Solved

Netstorage and iFolder login problems

Posted on 2006-06-19
18
1,514 Views
Last Modified: 2008-03-17
I have a problem.  We are testing using iFolder for our students using the netstorage interface.  I have a student who can login to netstorage without a problem.  When they click on iFolder, it asks to set the passphrase a usual for logining in the first time.  When she tries to enter a new passphrase, she gets the following error.

Possible cause: NetStorage Authentication Domain setting may not be correct.
Possible cause: Passphrase form may be submitting to wrong server, port or protocol.
Possible cause: NetStorage Authentication domain not readwrite replica.
Please forward this information to your system administrator.

Everyone else seems to be logining in fine.  I had this problem with mine to start and I reset my account and it worked.  If I set the user up to use iFolder and then use the client it works fine.  Do you have any idea on how I can resolve this issue?

Thanks,

Jason
0
Comment
Question by:durham23jd
  • 7
  • 5
  • 5
  • +1
18 Comments
 
LVL 6

Expert Comment

by:engineer_dell
ID: 16938095
Hi Durham,

The 'iFolder Server' parameter must be set to the iFolder server's IP address and port number (port# is only specified if other than port 80)
- The 'Secure Port' setting must be set to the secure port number used by the NetStorage server and not the iFolder server.  (I.e. 51443 if Apache for NetStorage is listening on this port, otherwise it's 443

If you are using any previous version of iFolder 2.1.3 then you should Download it as it has resolved the issue where iFolder Passphrase cannot be set if the full DNS is not given for NetStorage access.

http://support.novell.com/cgi-bin/search/searchtid.cgi?2969386.htm
http://support.novell.com/cgi-bin/search/searchtid.cgi?10076634.htm

Regards,

Engineer_Dell
0
 

Author Comment

by:durham23jd
ID: 16941287
If this is the case, then why does everyone else's login work, but not this particular person?

Thanks,

Jason
0
 
LVL 6

Expert Comment

by:engineer_dell
ID: 16943354
If the user password assigned through the Add User page does not conform to the Active Directory password polices, creating users gives problems.

The account is created in the directory but is not activated. Activate the account with a valid password using Active Directory management tools. This enables the account for using iFolder.

HTH

Engineer_Dell
0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 

Author Comment

by:durham23jd
ID: 16943463
I am not using Active Directory, I am using Novell Directory Services.  Also we have a standard password scheme for each user when they are created so that should not be the issue.

Thanks,

Jason
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 16943932
Note that EE has a NetWare TA, which would probably be the best place for this --> http://www.experts-exchange.com/Networking/Netware/

I'm personally not familiar with iFolder, but I'm going to put a pointer Question in the NetWare TA to attrack the attention of folx who are.
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 16944511
I guess it would help if you'd tell us what version of NetWare, eDirectory and iFolder you're working with, to give us a reference point...
Support packs and patches would be nice to know, too.

That said, have you checked these TIDs?

http://support.novell.com/cgi-bin/search/searchtid.cgi?10075429.htm
http://support.novell.com/cgi-bin/search/searchtid.cgi?10075168.htm
0
 

Author Comment

by:durham23jd
ID: 16944953
Netware 6.5.5, eDirectory 8.7.3.7 SMP, iFolder 2.1.7.

Thanks,

Jason
0
 
LVL 6

Expert Comment

by:engineer_dell
ID: 16945564
Hi Jason,

When troubleshooting a NetStorage and Novell iFolder issue, it is important to first determine if it is a NetStorage problem or an iFolder problem. It is easy to spend a great deal of time working the problem from the NetStorage end only to find that the user cannot access iFolder directly. A few simple points can help speed the identification of the problem.

>Take NetStorage out of the equation. Make sure the User can successfully log into iFolder with the iFolder client or applet. If login is unsuccessful, the problem is with iFolder and should be addressed there. If the user successfully logs in to iFolder, begin troubleshooting the NetStorage application.

>Some problems are user-specific and some problems affect all users. For User Specific problems you should concentrate on particular user workstation and his ifolder client installation.

When a user logs in, the iFolder client authenticates to the iFolder server by sending the encrypted username and password through an Internet connection to the iFolder server. The iFolder server uses this information to verify that the user exists, and then checks to see if the User object has been enabled in the iFolder Management Console to use iFolder.

After the User object has been enabled, a user's iFolder account must be initialized on the iFolder server before the user can begin using iFolder on his or her local workstation. An iFolder account is initialized the first time a user logs in to the iFolder server with the iFolder client or NetStorage or with the iFolder Java applet. After the user account is created, the administrator can manage the account via the iFolder Management Console.

Here are some useful links for you,

http://www.novell.com/documentation/ifolder21/index.html?page=/documentation/ifolder21/admin/data/ac1inlo.html
http://www.novell.com/documentation/ifolder21/index.html
http://www.novell.com/documentation/nw65/index.html?page=/documentation/nw65/netstor/data/al14ccg.html

Hope this helps,

Engineer_Dell
0
 
LVL 35

Accepted Solution

by:
ShineOn earned 500 total points
ID: 16947143
Engineer_Dell: the original Question says "If I set the user up to use iFolder and then use the client it works fine."

That implies that the user's iFolder account is OK, and that the problem is in accessing iFolder through NetStorage, and it's related to setting the xtier passphrase.

durham23jd:  have you verified that the NetStorage proxy user has rights to add the "xTier-iFolderPassphrase" attribute to the affected student's user object?  If so, have you then tried deleting that attribute from that student's user object, as per TID 10075429?

Is this student's user object in the same context as the other students' user objects that successfully set the iFolder passphrase from NetStorage?  If so, then it's not likely an LDAP issue, unless there's a problem with the username using characters that are OK in eDirectory but are on the "reserved character" list for LDAP.
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 16948371
More on LDAP (since that's the authentication vehicle) - I could see LDAP possibly being an issue if the user (as I mentioned before) is in a different context than the users that work, if the LDAP server can't access that context for whatever reason, including the anonymous proxy user not having appropriate trustee rights.  That would be the LDAP proxy user, not the netstorage proxy user.  Make sure LDAP is configured so it can do a contextless search if the user isn't found in one of the configured netstorage authentication domain contexts.  Presuming you have configured a netstorage domain and added any contexts to it... ;)

If the user is in a different context, that also could be why the authentication domain errors are popping up - perhaps you neglected to add that context to the NetStorage authentication domain, which would preclude the need for ldap to do a contetxtless search.  See: http://support.novell.com/cgi-bin/search/searchtid.cgi?10081763.htm

For more info on the netstorage proxy user and its role, see  this tid: http://support.novell.com/cgi-bin/search/searchtid.cgi?10100945.htm
0
 

Author Comment

by:durham23jd
ID: 16950369
Ok, I think the proxy user may be my problem.  I took the default install on NetStorage so I am assuming that my Admin account is the proxy user.  I had to change my admin password and I think that is about the time problems started happening.  Now, how and where do I go to change this password in NetStorage so that the proxy user account will work again?

Thanks,

Jason
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 16951731
I think you can change it using NoRM, on NW6.5 anyway.  Choose the option to modify the NetWare registry, and navigate to the key:
"My Server\Software\Novell\XTier\Configuration\Xsrv" and modify the proxy user password key by erasing the encrypted value and putting the admin password in in clear-text, and when you restart the middle-tier server it'll re-encrypt the password.

You could, at that time, change both the user and the password to a user other than "admin" if you so desire.  You'd have to make sure the new proxy user ID has adequate rights to do everything the proxy user has to do, of course.  That's all spelled out in the TIDs too, IIRC.
0
 

Author Comment

by:durham23jd
ID: 16954204
Ok, I have changed the password, but I need to restart the server.  I am going to do this in the morning.  I will let everyone know how it goes.

Thanks,

Jason
0
 

Author Comment

by:durham23jd
ID: 16959044
Ok, that didn't work.  One thing that I am noticed is that when the new users try to login to the iFolder webaccess is that on the apache logger screen, it says that there is a login encryption mismatch.  Does that help anyone help me solve my problem?

Thanks,

Jason
0
 
LVL 6

Expert Comment

by:engineer_dell
ID: 16962450
Hi Jason,

This one probably applies to all versions of iFolder, at least up to 2.1.5. In the iFolder configuration file (in this case, httpd_ifolder_nw.conf), there are lines which call out the iFolder data volume and directory. Here is the example which led to this tip:

# iFolder Volume \ directory for user files
#
# Edit the iFolderServerRoot
# Edit the iFolderUserRoot (same as iFolderServerRoot, used by iFolderUser module)
# =================================
iFolderServerRoot IFOLDER:\iFolder
iFolderUserRoot IFOLDER:\iFolder

And the problem is simple, but subtle. The directory name you enter is CASE-SENSITIVE. The directory I had set up was ifolder, and when I renamed it to iFolder, everything started working.

I hope it helps,

Regards,

Engineer_Dell

---- Edited by ShineOn, Page Editor, NetWare/Linux:
---- This is cut-n-pasted verbatim from Craig Johnson's website: http://nscsysop.hypermart.net/ifolder.html
---- see Tip #23.
0
 
LVL 6

Expert Comment

by:engineer_dell
ID: 16962578
If you plan to use the encryption option for your iFolder user account, you must initialize the account by logging in for the first time while using the iFolder client or the Java applet. After the account is initialized, you can log in using the iFolder client, the Java applet, Novell NetStorage, or NetDrive.

If you attempt to initialize the account by logging in for the first time with Novell NetStorage, the account is set up as a clear text account with no encryption option. This occurs even if the administrator sets up encryption as a mandatory policy for all users. Unless your account is already set up for encryption, NetStorage does not offer you a passphrase entry option.

When you use NetStorage for the first time for an iFolder account with encryption, you must enter the passphrase. NetStorage might request the information two times. NetStorage stores the passphrase as an attribute of the User object in eDirectory. After that, NetStorage requests only a password during login.

HTH :)

Engineer_Dell

----- Edited by ShineOn, Page Editor, NetWare/Linux
----- Cut-n-pasted verbatim from the Novell iFolder 2.1 documentation, section 2.2.1:
----- http://www.novell.com/documentation/ifolder21/index.html?page=/documentation/ifolder21/readme/data/ajjl5us.html
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 16964414
durham23jd,

When you say "when the new users try to login..." do you mean it works fine for anyone you'd already had working, but whenever you add someone new it gives that error?

Any other errors when that happens?

What engineer_dell cut-n-pasted from the iFolder documentation may apply to this issue, if you're not first initializing the user's iFolder account through either the iFolder client or the java applet for iFolder access (not through NetStorage, but directly.)  

It ends up being an encryption thing, since they don't have an encrypted password stored by virtue of initializing their iFolder account through either the iFolder client or the java applet, and if mandatory encryption is set, the process won't find an encrypted password to match against in the user object...

You may need to set up a procedure where first-time login to iFolder is to be through the iFolder java applet, if you don't want to be installing the iFolder client on all the students' PC's.
0
 

Author Comment

by:durham23jd
ID: 16992128
The problem is resolved.  It was the proxyuser account.  Here is the TID I used to fix it.  

http://support.novell.com/cgi-bin/search/searchtid.cgi?10098297.htm

Thanks for all the help.

Jason
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Applying quotas on system paritions 4 84
PXE question 7 85
Windows 10 PRo Upgrade 21 81
URL to download Windows 10 Enterprise 64-bit .ISO 4 338
Occasionally Windows/Microsoft Updates will fail to update. We have found a code that will delete all temporary files and re-register all dll's related to Windows/Microsoft Updates! This works 99% of the time to get the updates working again! The…
In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question