Problems installing an iFolder slave server

Hi,

I have an iFolder 3.8.4.0 master server configured and working with an
AD server.  I am now trying to add a second iFolder server as a slave in
this iFolder domain.  I'm running simias-server-setup and choosing "Y"
when I get to the "Slave Server?" prompt.  I'm putting in the same
iFolder admin user and proxy user and passwords that I used for the
master server.  However, I get a failure at the end that indicates a
credential error.  Since the conversation is SSL-encrypted, I can't get
much useful information in a WireShark trace.  I should note on this
same server, if I configure it as another master, it works perfectly
against the AD server with SSL, so I'd have to believe the SSL cert for
the AD server is properly imported.  Is there any type of debug logging
I can enable or more detailed output tracing I can do to determine why
this is failing?

Here is the error at the end of the simias-server-setup script:


----------- excerpt ---------------------

Ldap certificate :

Mono Certificate Manager - version 2.6.4.0
Manage X.509 certificates and CRL from stores.
Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell.
BSD licensed.


X.509 Certificate v3
Issued from: DC=local, DC=wwt, DC=test, CN=testad1
Issued to:   CN=TESTAD1.test.wwt.local
Valid from:  02/06/2012 05:20:54
Valid until: 02/05/2013 05:20:54


----- ACCEPT LDAP CERTIFICATE -----


Accept LDAP Certificate? [Y]:
Done
Connecting to ldaps://10.2.2.164/...
at Novell.Directory.Ldap.LdapResponse.chkResultCode () [0x00000] in
<filename unknown>:0
at Novell.Directory.Ldap.LdapConnection.chkResultCode
(Novell.Directory.Ldap.LdapMessageQueue queue,
Novell.Directory.Ldap.LdapConstraints cons,
Novell.Directory.Ldap.LdapResponse response) [0x00000] in <filename
unknown>:0
at Novell.Directory.Ldap.LdapConnection.Bind (Int32 version,
System.String dn, System.SByte[] passwd,
Novell.Directory.Ldap.LdapConstraints cons) [0x00000] in <filename
unknown>:0
at Novell.Directory.Ldap.LdapConnection.Bind (Int32 version,
System.String dn, System.String passwd,
Novell.Directory.Ldap.LdapConstraints cons) [0x00000] in <filename
unknown>:0
at Novell.Directory.Ldap.LdapConnection.Bind (System.String dn,
System.String passwd, AuthenticationTypes authenticationTypes) [0x00000]
in <filename unknown>:0
at Novell.Directory.Ldap.LdapConnection.Bind (System.String dn,
System.String passwd) [0x00000] in <filename unknown>:0
at Novell.iFolder.Utility.LdapUtility.Connect () [0x00000] in
<filename unknown>:0
at Novell.iFolder.SimiasServerSetup.SetupLdap () [0x00000] in
<filename unknown>:0
Removing slave from master
Url https://testif1.wwt.com/simias10/HostAdmin.asmx
Url https://testif1.wwt.com/simias10/DomainService.asmx
Failed

LdapException: (49) Invalid Credentials
LdapException: Server Message: 80090308: LdapErr: DSID-0C0903AA,
comment: AcceptSecurityContext error, data 525, v1772
LdapException: Matched DN:
at Novell.Directory.Ldap.LdapResponse.chkResultCode () [0x00000] in
<filename unknown>:0
at Novell.Directory.Ldap.LdapConnection.chkResultCode
(Novell.Directory.Ldap.LdapMessageQueue queue,
Novell.Directory.Ldap.LdapConstraints cons,
Novell.Directory.Ldap.LdapResponse response) [0x00000] in <filename
unknown>:0
at Novell.Directory.Ldap.LdapConnection.Bind (Int32 version,
System.String dn, System.SByte[] passwd,
Novell.Directory.Ldap.LdapConstraints cons) [0x00000] in <filename
unknown>:0
at Novell.Directory.Ldap.LdapConnection.Bind (Int32 version,
System.String dn, System.String passwd,
Novell.Directory.Ldap.LdapConstraints cons) [0x00000] in <filename
unknown>:0
at Novell.Directory.Ldap.LdapConnection.Bind (System.String dn,
System.String passwd, AuthenticationTypes authenticationTypes) [0x00000]
in <filename unknown>:0
at Novell.Directory.Ldap.LdapConnection.Bind (System.String dn,
System.String passwd) [0x00000] in <filename unknown>:0
at Novell.iFolder.Utility.LdapUtility.Connect () [0x00000] in
<filename unknown>:0
at Novell.iFolder.SimiasServerSetup.SetupLdap () [0x00000] in
<filename unknown>:0

FAILED

---------------------------------------

In troubleshooting this error, I've noticed that when I re-run the
simias-server-setup and point to the existing location of the
Simias.config file that was partially created, when it gets to the point
where it asks the admin user dn, it inserts an additional "dc=test" in
the string below when it auto-suggests the admin user in [brackets]:

cn=ifadmin,cn=Users,dc=test,dc=test,dc=wwt,dc=local

I found this line in the master server's Simias.config file and
corrected it to reflect the proper dn for the ifadmin user:

cn=ifadmin,cn=Users,dc=test,dc=wwt,dc=local

I then re-ran the simais-server-setup, and this time it auto-suggested
the correct path, however it fails with a different error that states
the admin user is in an invalid context, and it shows the "cn" of Users
as an "ou":

cn=ifadmin,ou=Users,dc=test,dc=wwt,dc=local

So something is different between the master and slave configuration in
the setup program, but I can't tell what I need to enter to make it
work.  Any suggestions would be greatly appreciated!!

Best regards,
Greg


-- 
palumbog
------------------------------------------------------------------------



0
palumbog
3/24/2012 3:26:02 AM
novell.support.ifolder 4327 articles. 0 followers. Follow

2 Replies
684 Views

Similar Articles

[PageSpeed] 55

palumbog,

It appears that in the past few days you have not received a response to your 
posting.  That concerns us, and has triggered this automated reply.

Has your problem been resolved? If not, you might try one of the following options:
 
- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the 
correct newsgroup. (http://forums.novell.com)

Be sure to read the forum FAQ about what to expect in the way of responses:  
http://forums.novell.com/faq.php

If this is a reply to a duplicate posting, please ignore and accept our apologies 
and rest assured we will issue a stern reprimand to our posting bot.

Good luck!

Your Novell Product Support Forums Team
http://forums.novell.com/

0
Automatic
3/28/2012 7:01:33 PM
I was eventually able to resolve this issue myself.  In an effort to
help someone else if they should have the same problem, I will relay the
details.  What I ended up doing is opening the port in my firewall
between the iFolder server and the AD server to allow LDAP cleartext
(389) and then running a WireShark trace on the AD server to see what
was actually going on.  As is typical with software installation
problems, the problem turned out to be rather simple, however the logs
didn't really give enough detail as to what was failing (see above,
which is all I got when it failed).

I had already found out anecdotally when re-running the install script
that I had one typo in the master iFolder server's Simias.config file
(an extra "dc=test" somehow got inserted into the path of the "iFolder
admin user" (ifadmin in our case)):

-cn=ifadmin,cn=Users,dc=test,dc=test,dc=wwt,dc=local

I found this line in the master server's Simias.config file and
corrected it to reflect the proper dn for the ifadmin user:

cn=ifadmin,cn=Users,dc=test,dc=wwt,dc=local

I then re-ran the Simias-server-setup, and this time it auto-suggested
the correct path, however it fails with a different error that states
the admin user is in an invalid context, and it shows the "cn" of Users
as an "ou":

cn=ifadmin,ou=Users,dc=test,dc=wwt,dc=local-

What I didn't see until I did the wireshark trace is that after the
slave server contacts the master server on it's SOAP URL, it pulls down
the LDAP search contexts that are configured on the master, and it then
tries to verify each one against the LDAP server.  If it gets to one
that does not verify, it bails and ends with the "LDAP Credentials"
error seen on my earlier post.  The thing I was confused on, is the
"second" error shown just above, where it changes "cn=Users" to
"ou=Users" in the dn for the ifadmin user.  That turned out to be
another line in the LDAP search contexts pulled from the master's
Simias.config file.  That was configured in the file as
"ou=Users,dc=test,dc=wwt,dc=local".  Someone familiar with LDAP and
eDirectory, like myself, won't immediately find anything wrong with
that, since "users" is a container, and in our way of thinking really is
an "OU".  For AD, for whatever stupid reason, Microsoft decided that the
"users" container is a "CN", whereas the "groups" container is an "OU". 
Nice consistency.  My Master server worked with this typo, because we
don't have any production users under the "CN=users..." container
(except ifadmin, which is called out by FQDN earlier in the config
file), so it never needs to search in that container anyway.  In the
WireShark trace, you could see the AD server failing on validation of
that OU (err, I mean CN) of "Users", and that is where the
simias-server-setup script bombed.  An extra properly-worded line of
explanation in the setup script would have prevented a few hours of
hair-pulling, but at least it's working now.  Hope it helps someone in
the future.

Best regards,
Greg


-- 
palumbog
------------------------------------------------------------------------
palumbog's Profile: http://forums.novell.com/member.php?userid=9374
View this thread: http://forums.novell.com/showthread.php?t=453861

0
palumbog
3/28/2012 9:36:01 PM
Reply:

Similar Artilces:

iFolder v.3 ifolders within an ifolder v.2x ifolder
Are there any know risks/issues with enabling v3 ifolders on folders that reside within an active 2.1 iFolder? The documentation sugests the this would be ill-advised, yet I have not seen any issues using this configuration. I would apreciate any insight into this matter. Matthew, It appears that in the past few days you have not received a response to your posting. That concerns us, and has triggered this automated reply. Has your problem been resolved? If not, you might try one of the following options: - Do a search of our knowledgebase at http://support.novell.com/...

iFolder client cannot see server iFolders
Hi, I have just rebuilt my machine and reinstalled the iFolder client. When I connect to the server from the client a new Default folder is created on my machine but the "iFolders on iFolder" section does not display any of my folders on the server. If I log onto the web client I can see all of my folders - including the Default folder. If I create an iFolder on my machine with the same name as one on the server then I end up with two instances of iFolders with the same name on the server but only the one folder that I just created on the machine. Any ideas? ...

iFolder Install problems
hello everyone I am trying to install iFolder on a Windows 2000 machine with SP4. The install goes fine, but when I login to global settings, I get the following error: Sorry, I accidentally sent this before it was finished. Unable to add iFolder_ServerAgent to Global Settings LDAP. I have read the TID referring to an AD password length policy being set (TID10084331), but I do not have a password complexity or length policy. I have removed and reinstalled everything and I stilll have the problem. The iFolder_ServerAgent object appears in my users context, so it is being ...

iFolder install problem
I recently upgraded my iFolder server to v2.1.6 (about time you say) and was pleasantly surprised to see a Linux client listed on the download page. I downloaded it and installed it and got the following error. error: Failed dependencies: libcurl.so.2 is needed by novell-ifolder-client-2.1.6-1.8.i586 The system involved seems to, in fact, have a newer version of libcurl so my question is: How do I resolve this problem? I am devoutly hoping the solution is not to downgrade software to an older version. Thanks for the help. Bob, It appears that in the past few...

Accessing Ifolder from Netstorage (ifolder is on different server)
When I click on the ifolder link in netstorage I am asked for my passphrase, once entered I am prompted with an AuthXTier login box that I cannot get around. Any Ideas what I am doing wrong. Thanks does this help? http://support.novell.com/cgi-bin/search/searchtid.cgi?/10075429.htm Suzanne Miles Volunteer Sysop, Novell Support Connection http://support.novell.com/forums/ ...

iFolder 3 + iFolder 2 on one server
Hi there, Given that iFolder 2 and 3 both have and lack capabilities that people like, has anyone tried putting them both on one OES/Linux box? If yes, how? -- -- Met vriendelijke groet / Kind regards, Bert Plat / www.bertplat.nl When in doubt, use brute force. -- Ken Thompson Bert, It appears that in the past few days you have not received a response to your posting. That concerns us, and has triggered this automated reply. Has your problem been resolved? If not, you might try one of the following options: - Do a search of our knowledgebase at http://support.nove...

iFolder client can not delete iFolder from server
Hi I managed to setup the open source IFolder server on SUSE 10.1. On my win2000 I use the 3.4 client. Everything works fine, except I cannot delete an iFolder from the server. It makes no difference if it is empty or there are files in it. When I click delete (and Yes) the icon of the iFolder turns gray and on the right the message is: "Waiting to connect". That takes forever, so I click refresh and the iFolder disappears and does not appear again even if I restart the client, but the data on the server remains. BTW I can delete the iFolder from the web interface without p...

Moving iFolder Folder to a new iFolder server
Have an existing iFolder user whose iFolder (about 1Gb) I need to move to a separate iFolder server. Existing user is on iFolder Server A (v3.2 and Directory Tree "A") Need to move him to iFolder Server B (v3.6 and Directory Tree "B") I have seen TIDS on moving a whole IFolder installation to a new server but nothing about individual folders. 1. Is there a process of importing the users existing iFolder into the new v3.6 server? 2. Can a v3.2 client access a v3.6 server? I am thinking that the best process is to convert the existing iFolder to a normal fol...

iFolder client unable to connect to iFolder server
This morning, when trying to log into iFolder via the iFolder client 3.7.1.20, I get the following message: "An error was encountered while connecting to the iFolder server. Please verify the information entered and try again. If the problem persists, please contact your network administrator." Funny thing is I can log into iFolder via web access without errors. I took a look at the simias.log and the only thing that stood out was: "Simias.SimiasException - The store has not been initialized." This error was logged 2009-04-15 12:11:17,765. Tried looking up ...

iFolder Client Causing iFolder on Server to Crash
i am running iFolder v2.1. if i leave the workstation client logged in for too long (full day) it creates an error_log over 4 gigs and causes ifolder to stop responding. after i restart the server, iFolder fails to load until i delete the log. i have tried to read the log, but it says its invaild. Chris Can you see the error log growing? I'd try to see what is being shown at the client, and also view the log file before it gets very big. Perhaps stopifolder, and then look at the log. Craig Johnson Novell Support Connection SysOp See http://nscsysop.hyperma...

remove OLD Slave iFolders from iFolder Master
--____RLZCQLSXZOEGNLDZGRFH____ Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: base64 Content-Disposition: inline; modification-date="Tue, 14 Sep 2009 10:42:01 -0400" SSBoYXZlIGEgb2xkIGlGb2xkZXIgc2xhdmUgc2VydmVyIHRoYXQgYXBwZWFycyB1bmRlcnMgIlNl cnZlcnMiIHdoZW4gdmlld2luZyBzZXJ2ZXJzIGluIHRoZSBpRm9sZGVyIDMuNyBzZXJ2ZXIgYWRt aW5pc3RyYXRpb24gdGFiLiAgVGhpcyBzZXJ2ZXIgaXMgbm8gbG9uZ2VyIGFyb3VuZC4gIFdoZW4g eW91IGNsaWNrIG9uIHRoZSBzZXJ2ZXIgaXQgcmV0dXJucyBhbiBlcnJvci4NCg0KSG93IGRvZXMg b25lIGdvIGFib3V0IHJlbW92aW5nIGEgImRlYWQiIGlGb2xkZXIgc2xhdmUgc2VydmVyIHRoYXQg YXBw...

iFolder problems(2k3 Server)
We are having a strange iFolder problem. We are installing iFolder on 2K3 server w/ AD. Once we install the software, extend the schema, and fix the "strong" password problem, we are still unable to login. The first time we try to login we get the "Unable to add iFolder_ServerAgent to Global setting LDAP" messgage. Try to login again immediatly and get the "Previous Login Failed" message. If you then look at the users ServerAgent is created but disabled. If we then delete the user ServerAgent and try to login again it's back to the "Unable...

How do I use iFolder open source without iFolder server ??
I downloaded iFolder open source from http://www.ifolder.com/download.html and installed it on Redhat 9. I am facing following issues - 1. iFolder session did not start automatically when I logged in. I had to run iFolder manually and then iFolder tray icon appeared. 2. When I right click on the icon, there are many options like 'Preferences', 'My iFolders' etc. I could not create a new iFolder, it said 'not attached to any iFolder server'. AFAIK, iFolder server is not publicly available. How should I start using iFolder Opn source ? The following docume...

Install iFolder in clustered server
HI, We have Netware 6.5 clustered server with two nodes. May i know how do i install and configure iFolder 2.0 on that? Thank you. Best rgds Irene http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=10066761&sliceId=&dialogID=238084&stateId=0%200%20296935 http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=10078289&sliceId=&dialogID=238084&stateId=0%200%20296935 do these help? Suzanne Miles Volunteer Sysop, Novell Support Connection http://support.novell.com/forums/ Hi, Thank y...

Web resources about - Problems installing an iFolder slave server - novell.support.ifolder

Help:Installing Japanese character sets - Wikipedia, the free encyclopedia
This help page will help you install Japanese character sets so that your computer will display them properly on the internet in your web browser ...

Earn Free Facebook Credits For Installing Apps — Of Course, There’s A Catch
This looks pretty cool at first: Earn free Facebook Credits for installing applications on your iPhone or Android device. AppDog offers this ...

Rooting and installing Android 1.5 JesusFreke - Flickr - Photo Sharing!
More information at: android.noisepages.com/2009/05/rooting-pics/

Installing ClearCal Anti-Glare Film for Glossy Displays - YouTube
Demonstration of how to install a RadTech ClearCal Anti-Glare Film on a MacBook Pro. ClearCal eliminates glare on glossy displays like Apple's ...

Fatal unit fire: Builder Ray Finianos reduced height of building to avoid installing fire sprinklers ...
The builder of&nbsp;a south-west Sydney unit block where a young woman plunged to her death during a ferocious fire told a certifier to reduce ...

'Green' light bulb moment for councils installing LED street lights
Nine Sydney councils are getting ready to turn off the lights &ndash; 13,000 of them &ndash; to save more than $20 million.

Iran installing new nuclear equipment
Sky News is Australia's leader in 24-hour news. Iran has begun installing next-generation equipment at one of its main nuclear plants, a new ...

Peter Garrett believed installing insulation batts 'not that hard', royal commission told
Former environment minister Peter Garrett believed installing insulation batts was ''not that hard'' based on his own personal experience, an ...

Gillard defends installing Slipper
BBC News Gillard defends installing Slipper Sydney Morning Herald Prime Minister Julia Gillard has defended her decision to install Peter ...

CSIRO says installing solar panels on roofs of businesses could take pressure off the electricity grid ...
Installing more solar panels on the roofs of businesses would help Australia's energy grid cope with increased demand.

Resources last updated: 12/20/2015 8:25:18 PM