dsmiley Absent Member.
Absent Member.
2828 views

LOGIN.UNAUTHORIZED iFolder 3.9 (or 3.8) + OpenSuse 11.3 LDAP

Only a couple of our users cannot log into the web interface or client when running either iFolder 3.8 of iFolder 3.9, I cannot find any rhyme or reason as to why. I noticed this error during the simias-server-setup that I can't seem to make sense of; http://i.imgur.com/3mzp7NX.png

From what I can tell the users are properly being pulled via LDAP as they all show up in the /admin interface. All of them are enabled and provisioned to the one and only server available. Please see the search contexts listed in the provided (scrubbed) Simias.config below. The three contexts all point to security groups in their own organizational units, which may be a bit excessive but this was done based on documentation I read at Support | How to use LDAP Groups Plugin functionality in iFolder. All of the users were discovered at the same time (time of installation) no user modifications were performed since, so it doesn't seem to be a sync delay issue. To note, the following settings are configured for LDAP sync in the /admin interface.

Identity Sync: 360 minutes
Grace Interval: 720 minutes

Public address: filerepo.domain.us (Configured in public domain DNS to point to public IP that is NATed to local IP on firewall)
Local address: filerepo.domain.us (Configured in local domain DNS forward lookup zone, so internally resolves to local IP)
+Resolves properly internally and externally.

This is deployed on a VM in our ESXi environment with a snapshot to revert to a fresh/updated installation of OpenSuse 11.3 with the rpm files stored in /ifolder-temp/, so I can revert and try different things easily if deemed necessary.

/var/simias/data/simias/Simias.config output (scrubbed for privacy);
<configuration>
<section name="EnterpriseDomain">
<setting name="SystemName" value="Company-Repository" />
<setting name="Description" value="Company File Repository System" />
<setting name="AdminName" value="cn=ifolderadmin,ou=filerepo,ou=location,dc=domain,dc=local" />
</section>
<section name="Server">
<setting name="Name" value="filerepo" />
<setting name="MultiByteServer" value="yes" />
<setting name="PublicAddress" value="https://filerepo.domain.us/simias10" />
<setting name="PrivateAddress" value="https://filerepo.domain.us/simias10" />
<setting name="RAPath" value="/var/simias/data" />
</section>
<section name="Authentication">
<setting name="SimiasAuthNotRequired" value="Registration.asmx, Login.ashx, Simias.asmx:PingSimias, DomainService.asmx:GetDomainID, pubrss$
<setting name="SimiasRequireSSL" value="yes" />
</section>
<section name="Identity">
<setting name="Assembly" value="Simias.ADLdapProvider" />
<setting name="ServiceAssembly" value="Simias.Identity.ADLdapProvider" />
<setting name="Class" value="Simias.ADLdapProvider.User" />
<setting name="LdapSyncOnRestart" value="No" />
<!--
<setting name="Assembly" value="Simias.SimpleServer" />
<setting name="Class" value="Simias.SimpleServer.User" />
-->
<!--
<setting name="Assembly" value="Simias.MdbSync" />
<setting name="Class" value="Simias.MdbSync.User" />
-->
</section>
<section name="StoreProvider">
<setting name="CommonProxyLogPath" value="/var/opt/novell/log/proxymgmt/pxymgmt.log" />
<setting name="Assembly" value="SimiasLib.dll" />
<setting name="Type" value="Simias.Storage.Provider.Flaim.FlaimProvider" />
<setting name="Path" value="/var/simias/data/simias" />
</section>
<section name="LdapAuthentication">
<setting name="LdapUri" value="ldaps://1.2.3.4/" />
<setting name="ProxyDN" value="cn=ifolderproxy,ou=filerepo,ou=location,dc=domain,dc=local" />
</section>
<section name="LdapProvider">
<setting name="NamingAttribute" value="sAMAccountName" />
<setting name="Search">
<Context dn="cn=filerepo site1,ou=ca site1,ou=filerepo,ou=location,dc=domain,dc=local" />
<Context dn="cn=filerepo site2,ou=ca site2,ou=filerepo,ou=location,dc=domain,dc=local" />
<Context dn="cn=filerepo site3,ou=ok site3,ou=filerepo,ou=location,dc=domain,dc=local" />
</setting>
</section>
</configuration>

1) ALL users that are members of the 'filerepo site1' security group show up as active users in the /admin interface, but some cannot log in.
2) 'filerepo site2' only has one user, a user created that is only part of this security group (not even Domain Users) - this user does NOT show up in the /admin interface.
3) 'filerepo site3' only has one user, a different user created that is only part of this security group (not even Domain Users) - this user does NOT show up in the /admin interface.
Labels (1)
Tags (4)
0 Likes
5 Replies
dsmiley Absent Member.
Absent Member.

Re: LOGIN.UNAUTHORIZED iFolder 3.9 (or 3.8) + OpenSuse 11.3

Re-uploaded screenshot of error during install; http://i.imgur.com/cQQ6KC4.png

Forgot to include an example.

User1 in 'filerepo site1' can log in to both the web interface and client.
User2 in 'filerepo site1' can log in to both the web interface and client.
User3 in 'filerepo site1' can log in to both the web interface and client.
User4 in 'filerepo site1' CANNOT log in to both the web interface and client.
User5 in 'filerepo site1' can log in to both the web interface and client.
User6 in 'filerepo site1' CANNOT log in to both the web interface and client.
User7 in 'filerepo site1' CANNOT log in to both the web interface and client.
0 Likes
dsmiley Absent Member.
Absent Member.

Re: LOGIN.UNAUTHORIZED iFolder 3.9 (or 3.8) + OpenSuse 11.3

Tinkering around today with one of the user accounts that gets "LOGIN.UNAUTHORIZED". Learned that if i Disable the account and try to log in I get the following message, "Your account is currently disabled and unavailable." This tells me its actually authenticating the user properly... still stumped on the LOGIN.UNAUTHORIZED bit though. Any help would be greatly appreciated.

UPDATE: Disregard, I get the same results for both conditions whether I type the correct password or not.
0 Likes
daniellench Absent Member.
Absent Member.

Re: LOGIN.UNAUTHORIZED iFolder 3.9 (or 3.8) + OpenSuse 11.3

dsmiley

just to clarify a bit
the users that are having issues
1. cannot access the ifolder server at all correct? ie. no web and no thick client.
2. have never been able to access the ifolder server?
3. the machine can login with another account that works?
4. have passwords longer than 8 characters?

what platform are the clients using

best,
daniel from nofolder.com
0 Likes
dsmiley Absent Member.
Absent Member.

Re: LOGIN.UNAUTHORIZED iFolder 3.9 (or 3.8) + OpenSuse 11.3

daniellench;2269552 wrote:
dsmiley

just to clarify a bit
the users that are having issues
1. cannot access the ifolder server at all correct? ie. no web and no thick client.
2. have never been able to access the ifolder server?
3. the machine can login with another account that works?
4. have passwords longer than 8 characters?

what platform are the clients using

best,
daniel from nofolder.com


1. Correct, no web or client access.
2. Correct, this is a new installation (my first ever) that only certain domain members cannot access.
3. Correct, the issue is associated with the AD account, not the machine.
4. Yes and no... One of the users that couldn't log in did have an 8+ char password, another did not.

While tinkering around over the weekend I was able to get a couple of the accounts logged in by doing the following;
1) ADUC > Changed User logon name... for example, if the logon name was previously jdoe I changed it to jodoe.
2) iFolder Admin > Servers (tab) > <Server Name> > LDAP Sync Now function.
3) Test https (web) logon, LOGIN.UNAUTHORIZED.
4) ADUC > Changed User logon name... changed jodoe back to jdoe.
5) iFolder Admin > Servers (tab) > <Server Name> > LDAP Sync Now function.
6) Test https (web) logon, Success!

I did this with two accounts and they both now work. I can't explain why, but they do, and I'm not complaining.

More info;
LDAP Server: Windows 2008 R2

-Derek
0 Likes
dsmiley Absent Member.
Absent Member.

Re: LOGIN.UNAUTHORIZED iFolder 3.9 (or 3.8) + OpenSuse 11.3

Sorry I didn't answer your client platform question, it was overlooked. In relation to the web access; the OS/browser didn't matter, we got the same message while using mac, windows or *nux... each using different browsers (mozilla, ie, chrome). All software clients are Windows x64, but we weren't even trying the software clients since the web access wasn't working.

Well, confirmed... I performed the steps mentioned in my previous post on another user that wasn't able to log in; sure enough they can now access both the web and client interfaces.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.