BM 3.9 and iChain

Hi,
Is it possible to use an iChain accelerator with NetIdentity authentication to get non-Novell Client users to automatically log on to the BM web authentication page?
Thanks

mkobelt wrote:
> Hi,
>
> Is it possible to use an iChain accelerator with NetIdentity
> authentication to get non-Novell Client users to automatically log on to
> the BM web authentication page?
>
> Thanks
>
>
no, you can not

Similar Messages

Security Issues

So I recently got a new Macbook Pro and have had a few issues that may be related but may not be. First one I believe is because I downloaded vuze/arureus. My browsers homepage load to yahoo instead of google and the address has the word spigot in it, even on chrome and if I reset it to google the next time i start up its back to google. I deleted vuze and its file from library application support... but the problem is still there. Anything else I should delete or do to get this back to normal? Also today I was notified there was someone logging into my facebook from Europe(i live in the US). It had me change my password but I'm not sure how they would of gotten access to my account. Could these two things be related? The last is at times I experience extremely slow internet speeds on the macbook pro and my old macbook, which also has the spigot thing going on but not on the apple tv or iPhone. Any tips and/or advice is appreciated.

In article <ar0fb.1718$[email protected]>,
[email protected] says...
> Hi -- Part of my support is in a hospital and we are currently
developing
> a plan to upgrade all servers from NetWare 5.1 to NetWare 6 (or
6.5)along
> with ZenWorks 3 upgrade to 4. Being in this type of environment with
> confidential data on the server --along with being HIPPA compliant--
what
> product could I use in order to have the staff, doctors,and students
be
> able to securely access their data from outside the network while
they are
> at home or at remote locations anywhere in the country. I know of
iFolder,
> but is there any other products I should review. Possibly for
handheld
> technology also. Thanks in advance.
> IPR
>
>
I would take a look at portal services, to gether with some nice
authentication....
for novell this would be extend and ichain.
Marcus Breiden
Please change -- to - to mail me.
The content of this mail is my private and personal opinion.
http://www.edu-magic.net

Shell access required for RADIUS authentication?

Hello all,
A customer of mine has a fleet of modern Mac laptops, all accessing 3 AFP file servers. Access to those file servers is governed by a Snow Leopard Open Directory Master. Pretty simple.
I’ve been tasked with introducing RADIUS authentication to the WLAN there. The WAPs are all Airport Extremes, so again the setup is pretty simple.
But in testing, I see that users can authenticate to the RADIUS WLAN only if I give those user accounts shell access in Open Directory. If a user’s account has a login shell set to None (our previous default), then any RADIUS authentication attempt produces the following log error:
Auth: [unix] [USERNAME]: invalid shell [/dev/null]
If I switch that user’s login shell to (for example) /bin/bash, then restart RADIUS, that user authenticates successfully thereafter.
Is this expected behavior? Is there an alternative to giving everyone shell access?
Thanks for any info,
Brandon White
System Administrator
www.technico.us

Hi Peter,
have a look at the RADIUS implementation CookBook (www.vasco.com/novell)
chris
> We use Vasco tokens for two things: Checkpoint Firewall-1 VPN
> authentication, and iChain 2.2 RADIUS authentication. The current
> RADIUS.NLM that we use is from the iChain authentication CD.
>
> The only problem I can think of to mention is the "Unknown RADIUS client"
> error that we got after NW6 SP5. That was solved by the latest NMAS
patches
> and an upgrade from eDir 8.6.2 to 8.7.3.
>
>
> "Peter van de Meerendonk" <[email protected]>
wrote in
> message news:JNiQd.595$[email protected]..
> > > Well, just let me cover my hiney a little. We did have extremely bad
> > > results with Activcard ACO000 tokens, but that is an old product from
> > about
> > > 3-4 years ago. I have no knowledge of the current Activcard tokens.
> > >
> > OK, but the licensing policy makes activcard a costly alternative.
we've
> got
> > a good deal on RSA, and are negociating a deal on Vasco. eventually we
> might
> > need 250+ tokens.
> >
> > I am very interested in configuration details of your setup. do you use
> the
> > tokens only for checkpoint authentication, or for novell
authentication as
> > well?
> >
> >
> >
>
>

NMAS based token for radius authentication towards checkpoint firewall

hi,
i'm looking for token based access towards a checkpoint firewall. i found
out about radius, and think that's the way to go.
our user administration is NW65SP2 & Edir 8.7.3 based.
has anyone a success story about a token based radius server based on this
configuration ?
which token ?
additional software ?
anyone ?

Hi Peter,
have a look at the RADIUS implementation CookBook (www.vasco.com/novell)
chris
> We use Vasco tokens for two things: Checkpoint Firewall-1 VPN
> authentication, and iChain 2.2 RADIUS authentication. The current
> RADIUS.NLM that we use is from the iChain authentication CD.
>
> The only problem I can think of to mention is the "Unknown RADIUS client"
> error that we got after NW6 SP5. That was solved by the latest NMAS
patches
> and an upgrade from eDir 8.6.2 to 8.7.3.
>
>
> "Peter van de Meerendonk" <[email protected]>
wrote in
> message news:JNiQd.595$[email protected]..
> > > Well, just let me cover my hiney a little. We did have extremely bad
> > > results with Activcard ACO000 tokens, but that is an old product from
> > about
> > > 3-4 years ago. I have no knowledge of the current Activcard tokens.
> > >
> > OK, but the licensing policy makes activcard a costly alternative.
we've
> got
> > a good deal on RSA, and are negociating a deal on Vasco. eventually we
> might
> > need 250+ tokens.
> >
> > I am very interested in configuration details of your setup. do you use
> the
> > tokens only for checkpoint authentication, or for novell
authentication as
> > well?
> >
> >
> >
>
>

SAP Web Dispatcher & Reverse Proxy

Hello,
We are currently using Novell's iChain product for our reverse proxy (RP) to our EP7 Portal which in turn is connected to BW, CRM, & R/3. Can SAP's Web Dispatcher (WD) perform the same RP functions as iChain in this type of scenario?
For example, we have one iChain server which performs RP functions for EP7 which is also connected to BW, CRM, & R/3. We like to replace our iChain product and have been looking at WD. But, it doesn't look like a single WD instance can act as a RP for more than one system at a time. In other words, I setup a test WD system and pointed it at our EP7 system. It works fine for anything coming from EP7. But, for any iviews that point to BW, CRM, or R/3, it doesn't work, which makes sense since there doesn't seem to be anywhere I can define those systems in the WD. But could WD do this and I'm just not reading the documentation correctly? (Yes, I have been all over help.sap.com in regards to WD)
I did find the following SAP note, 740234, that discusses this to an extent, but it is mostly about load balancing across disparate systems, not RP functionality across disparate systems. Thus, I'm not sure this applies. Assuming this note is correct from a RP viewpoint, can I just run multiple WDs all on the same standalone system? Also, if that is the case, how is it that when I call a BW iView from the Portal, it knows to go through the other WD setup on that system?
Bottom line is, does/will SAP's WD perform the same functions as iChain or should we be looking elsewhere?
Hope that all made sense!
Thanks,
Tom

Hello Benny,
For the sake of simplicity, lets say I have a portal called 'ABC' and a BW system called 'XYZ'. So, to access the portal directly, without going through the iChain RP, I would enter http://abc.company.com/ but going through the RP, I would enter something like http://MyPortal.company.com/ and iChain knows it should direct the traffic to ABC.
In the portal, I have a XYZ defined in the System Landscape. Then in the portal, I create an iView that uses the BW system defined in the System Landscape.
Again, without going through the RP, if I click on the XYZ iView in the portal, it connects to XYZ to get whatever info it needs from XYZ and presents it back, through the portal. But, the URL behind that iView, goes to http://xyz.company.com. But, if I do all the same things, this time going through the RP, it understands that it needs to be the RP for both ABC and XYZ and acts accordingly.
Does that make more sense? Can WD also act in this fashion? As far as user management goes, that is done with LDAP.
Thanks,
Tom

Does single user mode bypass password protection?

Does booting into single user mode bypass account password protection? From what I can see single user mode allows me to access the entire hard disk as root. Is this one of the reasons for open firmware password protection?

Unfortunately there is nowhere to put a padlock on the case of an iMac G5. Perhaps I will wrap it in a chain at night. I think it might spoil the design, unless Apple could release an iPadlock and iChain in a cool white with silver trim.
I have experimented with Filevault in the past and I have heard of the risks you describe - I may even have read the posts in question when I was researching it. I decided not to use it in the end, because the risks and extra login time weren't worthwhile for me.
I had thought that having a login password was sufficient to prevent access to my files on the machine, but now I know single user mode circumvents this. I think I may just save important files to an encrypted disk image.
I do encrypt my backup, though this prevents it from being bootable. I am currently working on having a minimal bootable partition plus an encrypted backup partition on my backup disk.

Integration of Hyperion PS and Novell iChain

Hello all,We are now proposing a single-sign-on solution with Hyperion Performance Suite (HPS). It is known that IBM Tivoli works with HPS well.However, our client uses iChain currently in their system and so we may want to leave this unchanged.Do anyone know whether HPS works with Novell iChain or not? Or can anyone supply me with information about how HPS passes user credentials? Say, using a simple form fill or basic HTTP authentication?Thank you very much!

The Organizer and the Bridge are supposed to use similar metadata. Unfortunately, for basic things like Keyword Tags and Albums, that's usually not the case, so I'd assume they won't use each other's data.
Likewise, Premiere Elements and Premiere CS5 use very few of the same browser functions. It's usually best to choose one or the other program. You're not going to be able to move your project easily between these two very different apps.
Or when you say CS5 are you referring to Photoshop CS5? If so, yes, you can certainly create graphics in Photoshop and use them in Premiere Elements. However, they don't, for the most part, share the same catalogs and keyword tags.

NMAS and ConsoleOne Objects

I'm having a bit of a problem with ConsoleOne snapins and RADIUS objects.
The Radius DAS object appears as unknown on all my systems running
ConsoleOne 1.3.6d. I have one system running v1.3.6 and the radius objects
appear fine. All consoleone installations have the same NMAS snapins
loaded (from the iChain CD). I recall having to copy radius.atr to the
consoleone/bin directory to get it working the first time but this doesn't
seem to do the trick on these other workstations.
Also, almost out of the blue, I don't see the my new (RSA) login process
listed under the login methods of the user object properties anymore. I'm
not sure what has changed as it's only been about two weeks since I've been
out to this site. It still works for the users that I previously setup but
I can't configure new users.
Does anyone have any thoughts?

I got the RSA login method to appear again. I had to reinstall the RSA
NMAS snapin that I downloaded from RSA. Something must have gotten corrupt.
However, I still can't see the properties of the Radius objects in
ConsoleOne. The only thing I can find is a potentially bad radius.atr
file. I've copied this file from a working system to the other systems but
its still missing something. Snap-ins are sooo much fun.
> I'm having a bit of a problem with ConsoleOne snapins and RADIUS objects.
> The Radius DAS object appears as unknown on all my systems running
> ConsoleOne 1.3.6d. I have one system running v1.3.6 and the radius objects
> appear fine. All consoleone installations have the same NMAS snapins
> loaded (from the iChain CD). I recall having to copy radius.atr to the
> consoleone/bin directory to get it working the first time but this doesn't
> seem to do the trick on these other workstations.
>
> Also, almost out of the blue, I don't see the my new (RSA) login process
> listed under the login methods of the user object properties anymore. I'm
> not sure what has changed as it's only been about two weeks since I've been
> out to this site. It still works for the users that I previously setup but
> I can't configure new users.
>
> Does anyone have any thoughts?

By mistake I have changed the password using iChain but the website still utilises the old password that iChain originally created. How can I find out the original password that was created?

I created a password using iChain whilst on a website where I have an account. For some reason, I needed to change the password and it seems that the website can only be accessed using the original chain password. I do not have a record of it and it is not in my iChain password list. Can I find what historical passwords were used?

i am also have the same thing how can i get they out from my game center ?

Radius / NMAS / BM / Ichain

Hello,
i have the following Setup:
1x Single Tree Server with Nw 6.5 SP1a / BM3.8 SP2
This is a simple authentication Server which is placed in our dmz. Some users are synchronized with dirxml from the productive main tree to the authentication tree.
Primary this box is used for client2site vpn with vasco digipass tokens. This setup is working.
Now i wish to use the same box for ichain Radius authentication.
I have setup a 2nd box in the dmz for ichain 2.3. I have made the necessary schema extension on the Authentication server and installed the snapins for ichain.
I tested authentication with ldap to the authentication server.... no problem
Now the problems:
I setup a authentication profile on the ichain server for radius
I configured the authentication servers lpo and radius objects. All this is described in the ichain admin book page 89 (chapter 7 using radius authentication)
When i check the radius console i get the following message:
[DATE TIME] Access Request Dropped
IchainIP, cn, Unknown Radius client
What i did again: I found several tid's where the problem is described. I Changed rights to the lpo, installed the nmas234.tar, changed userprops.....but till now nothing works.
MoreSysinfos:
Radius.nlm V 4.14 / 6.March 2003
nmas.nlm 2.68 / 17.June 2004
nmasldap.nlm V 1.20 / 31.March 2004
Here the RadiusDebugLog, during authentication:
[2004-08-09 02:42:40 PM] Deleting file "sys:etc\radius\log\20040802.log", failed
[2004-08-09 02:42:40 PM] Parameter count = 1
[2004-08-09 02:42:40 PM] argv[0] = SYS:\SYSTEM\RADIUS.NLM
[2004-08-09 02:42:40 PM] Tree Name = "<null>"
[2004-08-09 02:42:40 PM] Login Name = "<null>"
[2004-08-09 02:42:40 PM] Name = "<null>"
[2004-08-09 02:42:40 PM] Workers = 0
[2004-08-09 02:42:40 PM] Port = 0
[2004-08-09 02:42:40 PM] Error encountered = 0
[2004-08-09 02:42:40 PM] Checking if parameters are to be retrieved from Registry
[2004-08-09 02:42:40 PM] Got Tree Name from registry, "<null>"
[2004-08-09 02:42:40 PM] Got Login Name from registry, "<null>"
[2004-08-09 02:42:40 PM] Got Service Name from registry, "<null>"
[2004-08-09 02:42:40 PM] Got Number Threads from registry, 5
[2004-08-09 02:42:40 PM] Got Service Port from registry, 1645
[2004-08-09 02:42:40 PM] Got Accounting Port from registry, 1646
[2004-08-09 02:42:40 PM] Got Accounting Path from registry, "sys:\etc\radius\acct"
[2004-08-09 02:42:40 PM] Got Accounting File Format from registry, "comma"
[2004-08-09 02:42:40 PM] Got RollOver from registry, "daily"
[2004-08-09 02:42:40 PM] Services supported, [2004-08-09 02:42:40 PM] "authentication" [2004-08-09 02:42:40 PM] "accounting" [2004-08-09 02:42:40 PM]
[2004-08-09 02:42:40 PM] Got Accounting Attribute File from registry, sys:\etc\radius\radacct.atr
[2004-08-09 02:42:40 PM] Got Authentication Path from registry, sys:etc\radius
[2004-08-09 02:43:03 PM] Debug logging enabled to file sys:etc\radius\debug\raddbg.log
[2004-08-09 02:43:17 PM] 1) [(ip) 62.200.168.121:1812], Received 43 Bytes (Access-Request (1))
[2004-08-09 02:43:17 PM] [(total=1) (p=0) (d=0) (r=0) (acc=0) (rej=0)]
[2004-08-09 02:43:17 PM] <2> Done GetNextMessage [(ip) 62.200.168.121:1812]: time:208207
[2004-08-09 02:43:17 PM] -------- START : (Access-Request (1)) [(ip) 62.200.168.121:1812]: time:-35971301---
[2004-08-09 02:43:17 PM] CACHE: CacheDomainListExist(ichaindas.ichain.netstal), using cache
[2004-08-09 02:43:17 PM] AuthRequestHandler(), Calling RequestHandler.
[2004-08-09 02:43:17 PM] CACHE: CacheReadSecretForNASAddress(ichaindas.ichain.nets tal), using cache
[2004-08-09 02:43:17 PM] HandleLocalRequest(), CacheReadSecretForNASAddress failed, no such RADIUS client (-822), Packet Dropped
[2004-08-09 02:43:17 PM] -------- END : (Access-Request (1)) [(ip) 62.200.168.121:1812]: time:-35971299---
[2004-08-09 02:43:23 PM] 2) [(ip) 62.200.168.121:1812], Received 43 Bytes (Access-Request (1))
[2004-08-09 02:43:23 PM] [(total=2) (p=1) (d=0) (r=0) (acc=0) (rej=0)]
[2004-08-09 02:43:23 PM] <3> Done GetNextMessage [(ip) 62.200.168.121:1812]: time:266774
[2004-08-09 02:43:23 PM] -------- START : (Access-Request (1)) [(ip) 62.200.168.121:1812]: time:-35912704---
[2004-08-09 02:43:23 PM] CACHE: CacheDomainListExist(ichaindas.ichain.netstal), using cache
[2004-08-09 02:43:23 PM] AuthRequestHandler(), Calling RequestHandler.
[2004-08-09 02:43:23 PM] CACHE: CacheReadSecretForNASAddress(ichaindas.ichain.nets tal), using cache
[2004-08-09 02:43:23 PM] HandleLocalRequest(), CacheReadSecretForNASAddress failed, no such RADIUS client (-822), Packet Dropped
[2004-08-09 02:43:23 PM] -------- END : (Access-Request (1)) [(ip) 62.200.168.121:1812]: time:-35912701---
[2004-08-09 02:48:42 PM] (->)Cacher: NWDSReadObjectInfo(ichaindas.ichain.netstal), succeeded, time:2
Thanks
Stefan

It's working now.
The Problem was the LPO. In the LoginSequences tab i have modified the standard digipass entry and added a
NDS entry. This was necessary for BM3.8 VPN Logins in our environment.
So I createt a new one, with only digipass inside and associate this LoginSequence to the Radius DAS.
Have a nice time
Stefan
>>> Scott Kiester<[email protected]> 11.08.04 22:21 >>>
You can't execute two login sequences with RADIUS, because there is no way
for RADIUS to prompt for a second set of credentials over the PAP or CHAP
protocols. The ConsoleOne snapin should not be allowing you to mark more
than one sequence as mandatory, as this configuration is invalid.
The recommended way of supporting multiple methods through RADIUS is by
creating a single NMAS "OR" login sequence, rather than using multiple
rules. You could create a sequence that specified "NDS" OR "Digipass." In
this case RADIUS would first execute the NDS method, and only execute the
Digipass method if NDS fails.
I realize that you want to require NDS AND Digipass, not NDS OR Digipass. A
login sequence that specifies NDS AND Digipass would always fail, because
the password supplied by the user would never be valid for both methods.
Unfortunately, there is not a way to require both NDS and Digipass through
RADIUS.
>>> Stefan Winterberg<[email protected]> 08/11/04 2:43 AM >>>
Hello Scott,
thank you very much. it seems that your eyes are better than ours.
The unknown client is now gone, but we still have some problems.
I have the new raddbg and nmasmon-log file below.
We have set the Sequences in the LPO for this DAS-Object to:
NDS Mandatory
Digipass Mandatory
On the UserObject the DefaultLoginClearance is set to password&token.
When we attemp to login we can see that the vasco digipass successfull login
counter is incremented by 1.
--Raddbg.log------------------------------
[2004-08-11 10:38:36 AM] Debug logging enabled to file
sys:etc\radius\debug\raddbg.log
[2004-08-11 10:38:42 AM] Cacher: Console initiated rebuild of cache
[2004-08-11 10:38:42 AM] (->)Cacher:
NWDSReadObjectInfo(ichaindas.ichain.netstal), succeeded, time:3
[2004-08-11 10:38:42 AM] Cacher: Rebuilding cache, mod time different,
[2004-08-11 10:38:42 AM]
(->)NDSReadData:NWDSRead(ichaindas.ichain.netstal,RA DIUS:DAS Version)
succeeded, time:2
[2004-08-11 10:38:42 AM]
(->)NDSReadData:NWDSRead(ichaindas.ichain.netstal,RA DIUS:Password Policy)
failed, no such attribute (-603), time:2
[2004-08-11 10:38:42 AM]
(->)NDSReadData:NWDSRead(ichaindas.ichain.netstal,RA DIUS:Common Name
Resolution) succeeded, time:2
[2004-08-11 10:38:42 AM]
(->)NDSReadData:NWDSRead(ichaindas.ichain.netstal,RA DIUS:Concurrent Limit)
failed, no such attribute (-603), time:1
[2004-08-11 10:38:42 AM]
(->)NDSReadData:NWDSRead(ichaindas.ichain.netstal,RA DIUS:Interim Accting
Timeout) failed, no such attribute (-603), time:2
[2004-08-11 10:38:42 AM]
(->)NDSReadData:NWDSRead(ichaindas.ichain.netstal,RA DIUS:Aged Interval)
failed, no such attribute (-603), time:2
[2004-08-11 10:38:42 AM]
(->)NDSReadData:NWDSRead(ichaindas.ichain.netstal,RA DIUS:Maximum History
Record) failed, no such attribute (-603), time:1
[2004-08-11 10:38:42 AM] CACHE: Use Netware Password for
"ichaindas.ichain.netstal": Enabled
[2004-08-11 10:38:42 AM] CACHE: CN Login for "ichaindas.ichain.netstal":
Enabled
[2004-08-11 10:38:42 AM] CACHE: Concurrent Limit for
"ichaindas.ichain.netstal": 0x80000000
[2004-08-11 10:38:42 AM] CACHE: Interim Timeout for
"ichaindas.ichain.netstal": 10 minutes
[2004-08-11 10:38:42 AM] CACHE: Interval For Aging for
"ichaindas.ichain.netstal": 7 days
[2004-08-11 10:38:42 AM] CACHE: Max History Record for
"ichaindas.ichain.netstal": 30
[2004-08-11 10:38:42 AM]
Context Lookup List set to:
[2004-08-11 10:38:42 AM] 1) USERS.NETSTAL
[2004-08-11 10:38:42 AM] Number of contexts = 1
[2004-08-11 10:38:42 AM] tag extracted: 62.200.168.121, size: 15, tagLength:
30
[2004-08-11 10:38:42 AM] Cache: Successfully set up client table
[2004-08-11 10:38:42 AM]
(->)NDSSetUpContextList(ichaindas.ichain.netstal), ProxyContext is empty
[2004-08-11 10:38:42 AM] Cache: Successfully set up context list
[2004-08-11 10:38:42 AM] (->)NDSSetUpDomainList(ichaindas.ichain.netstal),
Domain list is empty.
[2004-08-11 10:38:42 AM] Cache: Successfully set up domain list
[2004-08-11 10:38:42 AM] Cache: Successfully set up search domain list
[2004-08-11 10:38:42 AM] Cache: Successfully build context list
[2004-08-11 10:38:42 AM] CACHE: Cache reloaded at [2004-08-11 10:38:42
AM], current reload count is 5
[2004-08-11 10:38:42 AM] Cacher: RefreshCache(), succeeded
[2004-08-11 10:38:42 AM] CACHE: Cache loaded at [2004-08-11 10:38:11 AM]
has been discarded , current reload count is 5
[2004-08-11 10:38:57 AM] 7) [(ip) 62.200.168.121:1812], Received 43 Bytes
(Access-Request (1))
[2004-08-11 10:38:57 AM] [(total=7) (p=6) (d=0) (r=0) (acc=0) (rej=0)]
[2004-08-11 10:38:57 AM] <3> Done GetNextMessage [(ip) 62.200.168.121:1812]:
time:7776133
[2004-08-11 10:38:57 AM] -------- START : (Access-Request (1)) [(ip)
62.200.168.121:1812]: time:1545446252---
[2004-08-11 10:38:57 AM] CACHE:
CacheDomainListExist(ichaindas.ichain.netstal), using cache
[2004-08-11 10:38:57 AM] AuthRequestHandler(), Calling RequestHandler.
[2004-08-11 10:38:57 AM] CACHE:
CacheReadSecretForNASAddress(ichaindas.ichain.nets tal), using cache
[2004-08-11 10:38:57 AM] CACHE:
CacheGetEnableCNLogin(ichaindas.ichain.netstal), using cache
[2004-08-11 10:38:57 AM] CacheGetDNForName(wst), Using cache
[2004-08-11 10:38:57 AM] (->)CacheGetDNForName:NWDSReadObjectInfo(wst),
succeeded, time:9
[2004-08-11 10:38:57 AM] userName: wst
[2004-08-11 10:38:57 AM] userDN: WST.USERS.NETSTAL
[2004-08-11 10:38:57 AM]
(->)NDSVerifyAttr:NWDSRead(WST.USERS.NETSTAL,RADIUS: Dial Access Group)
succeeded, time:3
[2004-08-11 10:38:57 AM] (->)NWDSCompare:(WST.USERS.NETSTAL) succeeded,
time:2
[2004-08-11 10:38:57 AM] (->)NWDSRead(WST.USERS.NETSTAL,RADIUS Enable
Attr) failed, no such attribute (-603), time:2
[2004-08-11 10:38:57 AM] (->)User "WST.USERS.NETSTAL", Looking in
(USERS.NETSTAL) for (RADIUS:Enable Dial Access)
[2004-08-11 10:38:57 AM] (->)NWDSRead(USERS.NETSTAL,RADIUS Enable Attr)
succeeded, time:2
[2004-08-11 10:38:57 AM] User Name: wst, User DN: WST.USERS.NETSTAL,
Domain: , Service Tag:
[2004-08-11 10:38:57 AM] (->)NADMAuthRequest()
[2004-08-11 10:38:57 AM] (->)NADMAuthRequest(WST.USERS.NETSTAL) failed,
-1642 (0xfffff996), time:1776
[2004-08-11 10:38:57 AM] (->)Authenticate (0 policy, NDS pswd) (for
WST.USERS.NETSTAL), failed, -1642 (0xfffff996)
[2004-08-11 10:38:57 AM] (->)Authentication FAILED
[2004-08-11 10:38:57 AM] ->Sending Access-Reject (3) [(ip)
62.200.168.121(1812)] count=20
[2004-08-11 10:38:57 AM] ->Inserting into RespQ , code(3) id(6).
[2004-08-11 10:38:57 AM] -------- END : (Access-Request (1)) [(ip)
62.200.168.121:1812]: time:1545448063---
----nmasmon.log-------------------------------------------------------------
NMAS Enterprise Edition
0: Screen and file output started at Wed Aug 11 10:37:47 2004
GetLoginConfig: 0
NMAS_GetLoginConfig: 0
GetLoginConfig: 0
NMAS_GetLoginConfig: 0
GetLoginConfig: 0
NMAS_GetLoginConfig: 0
4: Destroy NMAS Session for reuse
4: Create NMAS Session
4: RemoteCheckIfLocalUser checking WST.USERS.NETSTAL.
4: RemoteCheckIfLocalUser is a local user.
4: Server thread started
4: NMAS_CanDo StartClientSession 0
4: >>ClientPut: message size=8 queue Size 0
4: >>ClientPut: message size=35 queue Size 8
4: NMAS_CanDo sendMessage 0
4: <<ClientGet: message size=8 queue Size 0
4: >>ServerGet: message size=8 queue size 0
4: >>ServerGet: message size=35 queue size 35
4: CanDo
4: Sequence Selected == "Digipass"
4: Login Method 0x00000050
4: MAF_Begin LSM 0x00000050
4: <<ServerPut: message size=8 queue size 0
4: <<ServerPut: message size=5 queue size 8
4: MAF_GetAttribute LSM 0x00000050 AID: 1 Value: WST.USERS.NETSTAL
4: <<ClientGet: message size=5 queue Size 0
4: NMAS_CanDo sendMessage 0
4: NMAS_CanDo disassembleDoPacket 0
4: MAF_Begin LCM 0x00000050
4: MAF_XRead LCM 0x00000050
4: <<ClientGet: message size=8 queue Size 0
4: MAF_GetAttribute LSM 0x00000050 AID: 22 Tag: digipass
4: MAF_XWrite LSM 0x00000050
4: <<ServerPut: message size=8 queue size 0
4: <<ServerPut: message size=60 queue size 8
4: MAF_XRead LSM 0x00000050
4: >>ServerGet: message size=8 queue size 0
4: <<ClientGet: message size=60 queue Size 0
4: MAF_GetAttribute LCM 0x00000050 AID: 6
4: MAF_XWrite LCM 0x00000050
4: >>ClientPut: message size=8 queue Size 0
4: >>ClientPut: message size=29 queue Size 8
4: MAF_XRead LCM 0x00000050
4: <<ClientGet: message size=8 queue Size 0
4: >>ServerGet: message size=29 queue size 0
4: MAF_PutAttribute LSM 0x00000050 AID: 22 Tag: digipass
4: MAF_XWrite LSM 0x00000050
4: <<ServerPut: message size=8 queue size 0
4: <<ServerPut: message size=16 queue size 8
4: MAF_End LSM 0x00000050 successful
4: >>ServerGet: message size=8 queue size 0
4: <<ClientGet: message size=16 queue Size 0
4: MAF_End LCM 0x00000007
4: >>ClientPut: message size=8 queue Size 0
4: <<ClientGet: message size=8 queue Size 0
4: WhatNext
4: Login Method 0x00000007
4: MAF_GetAttribute LSM 0x00000007 AID: 2
4: MAF_GetAttribute LSM 0x00000007 AID: 1 Value: WST.USERS.NETSTAL
4: MAF_Begin LSM 0x00000007
4: <<ServerPut: message size=8 queue size 0
4: <<ServerPut: message size=5 queue size 8
4: MAF_AllowPasswordSet LSM 0x00000007
4: MAF_GetPassword LSM 0x00000007
4: MAF_Write LSM 0x00000007
4: <<ServerPut: message size=8 queue size 5
4: <<ServerPut: message size=40 queue size 13
4: MAF_GetNDSPasswordHash LSM 0x00000007
4: MAF_XWrite LSM 0x00000007
4: <<ServerPut: message size=8 queue size 53
4: <<ServerPut: message size=36 queue size 61
4: MAF_XRead LSM 0x00000007
4: >>ServerGet: message size=8 queue size 0
4: <<ClientGet: message size=5 queue Size 0
4: MAF_Begin LCM 0x00000007
4: MAF_GetAttribute LCM 0x00000007 AID: 6
4: MAF_GetAttribute LCM 0x00000007 AID: 1 Value: WST.USERS.NETSTAL
4: MAF_Read LCM 0x00000007
4: <<ClientGet: message size=8 queue Size 92
4: <<ClientGet: message size=40 queue Size 84
4: MAF_XRead LCM 0x00000007
4: <<ClientGet: message size=8 queue Size 44
4: <<ClientGet: message size=36 queue Size 36
4: MAF_XWrite LCM 0x00000007
4: >>ClientPut: message size=8 queue Size 0
4: >>ClientPut: message size=56 queue Size 8
4: MAF_XRead LCM 0x00000007
4: <<ClientGet: message size=8 queue Size 0
4: >>ServerGet: message size=56 queue size 0
4: MAF_GetNDSPasswordHash LSM 0x00000007
4: MAF_XWrite LSM 0x00000007
4: <<ServerPut: message size=8 queue size 0
4: <<ServerPut: message size=32 queue size 8
4: MAF_End LSM 0x00000007 failed
4: ERROR: -1642 Login Method
4: ERROR: -1642 WhatNext
4: ERROR: -1642 NMAS Manager
4: <<ServerPut: message size=8 queue size 32
4: <<ServerPut: message size=4 queue size 40
4: >>ServerGet: message size=8 queue size 0
4: <<ClientGet: message size=32 queue Size 0
4: MAF_Write LCM 0x00000007
4: >>ClientPut: message size=8 queue Size 0
4: >>ClientPut: message size=12 queue Size 8
4: MAF_End LCM 0x00000007
4: >>ClientPut: message size=8 queue Size 12
4: <<ClientGet: message size=8 queue Size 12
4: <<ClientGet: message size=4 queue Size 4
4: >>ClientPut: message size=8 queue Size 20
4: <<ClientGet: message size=8 queue Size 0
4: >>ServerGet: message size=12 queue size 0
4: >>ServerGet: message size=8 queue size 16
4: >>ServerGet: message size=8 queue size 8
4: <<ServerPut: message size=8 queue size 0
4: Server thread exited
4: Client Session Destroy Request
4: Local Session Cleared (Not Destroyed)
Thanks
>>> Scott Kiester<[email protected]> 10.08.04 19:14 >>>
It looks like you transposed the middle two octets in the client IP
address.
Here's what RADIUS.NLM is reading out of the client table:
[2004-08-10 04:44:21 PM] tag extracted: 62.168.200.121, size: 15,
tagLength:
30
And here's the access-request:
[2004-08-10 04:45:32 PM] -------- START : (Access-Request (1)) [(ip)
62.200.168.121:1812]: time:901386806---
>>> Stefan Winterberg<[email protected]> 08/10/04 8:52 AM >>>
Hello Scott,
there is no problem with the tree key. ConsoleOne can add , remove and
modify these properties.
here the actual raddbg.log:
[2004-08-10 04:44:21 PM] Cacher: Console initiated rebuild of cache
[2004-08-10 04:44:21 PM] (->)Cacher:
NWDSReadObjectInfo(ichaindas.ichain.netstal), succeeded, time:2
[2004-08-10 04:44:21 PM] Cacher: Rebuilding cache, mod time different,
[2004-08-10 04:44:21 PM]
(->)NDSReadData:NWDSRead(ichaindas.ichain.netstal,RA DIUS:DAS Version)
succeeded, time:3
[2004-08-10 04:44:21 PM]
(->)NDSReadData:NWDSRead(ichaindas.ichain.netstal,RA DIUS:Password Policy)
failed, no such attribute (-603), time:2
[2004-08-10 04:44:21 PM]
(->)NDSReadData:NWDSRead(ichaindas.ichain.netstal,RA DIUS:Common Name
Resolution) succeeded, time:2
[2004-08-10 04:44:21 PM]
(->)NDSReadData:NWDSRead(ichaindas.ichain.netstal,RA DIUS:Concurrent Limit)
failed, no such attribute (-603), time:1
[2004-08-10 04:44:21 PM]
(->)NDSReadData:NWDSRead(ichaindas.ichain.netstal,RA DIUS:Interim Accting
Timeout) failed, no such attribute (-603), time:2
[2004-08-10 04:44:21 PM]
(->)NDSReadData:NWDSRead(ichaindas.ichain.netstal,RA DIUS:Aged Interval)
failed, no such attribute (-603), time:2
[2004-08-10 04:44:21 PM]
(->)NDSReadData:NWDSRead(ichaindas.ichain.netstal,RA DIUS:Maximum History
Record) failed, no such attribute (-603), time:2
[2004-08-10 04:44:21 PM] CACHE: Use Netware Password for
"ichaindas.ichain.netstal": Enabled
[2004-08-10 04:44:21 PM] CACHE: CN Login for "ichaindas.ichain.netstal":
Enabled
[2004-08-10 04:44:21 PM] CACHE: Concurrent Limit for
"ichaindas.ichain.netstal": 0x80000000
[2004-08-10 04:44:21 PM] CACHE: Interim Timeout for
"ichaindas.ichain.netstal": 10 minutes
[2004-08-10 04:44:21 PM] CACHE: Interval For Aging for
"ichaindas.ichain.netstal": 7 days
[2004-08-10 04:44:21 PM] CACHE: Max History Record for
"ichaindas.ichain.netstal": 30
[2004-08-10 04:44:21 PM]
Context Lookup List set to:
[2004-08-10 04:44:21 PM] 1) USERS.NETSTAL
[2004-08-10 04:44:21 PM] Number of contexts = 1
[2004-08-10 04:44:21 PM] tag extracted: 62.168.200.121, size: 15,
tagLength:
30
[2004-08-10 04:44:21 PM] Cache: Successfully set up client table
[2004-08-10 04:44:21 PM]
(->)NDSSetUpContextList(ichaindas.ichain.netstal), ProxyContext is empty
[2004-08-10 04:44:21 PM] Cache: Successfully set up context list
[2004-08-10 04:44:21 PM]
(->)NDSSetUpDomainList(ichaindas.ichain.netstal),
Domain list is empty.
[2004-08-10 04:44:21 PM] Cache: Successfully set up domain list
[2004-08-10 04:44:21 PM] Cache: Successfully set up search domain list
[2004-08-10 04:44:21 PM] Cache: Successfully build context list
[2004-08-10 04:44:21 PM] CACHE: Cache reloaded at [2004-08-10 04:44:21
PM], current reload count is 5
[2004-08-10 04:44:21 PM] Cacher: RefreshCache(), succeeded
[2004-08-10 04:44:21 PM] CACHE: Cache loaded at [2004-08-10 04:43:05 PM]
has been discarded , current reload count is 5
[2004-08-10 04:45:21 PM] (->)Cacher:
NWDSReadObjectInfo(ichaindas.ichain.netstal), succeeded, time:1
[2004-08-10 04:45:32 PM] 15) [(ip) 62.200.168.121:1812], Received 43 Bytes
(Access-Request (1))
[2004-08-10 04:45:32 PM] [(total=15) (p=14) (d=0) (r=0) (acc=0)
(rej=0)]
[2004-08-10 04:45:32 PM] <6> Done GetNextMessage [(ip)
62.200.168.121:1812]:
time:124205589
[2004-08-10 04:45:32 PM] -------- START : (Access-Request (1)) [(ip)
62.200.168.121:1812]: time:901386806---
[2004-08-10 04:45:32 PM] CACHE:
CacheDomainListExist(ichaindas.ichain.netstal), using cache
[2004-08-10 04:45:32 PM] AuthRequestHandler(), Calling RequestHandler.
[2004-08-10 04:45:32 PM] CACHE:
CacheReadSecretForNASAddress(ichaindas.ichain.nets tal), using cache
[2004-08-10 04:45:32 PM] HandleLocalRequest(),
CacheReadSecretForNASAddress
failed, no such RADIUS client (-822), Packet Dropped
[2004-08-10 04:45:32 PM] -------- END : (Access-Request (1)) [(ip)
62.200.168.121:1812]: time:901386809---
[2004-08-10 04:45:38 PM] 16) [(ip) 62.200.168.121:1812], Received 43 Bytes
(Access-Request (1))
[2004-08-10 04:45:38 PM] [(total=16) (p=15) (d=0) (r=0) (acc=0)
(rej=0)]
[2004-08-10 04:45:38 PM] <2> Done GetNextMessage [(ip)
62.200.168.121:1812]:
time:124022378
[2004-08-10 04:45:38 PM] -------- START : (Access-Request (1)) [(ip)
62.200.168.121:1812]: time:901444855---
[2004-08-10 04:45:38 PM] CACHE:
CacheDomainListExist(ichaindas.ichain.netstal), using cache
[2004-08-10 04:45:38 PM] AuthRequestHandler(), Calling RequestHandler.
[2004-08-10 04:45:38 PM] CACHE:
CacheReadSecretForNASAddress(ichaindas.ichain.nets tal), using cache
[2004-08-10 04:45:38 PM] HandleLocalRequest(),
CacheReadSecretForNASAddress
failed, no such RADIUS client (-822), Packet Dropped
[2004-08-10 04:45:38 PM] -------- END : (Access-Request (1)) [(ip)
62.200.168.121:1812]: time:901444857---
Thanks
Stefan
>>> Scott Kiester<[email protected]> 10.08.04 01:07 >>>
You might have a problem with the tree key in your environment. First of
all, make sure that ConosleOne is storing the client data. After you add a
new entry to the client table on your DAS, close the DAS properties dialog
and re-open it. If the new client is not there when you re-open the dialog,
then ConsoleOne may have been unable to save the data due to a problem with
the tree key. You can confirm this by executing ConsoleOne with the
following command line: "consoleone -debug -windowout". This will make
ConsoleOne display a debug window in the top-left portion of your screen.
If
there is a problem saving the client data, then ConsoleOne will display an
exception and an error code in this window. If the error is in the -14xx
range, (-1460 and -1418 are most common) then you most likely have a
problem
with your tree key.
If ConsoleOne is saving the data correctly, then you'll need to see what is
happening when RADIUS.NLM reads this data. To do this, issue a "radius
refreshcache" command at the server console after you enable debug logging.
Please post this file here and I'll take a look at it.
Tree key problems can be corrected with SDIDIAG, which IIRC is available as
a free download from the support site.
>>> Stefan Winterberg<[email protected]> 08/09/04 8:16 AM >>>
Hello,
i have the following Setup:
1x Single Tree Server with Nw 6.5 SP1a / BM3.8 SP2
This is a simple authentication Server which is placed in our dmz. Some
users are synchronized with dirxml from the productive main tree to the
authentication tree.
Primary this box is used for client2site vpn with vasco digipass tokens.
This setup is working.
Now i wish to use the same box for ichain Radius authentication.
I have setup a 2nd box in the dmz for ichain 2.3. I have made the necessary
schema extension on the Authentication server and installed the snapins for
ichain.
I tested authentication with ldap to the authentication server.... no
problem
Now the problems:
I setup a authentication profile on the ichain server for radius
I configured the authentication servers lpo and radius objects. All this is
described in the ichain admin book page 89 (chapter 7 using radius
authentication)
When i check the radius console i get the following message:
[DATE TIME] Access Request Dropped
IchainIP, cn, Unknown Radius client
What i did again: I found several tid's where the problem is described. I
Changed rights to the lpo, installed the nmas234.tar, changed
userprops.....but till now nothing works.
MoreSysinfos:
Radius.nlm V 4.14 / 6.March 2003
nmas.nlm 2.68 / 17.June 2004
nmasldap.nlm V 1.20 / 31.March 2004
Here the RadiusDebugLog, during authentication:
[2004-08-09 02:42:40 PM] Deleting file "sys:etc\radius\log\20040802.log",
failed
[2004-08-09 02:42:40 PM] Parameter count = 1
[2004-08-09 02:42:40 PM] argv[0] = SYS:\SYSTEM\RADIUS.NLM
[2004-08-09 02:42:40 PM] Tree Name = "<null>"
[2004-08-09 02:42:40 PM] Login Name = "<null>"
[2004-08-09 02:42:40 PM] Name = "<null>"
[2004-08-09 02:42:40 PM] Workers = 0
[2004-08-09 02:42:40 PM] Port = 0
[2004-08-09 02:42:40 PM] Error encountered = 0
[2004-08-09 02:42:40 PM] Checking if parameters are to be retrieved from
Registry
[2004-08-09 02:42:40 PM] Got Tree Name from registry, "<null>"
[2004-08-09 02:42:40 PM] Got Login Name from registry, "<null>"
[2004-08-09 02:42:40 PM] Got Service Name from registry, "<null>"
[2004-08-09 02:42:40 PM] Got Number Threads from registry, 5
[2004-08-09 02:42:40 PM] Got Service Port from registry, 1645
[2004-08-09 02:42:40 PM] Got Accounting Port from registry, 1646
[2004-08-09 02:42:40 PM] Got Accounting Path from registry,
"sys:\etc\radius\acct"
[2004-08-09 02:42:40 PM] Got Accounting File Format from registry,
"comma"
[2004-08-09 02:42:40 PM] Got RollOver from registry, "daily"
[2004-08-09 02:42:40 PM] Services supported, [2004-08-09 02:42:40 PM]
"authentication" [2004-08-09 02:42:40 PM] "accounting" [2004-08-09
02:42:40
PM]
[2004-08-09 02:42:40 PM] Got Accounting Attribute File from registry,
sys:\etc\radius\radacct.atr
[2004-08-09 02:42:40 PM] Got Authentication Path from registry,
sys:etc\radius
[2004-08-09 02:43:03 PM] Debug logging enabled to file
sys:etc\radius\debug\raddbg.log
[2004-08-09 02:43:17 PM] 1) [(ip) 62.200.168.121:1812], Received 43 Bytes
(Access-Request (1))
[2004-08-09 02:43:17 PM] [(total=1) (p=0) (d=0) (r=0) (acc=0) (rej=0)]
[2004-08-09 02:43:17 PM] <2> Done GetNextMessage [(ip)
62.200.168.121:1812]:
time:208207
[2004-08-09 02:43:17 PM] -------- START : (Access-Request (1)) [(ip)
62.200.168.121:1812]: time:-35971301---
[2004-08-09 02:43:17 PM] CACHE:
CacheDomainListExist(ichaindas.ichain.netstal), using cache
[2004-08-09 02:43:17 PM] AuthRequestHandler(), Calling RequestHandler.
[2004-08-09 02:43:17 PM] CACHE:
CacheReadSecretForNASAddress(ichaindas.ichain.nets tal), using cache
[2004-08-09 02:43:17 PM] HandleLocalRequest(),
CacheReadSecretForNASAddress
failed, no such RADIUS client (-822), Packet Dropped
[2004-08-09 02:43:17 PM] -------- END : (Access-Request (1)) [(ip)
62.200.168.121:1812]: time:-35971299---
[2004-08-09 02:43:23 PM] 2) [(ip) 62.200.168.121:1812], Received 43 Bytes
(Access-Request (1))
[2004-08-09 02:43:23 PM] [(total=2) (p=1) (d=0) (r=0) (acc=0) (rej=0)]
[2004-08-09 02:43:23 PM] <3> Done GetNextMessage [(ip)
62.200.168.121:1812]:
time:266774
[2004-08-09 02:43:23 PM] -------- START : (Access-Request (1)) [(ip)
62.200.168.121:1812]: time:-35912704---
[2004-08-09 02:43:23 PM] CACHE:
CacheDomainListExist(ichaindas.ichain.netstal), using cache
[2004-08-09 02:43:23 PM] AuthRequestHandler(), Calling RequestHandler.
[2004-08-09 02:43:23 PM] CACHE:
CacheReadSecretForNASAddress(ichaindas.ichain.nets tal), using cache
[2004-08-09 02:43:23 PM] HandleLocalRequest(),
CacheReadSecretForNASAddress
failed, no such RADIUS client (-822), Packet Dropped
[2004-08-09 02:43:23 PM] -------- END : (Access-Request (1)) [(ip)
62.200.168.121:1812]: time:-35912701---
[2004-08-09 02:48:42 PM] (->)Cacher:
NWDSReadObjectInfo(ichaindas.ichain.netstal), succeeded, time:2
Thanks
Stefan

Clustering Virtual Office and Netstorage Services in a DMZ

Gudday Guys,
We are relative novices with implementing Virtual Office and Netstorage
but we currently have it set up to front end our student storage system.
As the system will support 40,000 students, we are looking to move from a
single server implementation to a cluster with it running on at least two
servers to share the load. In addition, in order for students to access
their files from home, we intend deploying the cluster into the DMZ and
using SSL to connect from outside.
Before we set this up, I have a few questions. Firstly, can we set the
cluster up in its own tree so that its replication etc can be confined in
the DMZ or are we forced to set it up in our existing tree which is where
the users and storage reside? We could then pass the authentication
traffic through the conduits to our replica servers. If we can do this,
are there any special tricks/tips?
Any help or suggestions would be greatly appreciated. Thanks. Bill G.

> We don't allow http access directly from the outside - PERIOD! That's a
> Policy.
no problaem, that's fine.
> We use iChain to front end some of our existing Webapps but we decided to
> do this slightly differently this time and host the webapp itself in the
> DMZ and the services behind the firewall. That way we can easily access it
> both from within and outside the district.
well.......
> I've opened conduits for Authentication to the other tree (Port 524 tcp
> and udp) and also SLP (Port 427 TCP and UDP). I'm having trouble getting
> access to the DAs in the other tree. Any Thoughts?
you need to open up more ports. The client uses a "high" port as the source
port and 427 as the destination port when talking SLP. The DA will respond
to the client's source port. The source port from the server will be 427 but
the destination port will not be. You will need to open ports from the
client to allow high ports. 1024 to <whatever> is the normal range.
<whatever> supposedly never goes over 1500 or so.
NETSTAT -A will show you what its using.
Cheers!
Richard Beels
~ Network Consultant
~ Sysop, Novell Support Connection
~ MCNE, CNE*, CNA*, CNS*, N*LS

10.5.6 Novell iChain

In addition to HSBC and other banks, since updating to 10.5.6 Novell iChain will not work with Safari. My work uses iChain and I can't access anything that sits behind it.
Temporarily I've installed Firefox, but even that seems to be chugging along at login.

Hello, and welcome to the Discussions.
It has always had these two choices: using the Message Preview Pane (my preferred way) and minizing the Message Preview Pane to require double-clicking. Just double click on the three little bars in the middle of the bar separating the preview pane from the list of messages.
Ernie

Radius problems/ichain

we have Nw6.5 SP2 with radius files from ichain 2.3 CD(overwrite all)
with the nmas patch
nmas V2.6.8
radius v4.15
problems:
1.were getting radius client unknown (radius nlm does load but wont
unload, just hangs)
2. i can only get nwadmin to save the client details in the DAS object
C1 just wont save it- ive tried V136c,136,135 and the server version
which errors with
"waiting for reading vendor list from attribute file" however the
radius.atr file does exist
3. not sure if this is relevant here but vasco token wont assign to a user
errors with "unable to write configuration data"
thanks for help

well for no reason at all it started working with C1 locally 2 days later !
weird
Also if I assign a DAS object to a container and all users underneath are
told to inherit the DAS from the container settings
then I wont have to configure each user object ? This doesnt sem to inherit
for some reason.
Is the Radus.nlm form the ichain 2.3 auth CD good enough for a NW6.5 SP2
server or is
there an update
Thanks?
"Scott Kiester" <[email protected]> wrote in message
news:bYq%[email protected]...
> Your first and third items could be due to an inconsistent or missing tree
> key. You can use SDIDIAG to troubleshoot and correct tree key issues.
> SDIDIAG is available as a free download from the support site.
>
> Your second issue is due to a bug in the RADIUS ConsoleOne snapin. The
> problem should go away if you run ConsoleOne from your local workstation,
> instead of running it from a drive mapped to the server. The snapin uses a
> very inefficient method of parsing the radius.atr file, which requires it
to
> do several seeks for each record that is processed. When ConsoleOne has to
> go over the network to access the file, it can take a very long time to
> parse (10-15 minutes in my experience).
>
> Also, don't administer NMAS RADIUS with NWAdmin. NWAdmin is for BMAS 3.7
and
> older BMAS servers only. (BMAS 3.8 is NMAS RADIUS, and therefore uses
> ConsoleOne.)
>
> >>> <[email protected]> 09/07/04 7:12 AM >>>
> we have Nw6.5 SP2 with radius files from ichain 2.3 CD(overwrite all)
> with the nmas patch
> nmas V2.6.8
> radius v4.15
>
> problems:
> 1.were getting radius client unknown (radius nlm does load but wont
> unload, just hangs)
> 2. i can only get nwadmin to save the client details in the DAS object
> C1 just wont save it- ive tried V136c,136,135 and the server version
> which errors with
> "waiting for reading vendor list from attribute file" however the
> radius.atr file does exist
> 3. not sure if this is relevant here but vasco token wont assign to a user
> errors with "unable to write configuration data"
>
> thanks for help
>
>

Proxy server and uri rewrite

We're trying to set up some internet reports, which go through a proxy server (Novell iChain). We want to have the external calls use a particular cgicmd.dat entry on our ReportServer.
So
https://dnrx.wisconsin.gov/ldesrep?other_stuff
would turn into an internal app server call like
http://server/reports/rwservlet?cmdkey=ldesexternal&other_stuff
iChain won't do that. It can't work with the queryString portion of the call.
Apache will easily rewrite the incoming uri and queryString into the right form, but mod_rewrite seems to fire too late, so it interprets the /reports/rwservlet as a directory, not a program to be executed.
(I could probably call one Apache server and have it use mod_rewrite to send the rewritten call to another server, but that seems pretty kludgey).
Anyway, I'm looking for a good way to call a report through our proxy server and allow external access to only a limited set of reports on the server.
Any suggestions?
-- jim

Pintom1 wrote:
This works GREAT, however, I noticed when I'm at work and work has a proxy server for FTP I cannot connect to my domain and update - publish to my private server doesn't happen.
Would anyone know how to make ICal use a proxy? Having the proxy in the Network Prefs under FTP and the box checked does not work. Both passive and unpassive does not make a difference.
Is there a way to enter proxy information in the ftp:// string I am using?
I can get the calendars no problem. I know there is an HTTP proxy but ICal seems to be able to get through this fine?
Any suggestions would be appreciated.
THANKS!
Message was edited by: Pintom1
We had issues when we first published our calendars at work too. I am not certain that this will help, but you can try it. What we did was go to the Network Preference Pane and add the IP address of the Cal server to the list of IP's that bypass the proxy server. After that we had no issues viewing or updating our calendars. I don't know exactly how your network is setup, but it may be worth a shot.
Brian

A problem with Threads and loops.

Hi, I have some code that needs to be constantly running, like while(true)
      //code here
}However, the code just checks to see if the user has input anything (and then if the user has, it goes to do some other stuff) so I don't need it constantly running and hogging up 98% of the CPU. So I made my class (which has the method that needs to be looped, call it ClassA) implement Runnable. Then I just added the method which needed to be looped into the public void run()
I have another class which creates an instance of the above class (call it ClassB), and the main(String[] args) is in there.
public static void main(String[] args)
          ClassA test = new ClassA();
          Thread thread = new Thread(test.getInstanceOfClassA());
          thread.start();
          while(true)
                       //I do not know what to put here
               try
                    thread.sleep(100);
               catch(InterruptedException iex)
     }However, the thread only calls run() once,(duh...) but I can't think of away to get it to run - sleep - run -sleep forever. Can someone help me?

Hi, I have some code that needs to be constantly
running, like while(true)
//code here
}However, the code just checks to see if the user has
input anything (and then if the user has, it goes to
do some other stuff) so I don't need it constantly
running and hogging up 98% of the CPU. Where does the user input come from. Are you reading from an InputStream? If so, then your loop will be blocked anyway when reading from the InputStream until data is available. During that time, the loop will not consume processor cycles.
public static void main(String[] args)
          ClassA test = new ClassA();
Thread thread = new Thread(test.getInstanceOfClassA());I have never seen this idiom. If ClassA instanceof Runnable, you simply write new Thread(test).
          thread.start();
          while(true)
//I do not know what to put
do not know what to put here
               try
                    thread.sleep(100);
               catch(InterruptedException iex)
     }However, the thread only calls run() once,(duh...)Yeah, why would you want to call it more than once given that you have an infinite loop in ClassA.run()?
Harald.
Java Text Crunching: http://www.ebi.ac.uk/Rebholz-srv/whatizit/software

BM 3.9 and iChain

Similar Messages

Maybe you are looking for