network domain connection problem to unix

I have an application that we run from a unix server. On our current network domain we are able to launch a VB/Excel app and connect. Our new network domain cannot connect. We have checked the active directory groups and network settings.
Is it possible that something on the Unix side could be blocking us? Example: could it be that unix allows the first server because the IP address is stored somewhere as trusted?
BillTrAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AmolCommented:
how are you accessing the application from unix server...i mean is the unix server acting as a webserver and having apache?
0
BillTrAuthor Commented:
It's a client server type setup. I don't know how to tell if is using apache. We have an excel spreadsheet that calls an api. No web interface. Works from one netword domain, fails from the other.
0
BillTrAuthor Commented:
I do see apache directories in the /etc
0
Redefining Cyber Security w/ AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Join our webinar on Sept. 21st to learn more about leveraging AI and machine learning to protect your business.

RowleyCommented:
Do you know what port and the IP that your API is listening on? From the client, can you telnet to it? e.g.

telnet 192.168.1.100 8080

and if so, can you establish a connection? Could be a firewall, could be name resolution, could be routing, could be some internal security lookup within the api itself...amongst any number of other things.
0
BillTrAuthor Commented:
I think we're confident that it's not a firewall. They have telnet'd to that port, etc.
If I login with an ID from the old network domain it works. If I login with an ID from the new domain, it fails. This is on the same PC at my desk. We've gone through the application code to see if there's any authentication going on in the app itself and there is none. It looks like it has to be the domain that is the issue. We're going to see if we can get a sniffer on it today.

Since we are using active directory for authentication I wonder if something on the unix side has to be changed to allow for the new network domain. I get that impression when I google it. Would you know if something needs to be changed on the unix side?

Thx!
0
RowleyCommented:
OK - you've confirmed tcp connectivity. Can you confirm what process is listening on this port you can connect to on the unix server? Is it apache or something else? If its apache, you may well have some module performing lookups, kerberos authentication/SSO or something else.

What flavour of unix is this?


0
AmolCommented:
Can you tell us which flavour and version of unix you are using?
0
BillTrAuthor Commented:
Solaris.

I'm not an admin, so I don't know how to check for the listening process, but it does work on this port when the app calls from the old domain. The logins are not requiring a unix account on the old domain, so I'm guessing that it's not using kerberos (total guess, no knowledge here, been googling). Does something have to be setup on PAM or LDAP on the unix side to support a new domain?
0
AmolCommented:
"I do see apache directories in the /etc"

i think you are able to login to that server...can you type uname -a and let us know the output.

Also, can you check what is there in /etc/hosts file.
0
BillTrAuthor Commented:
SunOS theSeverName 5.10 Generic_138888-08 sun4u sparc SUNW,Sun-Fire-V890

I see 6 sets of IP addresses in the /etc/hosts file


0
BillTrAuthor Commented:
I did a check of ldap services (svcs \*ldap\*) and see it has a state of disabled.
0
RowleyCommented:
OK. Try running PCP with the argument of the port to find out what process is listening on that port:

pcp -p [port]

Post back the results.
0
RowleyCommented:
also, just try doing a "ps -ef | grep http" and see if that gives you anything too.
0
AmolCommented:
is any of your workstation or domain listed in /etc/hosts?
Also are you using windows ID to authenticate? Also, how is the excel spredsheet accessing the api on the unix server? is it accessing some application on unix or the application is accessing something from unix.
0
BillTrAuthor Commented:
I don't recognize the IP addresses in the etc/hosts, they c/b a router in my network or something though. It authenticates off of active directory, so I'm guessing that w/b the network login. The excel accesses the same way on both the old and new domain. It's the same physical file because I'm running from the same machine, just logging in with a different ID.



0
AmolCommented:
oh..so your n/w login is different. May be the api is authenticating with the n/w login. do the new login has rights to access the api on unix.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
BillTrAuthor Commented:
Thanks for the help!

The problem looks to be with the API application. They apparrently hardcoded the network domain into the code. They're working to add the other domain now, but are running into some SSL issues since the code is so old.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.