless your account is already set up for encryption, NetStorage does not offer you a passphrase entry option.
When you use NetStorage for the first time for an iFolder account with encryption, you must enter the passphrase. NetStorage might request the information two times. NetStorage stores the passphrase as an attribute of the User object in eDirectory. After that, NetStorage requests only a password during login.
HTH :)
Engineer_Dell
----- Edited by ShineOn, Page Editor, NetWare/Linux
----- Cut-n-pasted verbatim from the Novell iFolder 2.1 documentation, section 2.2.1:
----- http://www.novell.com/documentation/ifolder21/index.html?page=/documentation/ifolder21/readme/data/ajjl5us.html
If you attempt to initialize the account by logging in for the first time with Novell NetStorage, the account is set up as a clear text account with no encryption option. This occurs even if the administrator sets up encryption as a mandatory policy for all users. Unless your account is already set up for encryption, NetStorage does not offer you a passphrase entry option.
When you use NetStorage for the first time for an iFolder account with encryption, you must enter the passphrase. NetStorage might request the information two times. NetStorage stores the passphrase as an attribute of the User object in eDirectory. After that, NetStorage requests only a password during login.
HTH :)
Engineer_Dell
----- Edited by ShineOn, Page Editor, NetWare/Linux
----- Cut-n-pasted verbatim from the Novell iFolder 2.1 documentation, section 2.2.1:
----- http://www.novell.com/documentation/ifolder21/index.html?page=/documentation/ifolder21/readme/data/ajjl5us.html
durham23jd,
When you say "when the new users try to login..." do you mean it works fine for anyone you'd already had working, but whenever you add someone new it gives that error?
Any other errors when that happens?
What engineer_dell cut-n-pasted from the iFolder documentation may apply to this issue, if you're not first initializing the user's iFolder account through either the iFolder client or the java applet for iFolder access (not through NetStorage, but directly.)
It ends up being an encryption thing, since they don't have an encrypted password stored by virtue of initializing their iFolder account through either the iFolder client or the java applet, and if mandatory encryption is set, the process won't find an encrypted password to match against in the user object...
You may need to set up a procedure where first-time login to iFolder is to be through the iFolder java applet, if you don't want to be installing the iFolder client on all the students' PC's.
When you say "when the new users try to login..." do you mean it works fine for anyone you'd already had working, but whenever you add someone new it gives that error?
Any other errors when that happens?
What engineer_dell cut-n-pasted from the iFolder documentation may apply to this issue, if you're not first initializing the user's iFolder account through either the iFolder client or the java applet for iFolder access (not through NetStorage, but directly.)
It ends up being an encryption thing, since they don't have an encrypted password stored by virtue of initializing their iFolder account through either the iFolder client or the java applet, and if mandatory encryption is set, the process won't find an encrypted password to match against in the user object...
You may need to set up a procedure where first-time login to iFolder is to be through the iFolder java applet, if you don't want to be installing the iFolder client on all the students' PC's.
ASKER
The problem is resolved. It was the proxyuser account. Here is the TID I used to fix it.
http://support.novell.com/cgi-bin/search/searchtid.cgi?10098297.htm
Thanks for all the help.
Jason
http://support.novell.com/cgi-bin/search/searchtid.cgi?10098297.htm
Thanks for all the help.
Jason
The 'iFolder Server' parameter must be set to the iFolder server's IP address and port number (port# is only specified if other than port 80)
- The 'Secure Port' setting must be set to the secure port number used by the NetStorage server and not the iFolder server. (I.e. 51443 if Apache for NetStorage is listening on this port, otherwise it's 443
If you are using any previous version of iFolder 2.1.3 then you should Download it as it has resolved the issue where iFolder Passphrase cannot be set if the full DNS is not given for NetStorage access.
http://support.novell.com/cgi-bin/search/searchtid.cgi?2969386.htm
http://support.novell.com/cgi-bin/search/searchtid.cgi?10076634.htm
Regards,
Engineer_Dell