Anonymous_User Absent Member.
Absent Member.
2015 views

Can't login from internet

I have a NW6.5 SP2 server that was upgraded from NW6.0 SP5. I later
installed iFolder 2.1 on it. The LDAP server is the same server. I
added a secondary ipaddress, and I have a one to one NAT to a public IP
address. I have a DNS entry for both the private and public addresses
(different names of course).
I can login administratively, and users (test only) can login in with the
client or browser, on the private network.
From the Internet, I can browse to the iFolder page and download the
client. But I can not login with the client. I get -501 error.
I have not tried to login as a user or admin with the browser.
I have checked many discussion threads and the knowledge base and the
configuration files seem to be ok. The ifolderserverdnsorip and
ifolderuserserverdnsorip both point to the secondary ipaddress (private).
Should these point to the public address?
Also in NORM, IP Address Management, I do not see iFolder in the
application column. I'm wondering if this is an idication of something
not configured properly.
I am at a dead end. Any ideas ??
TIA, Rich

Also,

Labels (1)
0 Likes
6 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Can't login from internet

,
> From the Internet, I can browse to the iFolder page and download the
> client. But I can not login with the client. I get -501 error.
>

For your config, access by DNS name only and make sure you have the DNS
name and not IP in the iFolder objects. The name must resolve correctly
on outside and inside.

- Anders Gustafsson, Engineer, CNE6, ASE
NSC Volunteer Sysop
Pedago, The Aaland Islands (N60 E20)

Novell does not monitor these forums officially.
Enhancement requests for all Novell products may be made at
http://support.novell.com/enhancement

Using VA 5.51 build 315 on Windows 2000 build 2195

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Can't login from internet

Anders,
Thanks for your reply. I tried making some changes and am now worse
off than when I started.
I changed in httpd_ifolder_nw.conf the LdapHost, iFolderServerDNSorIP,
and iFolderUserServerDNSorIP from IP addresses to private DNS names. Also
in the NDS objects iFolder_ldap01, OTHER tab, iFolderLDAPDNSorIP changed
value to dns name; and iFolder_server01, OTHER tab, iFolderServerDNSorIP
and iFolderServerSecureDNSorIP, changed values to private dns names.
I restarted the apache server (ap2webdn/ap2webup). On the internal
network I could only log in as admin, not as any user. In the iFolder
Management Console I could not browse to any contexts in the User LDAPs
page. Also could not see any users at all. This indicates to me I am not
seeing the LDAP server although I am not getting any errors.
I changed everything back to the original configuration and still
nothing works.
I am about ready to uninstall and reinstall ifolder. Dont know what
else to do. Do you have any suggestions short of reinstalling?

A question regarding your original suggestion about using DNS names
instead of IP addresses. My server is on the private network. It cannot
see any public address. The secondary IP address that ifolder is
configured to use, has a one to one NAT to a public address. It doesn't
seem to me that I should be using that public address or it's dns name
anywhere in the configuration, only the private IP and dns name. I
believe that outside the firewall, the transaction on the public side is
converted to the internal address so to the ifolder server it is no
different than a transaction initiated on the private network. Am I
correct?
Thanks again for your help.
Regards, Rich Macaluso
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Can't login from internet

> Anders,
> Thanks for your reply. I tried making some changes and am now

worse
> off than when I started.


I deleted and recreated the NDS object for ldap and ifolder server. I
can now login on local (private) network. Cant check access from public
network yet.

I would still like an answer to my second question repeated below.
Thanks , Rich

> A question regarding your original suggestion about using DNS names
> instead of IP addresses. My server is on the private network. It

cannot
> see any public address. The secondary IP address that ifolder is
> configured to use, has a one to one NAT to a public address. It

doesn't
> seem to me that I should be using that public address or it's dns name
> anywhere in the configuration, only the private IP and dns name. I
> believe that outside the firewall, the transaction on the public side

is
> converted to the internal address so to the ifolder server it is no
> different than a transaction initiated on the private network. Am I
> correct?
> Thanks again for your help.
> Regards, Rich Macaluso


0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Can't login from internet

,
> > seem to me that I should be using that public address or it's dns name
> > anywhere in the configuration, only the private IP and dns name. I
> > believe that outside the firewall, the transaction on the public side

> is
> > converted to the internal address so to the ifolder server it is no
> > different than a transaction initiated on the private network. Am I
> > correct?


When you change the addresses, you only do so for the ifolder stuff. NOT
the LDAP stuff. For your scenario to work, you need to have your ifolderDNS
resolve to the internal address on the outside and the internal on the
inside. Then access iFolder by dns name. See:
http://support.novell.com/cgi-bin/search/searchtid.cgi?/10084054.htm

Also see this if listening on a secondary IP address:
http://support.novell.com/cgi-bin/search/searchtid.cgi?/10095189.htm

- Anders Gustafsson, Engineer, CNE6, ASE
NSC Volunteer Sysop
Pedago, The Aaland Islands (N60 E20)

Novell does not monitor these forums officially.
Enhancement requests for all Novell products may be made at
http://support.novell.com/enhancement

Using VA 5.51 build 315 on Windows 2000 build 2195

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Can't login from internet

Anders,
OK. I don't have a final solution, but at least I know what is going
on now. We do not have an internal and external dns on our network, so I
can't have two different resolutions. I did put an entry in my "outside"
workstation hosts file with the inside dns name resolving to the public
address. This allowed me to log in, but some things did not work
smoothly. I still have to check the tid about listening on secondary
address.
Other than having every user modify their hosts files on their home
workstations, can you suggest other things to try. We do not run
BorderManager.
Thanks a whole bunch for your help, Rich

> When you change the addresses, you only do so for the ifolder stuff. NOT
> the LDAP stuff. For your scenario to work, you need to have your

ifolderDNS
> resolve to the internal address on the outside and the internal on the
> inside. Then access iFolder by dns name. See:
> http://support.novell.com/cgi-bin/search/searchtid.cgi?/10084054.htm
>
> Also see this if listening on a secondary IP address:
> http://support.novell.com/cgi-bin/search/searchtid.cgi?/10095189.htm
>
> - Anders Gustafsson, Engineer, CNE6, ASE
> NSC Volunteer Sysop
> Pedago, The Aaland Islands (N60 E20)
>
> Novell does not monitor these forums officially.
> Enhancement requests for all Novell products may be made at
> http://support.novell.com/enhancement
>
> Using VA 5.51 build 315 on Windows 2000 build 2195
>


0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Can't login from internet

,
> OK. I don't have a final solution, but at least I know what is going
> on now. We do not have an internal and external dns on our network, so I
> can't have two different resolutions.


Another option, is to access the external address, even from the inside.
This is very easy if your ISP has a proxy you can use.

- Anders Gustafsson, Engineer, CNE6, ASE
NSC Volunteer Sysop
Pedago, The Aaland Islands (N60 E20)

Novell does not monitor these forums officially.
Enhancement requests for all Novell products may be made at
http://support.novell.com/enhancement

Using VA 5.51 build 315 on Windows 2000 build 2195

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.