Highlighted
Absent Member.
Absent Member.
2295 views

AFP dropping 1st character in username

OES2 sp1 SLES 10 server.
AFP was working fine last week, now no user able to login. In the logs, the 1st character in the username is getting dropped.
Example: coadmin logs in.....AFP is searching oadmin.

I have rebooted, switch authentication modes, cleared all contexts and reapplied all contexts.

Any ideas?
Labels (1)
0 Likes
9 Replies
Highlighted
Absent Member.
Absent Member.

Re: AFP dropping 1st character in username

Can you paste the logs captured in /var/log/afptcpd/afptcp.log during the login attempt. Enable all the logs (status,error and debug) before you try.
you set 'logs' to 'all' in afptcpd.conf file.

0 Likes
Highlighted
Absent Member.
Absent Member.

Re: AFP dropping 1st character in username

Here it is...the user is coadmin


Jun 4 09:05:52 home03 afptcpd[9827]: [status] AFPListeningThread : Accepted socket 28
Jun 4 09:05:52 home03 afptcpd[9827]: [debug] Creating new session, existing count is 1
Jun 4 09:05:52 home03 afptcpd[9827]: [debug] AFP: New Session Created.
Jun 4 09:05:52 home03 afptcpd[9827]: [status] Created session: count is <2>
Jun 4 09:05:52 home03 afptcpd[9827]: [debug] socket received 0 number of bytes
Jun 4 09:05:52 home03 afptcpd[9827]: [debug] Session received a KILL REQUEST
Jun 4 09:05:52 home03 afptcpd[9827]: [debug] Close was successful for socket <22> for session # 71
Jun 4 09:05:52 home03 afptcpd[9827]: [status] AFP 0: AnnihilateSession (use count = 0)
Jun 4 09:05:52 home03 afptcpd[9827]: [status] AFPListeningThread : Accepted socket 28
Jun 4 09:05:52 home03 afptcpd[9827]: [debug] Creating new session, existing count is 1
Jun 4 09:05:52 home03 afptcpd[9827]: [debug] AFP: New Session Created.
Jun 4 09:05:52 home03 afptcpd[9827]: [status] Created session: count is <2>
Jun 4 09:05:52 home03 afptcpd[9827]: [debug] socket received 0 number of bytes
Jun 4 09:05:52 home03 afptcpd[9827]: [debug] Session received a KILL REQUEST
Jun 4 09:05:52 home03 afptcpd[9827]: [debug] Close was successful for socket <22> for session # 72
Jun 4 09:05:52 home03 afptcpd[9827]: [status] AFP 0: AnnihilateSession (use count = 0)
Jun 4 09:05:58 home03 afptcpd[9827]: [status] AFPListeningThread : Accepted socket 28
Jun 4 09:05:58 home03 afptcpd[9827]: [debug] Creating new session, existing count is 1
Jun 4 09:05:58 home03 afptcpd[9827]: [debug] AFP: New Session Created.
Jun 4 09:05:58 home03 afptcpd[9827]: [status] Created session: count is <2>
Jun 4 09:05:58 home03 afptcpd[9827]: [error] Failed to resolve user name .
oadmin.ou=core_services.o=vasd NWDSResolveName error: -601 - fffffda7
Jun 4 09:05:58 home03 afptcpd[9827]: [error] Failed to resolve user name .
oadmin.ou=COadmins.ou=CO.o=VASD NWDSResolveName error: -601 - fffffda7
Jun 4 09:05:58 home03 afptcpd[9827]: [error] Failed to resolve user name .
oadmin.ou=SPTeachers.ou=SP.o=VASD NWDSResolveName error: -601 - fffffda7
Jun 4 09:05:58 home03 afptcpd[9827]: [error] Failed to resolve user name .
oadmin.ou=GETeachers.ou=GE.o=VASD NWDSResolveName error: -601 - fffffda7
Jun 4 09:05:58 home03 afptcpd[9827]: [error] Failed to resolve user name .
oadmin.ou=COStaff.ou=CO.o=VASD NWDSResolveName error: -601 - fffffda7
Jun 4 09:05:58 home03 afptcpd[9827]: [error] User
oadmin not found in any context
Jun 4 09:05:58 home03 afptcpd[9827]: [error] Invalid user login information
Jun 4 09:05:58 home03 afptcpd[9827]: [debug] socket received 0 number of bytes
Jun 4 09:05:58 home03 afptcpd[9827]: [debug] Session received a KILL REQUEST
Jun 4 09:05:58 home03 afptcpd[9827]: [debug] Close was successful for socket <22> for session # 73
Jun 4 09:05:58 home03 afptcpd[9827]: [status] AFP 0: AnnihilateSession (use count = 0)
Jun 4 09:05:59 home03 afptcpd[9827]: [status] AFPListeningThread : Accepted socket 28
Jun 4 09:05:59 home03 afptcpd[9827]: [debug] Creating new session, existing count is 1
Jun 4 09:05:59 home03 afptcpd[9827]: [debug] AFP: New Session Created.
Jun 4 09:05:59 home03 afptcpd[9827]: [status] Created session: count is <2>
Jun 4 09:05:59 home03 afptcpd[9827]: [debug] socket received 0 number of bytes
Jun 4 09:05:59 home03 afptcpd[9827]: [debug] Session received a KILL REQUEST
Jun 4 09:05:59 home03 afptcpd[9827]: [debug] Close was successful for socket <22> for session # 74
Jun 4 09:05:59 home03 afptcpd[9827]: [status] AFP 0: AnnihilateSession (use count = 0)
Jun 4 09:05:59 home03 afptcpd[9827]: [status] AFPListeningThread : Accepted socket 28
Jun 4 09:05:59 home03 afptcpd[9827]: [debug] Creating new session, existing count is 1
Jun 4 09:05:59 home03 afptcpd[9827]: [debug] AFP: New Session Created.
Jun 4 09:05:59 home03 afptcpd[9827]: [status] Created session: count is <2>
Jun 4 09:05:59 home03 afptcpd[9827]: [debug] socket received 0 number of bytes
Jun 4 09:05:59 home03 afptcpd[9827]: [debug] Session received a KILL REQUEST
Jun 4 09:05:59 home03 afptcpd[9827]: [debug] Close was successful for socket <22> for session # 75
Jun 4 09:05:59 home03 afptcpd[9827]: [status] AFP 0: AnnihilateSession (use count = 0)


Also...when doing a namconfig cache_refresh I get this error:
monitorChangesInLDAP: LUM configuration points to non-replica LDAP server. Persistent search is not supported for this configuration.

We do have R/W of the root on this server and the LDAP server it is pointing to is the Master of root.

Thanks for your help
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: AFP dropping 1st character in username

Can you take a tcpdump trace from the MAC client and capture the packets on the AFP port (548). This would tell us whether the username is truncated at the MAC client side or the server. Traces could be taken using the command,

$ sudo tcpdump -i <interface> -s0 -w <tracefile> port 548

Within this trace we would want to look for FPLogin / FPLoginExt command to see what username is being sent over the wire.

Junaid
0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: AFP dropping 1st character in username

On 02/06/2009 14:26, lehmanp00 wrote:

> OES2 sp1 SLES 10 server.


32- or 64-bit?

> AFP was working fine last week, now no user able to login. In the logs,
> the 1st character in the username is getting dropped.


Have any updates been applied in the past week? The update I'm
particularly thinking of is novell-afptcp.

What does 'rpm -qa | grep afptcp' list?
--
Simon

------------------------------------------------------------------------
Do you work with Novell technologies within an academic environment?
Your campus may benefit from joining the Novell Technology Transfer
Partners (TTP) organisation. See www.novell.com/ttp for more info.
------------------------------------------------------------------------
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: AFP dropping 1st character in username

32-bit OS
1.0.0-0.36 for novell-afptcpd

It started working again. Nothing was done on the server. The only change since my last post was that the Netware 6.5sp8 server holding the Master root partition was rebooted.

My fellow tech and I are starting to think that we have a deeper eDir issue. The AFP server is pointing to a different edir server as an LDAP source, not the server with the master root partition on it.
Also, we can do a DStrace and see ZCM (Zen10) having problems authenticating users because it seems like it is waiting for an LDAP server to respond. ZCM is using a completely different LDAP/eDir server to read the tree than AFP.
I am wondering is we shouldn't install an VM OES2 server with Read/Write replicas of all partitioins just to be used as an LDAP source for all of our different services?
Another interesting note: the proxy users AFP and ZCM use to login to the tree randomly lock-out. The passwords are correct. However, in Iman, the lock-out IP address are random server IP's. Strange.
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: AFP dropping 1st character in username

lehmanp00 wrote:

>
> 32-bit OS
> 1.0.0-0.36 for novell-afptcpd
>
> It started working again. Nothing was done on the server. The only
> change since my last post was that the Netware 6.5sp8 server holding the
> Master root partition was rebooted.
>
> My fellow tech and I are starting to think that we have a deeper eDir
> issue. The AFP server is pointing to a different edir server as an LDAP
> source, not the server with the master root partition on it.
> Also, we can do a DStrace and see ZCM (Zen10) having problems
> authenticating users because it seems like it is waiting for an LDAP
> server to respond. ZCM is using a completely different LDAP/eDir server
> to read the tree than AFP.
> I am wondering is we shouldn't install an VM OES2 server with
> Read/Write replicas of all partitioins just to be used as an LDAP source
> for all of our different services?
> Another interesting note: the proxy users AFP and ZCM use to login to
> the tree randomly lock-out. The passwords are correct. However, in Iman,
> the lock-out IP address are random server IP's. Strange.
>
>


Just as a long shot have you checked your certs on the Netware server? Is
the Netware server also the holder of the CA?

0 Likes
Highlighted
Absent Member.
Absent Member.

Re: AFP dropping 1st character in username

I checked certs last week. All seemed OK. I did sdidiag.
None of the servers involved is the CA.
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: AFP dropping 1st character in username

Well, my fellow tech found out what was wrong. We don't think it was a Novell issue but a Mac issue.

On the Mac:
When you did 'Connect to server' and used the pre-filled in username, that is when the login would fail with the first character of the username dropped. But, if you 'Connect to Server' and immediately type in a new username (even re-typing the auto filled one) then everything worked.
Example
there is a user xadmin in edir and it is also the name of a local account on a Mac.
Login to the Mac as xadmin (the local acct).
Connect to Server (command-k)
xadmin is auto-filled in as the username.
type in password.
AFP login fails.

Command-k
erase auto-filled username
re-type 'xadmin'
type in password
AFP login succeeds.

If you are using Apple openDirectory to login users to the Mac, it should be OK, because the username that is auto-filled in is Firstname Lastname. A user would have to erase that username and type in their eDir username anyways.
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: AFP dropping 1st character in username

lehmanp00 wrote:

>
> Well, my fellow tech found out what was wrong. We don't think it was a
> Novell issue but a Mac issue.
>
> On the Mac:
> When you did 'Connect to server' and used the pre-filled in username,
> that is when the login would fail with the first character of the
> username dropped. But, if you 'Connect to Server' and immediately type
> in a new username (even re-typing the auto filled one) then everything
> worked.
> Example
> there is a user xadmin in edir and it is also the name of a local
> account on a Mac.
> Login to the Mac as xadmin (the local acct).
> Connect to Server (command-k)
> xadmin is auto-filled in as the username.
> type in password.
> AFP login fails.
>
> Command-k
> erase auto-filled username
> re-type 'xadmin'
> type in password
> AFP login succeeds.
>
> If you are using Apple openDirectory to login users to the Mac, it
> should be OK, because the username that is auto-filled in is Firstname
> Lastname. A user would have to erase that username and type in their
> eDir username anyways.
>
>


Thanks for the update. Glad you got it figured out.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.