Anonymous_User Absent Member.
Absent Member.
3386 views

iFolder 2.0 - Check user error: -35

You're encountering the NAT loopback problem. Most NAT vendors
(including
Novell) run into this. Basically, private resources cannot access
other
private resources via a public NAT address.

The "solution" is dual resolution. Enter a DNS name in the iFolder
field
as you've done. Make sure internal users/workstations resolve this
address to the private address. Public users need to resolve to the public/NAT address.

> Hi, my setup is:
> iFolder 2.0 running on Redhat Linux 7.2, Edir 8.7.
> I have iFolder running on a server with an internal IP address

connected
to
> a Router using NAT with the appropriate ports being forwarded to the


server.
> If I login to the management console and go to Global settings and

enter
the
> DNS address of the server for the Public location, users on the

inside
can
> no longer access iFolder - they get the error "Check user error:

-35".
If I
> change the public DNS entry to the internal IP address of the server

then
> things work fine internally but of course, it doesn't work

externally.
>
> I have put an entry in the Hosts file so that the dns entry resolves

to
the
> internal IP address for internal users but it still doesn't work.

If I
ping
> the dns entry, it resolves internally so I know that's working.

Does
anyone
> have any clues as to what might be wrong?
>
> thanks
> Arend
>
>





Labels (1)
0 Likes
3 Replies
Anonymous_User Absent Member.
Absent Member.

Re: iFolder 2.0 - Check user error: -35

Wouldn't an entry in the HOSTS file to resolve to the internal address
be
sufficient for this? Internal workstations still don't work with the
entry
in the hosts file.

<junk2@myrealbox.com> wrote in message
news:5mV%9.10328$EM3.4930@prv-forum2.provo.novell.com...
> You're encountering the NAT loopback problem. Most NAT vendors

(including
> Novell) run into this. Basically, private resources cannot access

other
> private resources via a public NAT address.
>
> The "solution" is dual resolution. Enter a DNS name in the iFolder

field
> as you've done. Make sure internal users/workstations resolve this> address to the private address. Public users need to resolve to the


> public/NAT address.







0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: iFolder 2.0 - Check user error: -35

If you ping the DNS name it should ping the internal address
internally
and the external address externally. This is what happens:
-the client connects
-iFolder server performs an LDAP bind to verify authentication
credentials
-iFolder looks up the user object to find which server it's assigned
to
-iFolder looks up the iFolderSerer Object to find the iFolder address-The iFolder client establishes a new connection for the client to the

address in the public field you specified. If the workstation
resolves
this properly we need to troubleshoot further.

What appears on the Apache/iFolder screen. Do yo see any errors.

> Wouldn't an entry in the HOSTS file to resolve to the internal

address be
> sufficient for this? Internal workstations still don't work with

the
entry
> in the hosts file.
>
> <junk2@myrealbox.com> wrote in message
> news:5mV%9.10328$EM3.4930@prv-forum2.provo.novell.com...
> > You're encountering the NAT loopback problem. Most NAT vendors

(including
> > Novell) run into this. Basically, private resources cannot access


other
> > private resources via a public NAT address.
> >
> > The "solution" is dual resolution. Enter a DNS name in the

iFolder
field
> > as you've done. Make sure internal users/workstations resolve

this
> > address to the private address. Public users need to resolve to

the
> > public/NAT address.

>
>
>





0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: iFolder 2.0 - Check user error: -35

Internally, the ping resolves the internal address, externally the
external
address is resolved.

The server is a Linux server so the only way I know to get an
Apache/iFolder
screen is to enable logging. This is what I see on a failed login. I

assume the problem is the final line about "LOCATE_SERVER encryption
failure"
=====
?:0>12:12:00 IS_USER [0]
>12:12:01 Starting iFolder server, version 2.0 [02/06/26]
>12:12:02 iFolderServer initialization complete.
>12:12:02 12:12:02 iFolder Application Root:

/usr/local/apache2/ifolder/Server
>12:12:02 12:12:02 iFolder Host OS: Linux 2.4.18-19.7.x
>12:12:02 12:12:02 iFolder Host WebServer: Apache/2.0.39 (Unix)

mod_ssl/2.0.39 OpenSSL/0.9.6b DAV/2
>12:12:02 12:12:02 Last session did not shutdown properly!
>12:12:02 12:12:02 Checking user accounts...
>12:12:02 12:12:02 1/1. Checking arend/home

A83FF6CD0A471E567FF66BE2B54A092E
>12:12:02 12:12:02 Total user@folder files = 1
>12:12:02 12:12:02 Total number of accounts = 1
>12:12:02 12:12:02 User account check complete

?:0>12:12:03 LOCATE_SERVER encryption failure
======


<junk2@myrealbox.com> wrote in message
news:IEa0a.11123$EM3.3194@prv-forum2.provo.novell.com...
> If you ping the DNS name it should ping the internal address

internally
> and the external address externally. This is what happens:
> -the client connects
> -iFolder server performs an LDAP bind to verify authentication

credentials
> -iFolder looks up the user object to find which server it's assigned

to
> -iFolder looks up the iFolderSerer Object to find the iFolder

address
> -The iFolder client establishes a new connection for the client to

the
> address in the public field you specified. If the workstation

resolves
> this properly we need to troubleshoot further.
>
> What appears on the Apache/iFolder screen. Do yo see any errors.
>
> > Wouldn't an entry in the HOSTS file to resolve to the internal

address
be
> > sufficient for this? Internal workstations still don't work with

the
> entry
> > in the hosts file.
> >
> > <junk2@myrealbox.com> wrote in message
> > news:5mV%9.10328$EM3.4930@prv-forum2.provo.novell.com...
> > > You're encountering the NAT loopback problem. Most NAT vendors> (including
> > > Novell) run into this. Basically, private resources cannot

access
> other
> > > private resources via a public NAT address.
> > >
> > > The "solution" is dual resolution. Enter a DNS name in the

iFolder
> field
> > > as you've done. Make sure internal users/workstations resolve

this
> > > address to the private address. Public users need to resolve to

the
> > > public/NAT address.

> >
> >
> >

>






0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.