Tta_printer with linux client behind router

hi,
what do have i to do, to print to my Linux Client! The Client is behind a firewall!
if i print a job, the job hangs on the tarantella server!
Applikation Server: SuSE 9.3
Tarantella Server:SLES10
Client: openSuSE 10.2
Router also linux!! ;-)

if your client is behind a firewall then you probably want to use firewall traversal. If your app server is behind a firewall then you need to open 515 (lpr) or 631 (CUPS). If you are using Windows printing, then you just need the RDP port open (3389).

Similar Messages

Wireless Lan connection issue with Linux clients

Hi
In a large Wireless Lan enviroment for a university, we have 3 WISM moduls attached on a 6k hw - Manged by ACS v6.0.181.0
We recently upgraded the software version of the controllers from 4.x to 7.0.98.0 - the Emergency Image version is 5.2.157.0
Since then, the students with Linux clients have massive connection issue - repeated connection lost in a short time period.
However the students with Windows clients have no problem at all.
The studends report, that their linux clients getting so much of some kind of unnecessary broadcast traffic which can not be handled by the NIC - and the NIC goes down - and this happens all 5-10 minutes.
Affected Linux clients are: Ubuntu v10.10 - also OpenSuse, Fedora and Arch-linx with latest OS version.
Any Idea how I could solve this problem?
Thanks in advance for your help

Hi Nicolas
Thanks for your reply. The broadcast forwarding is disabled on WLC's.
Pls find below the attached picture, which shows the captured broadcast traffic on a linux client (sent by a student to me).
I'm not sure, if its really only the broadcast traffic, which the linux clients can not handle.
From my point of view, it seems also to be that the linux clients are somehow disadvantaged among the other clients like windows or mac, if they all trying to get a wireless connection.
But the fact is only the linux clients are affected - and this happens to the linux clients only in our wireless infrastructure.
Windows or Mac clients have no such problem at all
regards
Enis

Contivity vpn client behind router with easy server

Hi, I've seen this argument before, but without an effective solution.
I have a contivity client behind a 857 cisco router. This client needs to connect to a remote VPN server.
With NAT enable and easy VPN server disable all works fine.
When I enable easy VPN server on the 857 (I need to connect several dial-up cisco vpn client from outside to this office) the contivity client can't connect anymore to the remote vpn server and hang up with the famous "bannet text" error.
I think that because the external interface of the 857 is waiting for cisco vpn client to connect, it intercepts also the data from the remote contivity vpn server, not forwarding to the client inside the LAN.
If there is a way to "passthrough" the contivity connection data to the internal client it would be very nice.
Many thanks, Stefano.

Hi, I found a possible solution. At this page
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080235197.shtml
this is the interesting part:
!--- Dynamic crypto map.
crypto dynamic-map dynmap 1
set transform-set foo
match address 199
access-list 199 permit ip 10.100.100.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 199 permit ip host 172.16.142.191 192.168.1.0 0.0.0.255
I try to put the contivity vpn client to another subnet (192.168.3.10) but the easy vpn server still intercepts its encrypted data.
Salutes.

Pdf printing with linux client

hi,
i'm working with a SuSE 9.3 Client and I want to use PDF-Printing with the Acrobat Reader. With Windows Xp it works fine, but if i choose the PDF-Printer with the Linux-Client nothing happens. The PDF-Job exist in the cue. What do i have to do that it works?
P.S. I`am from germany ;-)

Thanks! But on which machine do i have to put the lp command?
Application-Server?
Tarantella Server?
Client?
I have put it on my Client! But nothinng happens.
My PATH --> /home/me/bin:/usr/local/sgdee:/usr/local/bin:/usr/bin:/usr/X11R6/bin:/bin:/usr/games:/opt/gnome/bin:/opt/kde3/bin:/usr/lib/jvm/jre/bin:/usr/lib/qt3/bin
my script -->
me@my-notebook:~> cat /usr/local/sgdee/lp
#!/bin/bash
LPINFILE=/tmp/.nclp.$$
PATH="/bin:/usr/bin:/usr/local/bin:/usr/bin/X11:/usr/X11R6/bin"
export PATH
[ -f $1 ] && mv $1 $LPINFILE
[ -f $2 ] && mv $2 $LPINFILE
echo "Print: $* -> $LPINFILE" >> /tmp/nclog.`logname`
echo "/usr/bin/xpdf -display $DISPLAY $LPINFILE; rm -f $LPINFILE" | at now
exit 0
me@my-notebook:~>

ACS 3.3.4 with Linux client

I've got some problems with a Linux wireless network connection. NetworkManager is installed on the Linux laptop. PEAP profile is created.
When the default Character String in ACS points to "Self" or his own IP adress, the Linux client can authenticate and succesfully log in to the wireless network.
When the default "Character String" is set to an extended RADIUS server, the client cannot login anymore. I created a new "Character String" that contains the @domain.local suffix. It is not working. Same problem for a Nokia (Symbian) cellphone.
What can it be ?

ACS 3.0(4) is only supported on Windows 2000/NT and not 2003

NAC with Linux client

Hi,
I have some Linux clients. When they connects to the trusted network in the first time, they are redirected to NAC login page and are required to download java runtime. I set policies so that linux client can download java and install it, but after that, the web browers (firefox) on linux client still not allow NAC login page to be loaded.
What is the root cause in this case ?
Any guy can help me!
Best regards,
NamNT

Folks, the problem is due to the fact that there are no web agents available for linux at this time. You need to create a new user page for linux with all java options disabled ( such as the one for mac address checking , ip address refresh etc ) . Make this user page on the top of the list. Also, under clean access requirements, make sure 'require use of web agent' is disabled for linux. This way, there will be web redirection and authentication only for linux clients ( no posture possible for linux ).
Thanks,
Mani

How to configure full tunnel with VPN client and router?

I know the concept of split tunnel....Is it possibe to configure vpn client and router full tunnel or instead of router ASA? I know filter options in concentrators is teher options in ISR routers or ASA?

I think it is possible. Following links may help you
http://www.cisco.com/en/US/products/hw/routers/ps274/products_configuration_example09186a0080819289.shtml

802.1x authentication problem on C2960S-48TS-L with Linux clients

Hi,
Due to implementing wired 802.1x in my company I fased with problem of authentication of some Linux computers (Ubuntu 13.10+) via mab at the one of my Access switches(C2960S-48TS-L). The problem exist on IOS 12.55 and 15.0(2)SE6.
It seems that Authenticator can't detect MAC address of supplicant. In debug the MAC address is (Unknown MAC) or (0000.0000.0000).
Before authentication I could see registered MAC address on the switchport interface(without 802.1x settings on the port):
sh mac address-table interface g1/0/2 "before 802.1x authentication"
Vlan Mac Address Type Ports
2 0015.990f.60d9 STATIC Gi1/0/2
The host should get to Vlan 2 after failed authentication(according to port settings). But actually after trying to authenticate the host on this port
loses connection with network and doesn't get in 2 Vlan
sh mac address-table interface g1/0/2 "after 802.1x authentication"
Vlan Mac Address Type Ports
sh authentication sessions
Interface MAC Address Method Domain Status Session ID
Gi1/0/24 (unknown) dot1x DATA Authz Success 6A7D1FAF0000000000023E32
Gi1/0/25 (unknown) dot1x DATA Authz Success 6A7D1FAF0000000200024193
Gi1/0/2 (unknown) mab UNKNOWN Running 6A7D1FAF000000280011BA1A
sh dot1x interface g1/0/2 details
Dot1x Info for GigabitEthernet1/0/2
PAE = AUTHENTICATOR
QuietPeriod = 5
ServerTimeout = 0
SuppTimeout = 30
ReAuthMax = 2
MaxReq = 2
TxPeriod = 3
sh run int g1/0/2
interface GigabitEthernet1/0/2
description ## User Port ##
switchport access vlan 2
switchport mode access
switchport voice vlan 5
switchport port-security maximum 5
switchport port-security
switchport port-security aging time 2
switchport port-security aging type inactivity
ip arp inspection limit rate 120
authentication event fail retry 0 action authorize vlan 2
authentication event server dead action authorize vlan 2
authentication event no-response action authorize vlan 2
authentication host-mode multi-host
authentication port-control auto
authentication periodic
authentication timer reauthenticate 3900
authentication timer inactivity 300
authentication violation restrict
mab
dot1x pae authenticator
dot1x timeout quiet-period 5
dot1x timeout tx-period 3
storm-control broadcast level 1.00
storm-control multicast level 1.00
storm-control action trap
no cdp enable
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
end
I have tried to change authentication host-mode to multi-domain but the problem remains.
"debug dot1x all" in the attached file.
Please help me to resolve this issue

I have removed port security but still have failed authentication on the port
002262: Mar 26 16:23:26.516: dot1x-ev(Gi1/0/2): Deleting client 0x9A000053 (0000.0000.0000)
002263: Mar 26 16:23:26.516: dot1x-ev:Delete auth client (0x9A000053) message
002264: Mar 26 16:23:26.516: dot1x-ev:Auth client ctx destroyed
002265: Mar 26 16:23:26.715: dot1x_auth Gi1/0/2: initial state auth_initialize has enter
002266: Mar 26 16:23:26.715: dot1x-sm(Gi1/0/2): 0x6D000054:auth_initialize_enter called
002267: Mar 26 16:23:26.715: dot1x_auth Gi1/0/2: during state auth_initialize, got event 0(cfg_auto)
002268: Mar 26 16:23:26.715: @@@ dot1x_auth Gi1/0/2: auth_initialize -> auth_disconnected
002269: Mar 26 16:23:26.715: dot1x-sm(Gi1/0/2): 0x6D000054:auth_disconnected_enter called
002270: Mar 26 16:23:26.715: dot1x_auth Gi1/0/2: idle during state auth_disconnected
002271: Mar 26 16:23:26.715: @@@ dot1x_auth Gi1/0/2: auth_disconnected -> auth_restart
002272: Mar 26 16:23:26.715: dot1x-sm(Gi1/0/2): 0x6D000054:auth_restart_enter called
002273: Mar 26 16:23:26.715: dot1x-ev(Gi1/0/2): Sending create new context event to EAP for 0x6D000054 (0000.0000.0000)
002274: Mar 26 16:23:26.715: dot1x_auth_bend Gi1/0/2: initial state auth_bend_initialize has enter
002275: Mar 26 16:23:26.715: dot1x-sm(Gi1/0/2): 0x6D000054:auth_bend_initialize_enter called
002276: Mar 26 16:23:26.715: dot1x_auth_bend Gi1/0/2: initial state auth_bend_initialize has idle
002277: Mar 26 16:23:26.715: dot1x_auth_bend Gi1/0/2: during state auth_bend_initialize, got event 16383(idle)
002278: Mar 26 16:23:26.715: @@@ dot1x_auth_bend Gi1/0/2: auth_bend_initialize -> auth_bend_idle
002279: Mar 26 16:23:26.715: dot1x-sm(Gi1/0/2): 0x6D000054:auth_bend_idle_enter called
002280: Mar 26 16:23:26.715: dot1x-ev(Gi1/0/2): Created a client entry (0x6D000054)
002281: Mar 26 16:23:26.715: dot1x-ev(Gi1/0/2): Dot1x authentication started for 0x6D000054 (0000.0000.0000)
002282: Mar 26 16:23:26.715: dot1x-sm(Gi1/0/2): Posting !EAP_RESTART on Client 0x6D000054
002283: Mar 26 16:23:26.715: dot1x_auth Gi1/0/2: during state auth_restart, got event 6(no_eapRestart)
002284: Mar 26 16:23:26.715: @@@ dot1x_auth Gi1/0/2: auth_restart -> auth_connecting
002285: Mar 26 16:23:26.715: dot1x-sm(Gi1/0/2): 0x6D000054:auth_connecting_enter called
002286: Mar 26 16:23:26.721: dot1x-sm(Gi1/0/2): 0x6D000054:auth_restart_connecting_action called
002287: Mar 26 16:23:26.721: dot1x-sm(Gi1/0/2): Posting RX_REQ on Client 0x6D000054
002288: Mar 26 16:23:26.721: dot1x_auth Gi1/0/2: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
002289: Mar 26 16:23:26.721: @@@ dot1x_auth Gi1/0/2: auth_connecting -> auth_authenticating
002290: Mar 26 16:23:26.721: dot1x-sm(Gi1/0/2): 0x6D000054:auth_authenticating_enter called
002291: Mar 26 16:23:26.721: dot1x-sm(Gi1/0/2): 0x6D000054:auth_connecting_authenticating_action called
002292: Mar 26 16:23:26.721: dot1x-sm(Gi1/0/2): Posting AUTH_START for 0x6D000054
002293: Mar 26 16:23:26.721: dot1x_auth_bend Gi1/0/2: during state auth_bend_idle, got event 4(eapReq_authStart)
002294: Mar 26 16:23:26.721: @@@ dot1x_auth_bend Gi1/0/2: auth_bend_idle -> auth_bend_request
002295: Mar 26 16:23:26.721: dot1x-sm(Gi1/0/2): 0x6D000054:auth_bend_request_enter called
002296: Mar 26 16:23:26.721: dot1x-ev(Gi1/0/2): Sending EAPOL packet to group PAE address
002297: Mar 26 16:23:26.721: dot1x-ev(Gi1/0/2): Role determination not required
002298: Mar 26 16:23:26.721: dot1x-registry:registry:dot1x_ether_macaddr called
002299: Mar 26 16:23:26.721: dot1x-ev(Gi1/0/2): Sending out EAPOL packet
002300: Mar 26 16:23:26.721: EAPOL pak dump Tx
002301: Mar 26 16:23:26.721: EAPOL Version: 0x3 type: 0x0 length: 0x0005
002302: Mar 26 16:23:26.721: EAP code: 0x1 id: 0x1 length: 0x0005 type: 0x1
002303: Mar 26 16:23:26.721: dot1x-packet(Gi1/0/2): EAPOL packet sent to client 0x6D000054 (0000.0000.0000)
002304: Mar 26 16:23:26.721: dot1x-sm(Gi1/0/2): 0x6D000054:auth_bend_idle_request_action called
002305: Mar 26 16:23:29.814: dot1x-sm(Gi1/0/2): Posting EAP_REQ for 0x6D000054
002306: Mar 26 16:23:29.814: dot1x_auth_bend Gi1/0/2: during state auth_bend_request, got event 7(eapReq)
002307: Mar 26 16:23:29.814: @@@ dot1x_auth_bend Gi1/0/2: auth_bend_request -> auth_bend_request
002308: Mar 26 16:23:29.814: dot1x-sm(Gi1/0/2): 0x6D000054:auth_bend_request_request_action called
002309: Mar 26 16:23:29.814: dot1x-sm(Gi1/0/2): 0x6D000054:auth_bend_request_enter called
002310: Mar 26 16:23:29.814: dot1x-ev(Gi1/0/2): Sending EAPOL packet to group PAE address
002311: Mar 26 16:23:29.814: dot1x-ev(Gi1/0/2): Role determination not required
002312: Mar 26 16:23:29.814: dot1x-registry:registry:dot1x_ether_macaddr called
002313: Mar 26 16:23:29.814: dot1x-ev(Gi1/0/2): Sending out EAPOL packet
002314: Mar 26 16:23:29.814: EAPOL pak dump Tx
002315: Mar 26 16:23:29.814: EAPOL Version: 0x3 type: 0x0 length: 0x0005
002316: Mar 26 16:23:29.814: EAP code: 0x1 id: 0x1 length: 0x0005 type: 0x1
002317: Mar 26 16:23:29.814: dot1x-packet(Gi1/0/2): EAPOL packet sent to client 0x6D000054 (0000.0000.0000)
002318: Mar 26 16:23:32.907: dot1x-sm(Gi1/0/2): Posting EAP_REQ for 0x6D000054
002319: Mar 26 16:23:32.907: dot1x_auth_bend Gi1/0/2: during state auth_bend_request, got event 7(eapReq)
002320: Mar 26 16:23:32.907: @@@ dot1x_auth_bend Gi1/0/2: auth_bend_request -> auth_bend_request
002321: Mar 26 16:23:32.907: dot1x-sm(Gi1/0/2): 0x6D000054:auth_bend_request_request_action called
002322: Mar 26 16:23:32.907: dot1x-sm(Gi1/0/2): 0x6D000054:auth_bend_request_enter called
002323: Mar 26 16:23:32.913: dot1x-ev(Gi1/0/2): Sending EAPOL packet to group PAE address
002324: Mar 26 16:23:32.913: dot1x-ev(Gi1/0/2): Role determination not required
002325: Mar 26 16:23:32.913: dot1x-registry:registry:dot1x_ether_macaddr called
002326: Mar 26 16:23:32.913: dot1x-ev(Gi1/0/2): Sending out EAPOL packet
002327: Mar 26 16:23:32.913: EAPOL pak dump Tx
002328: Mar 26 16:23:32.913: EAPOL Version: 0x3 type: 0x0 length: 0x0005
002329: Mar 26 16:23:32.913: EAP code: 0x1 id: 0x1 length: 0x0005 type: 0x1
002330: Mar 26 16:23:32.913: dot1x-packet(Gi1/0/2): EAPOL packet sent to client 0x6D000054 (0000.0000.0000)
002331: Mar 26 16:23:36.001: dot1x-ev(Gi1/0/2): Received an EAP Timeout
002332: Mar 26 16:23:36.001: dot1x-sm(Gi1/0/2): Posting EAP_TIMEOUT for 0x6D000054
002333: Mar 26 16:23:36.001: dot1x_auth_bend Gi1/0/2: during state auth_bend_request, got event 12(eapTimeout)
002334: Mar 26 16:23:36.001: @@@ dot1x_auth_bend Gi1/0/2: auth_bend_request -> auth_bend_timeout
002335: Mar 26 16:23:36.001: dot1x-sm(Gi1/0/2): 0x6D000054:auth_bend_timeout_enter called
002336: Mar 26 16:23:36.001: dot1x-sm(Gi1/0/2): 0x6D000054:auth_bend_request_timeout_action called
002337: Mar 26 16:23:36.001: dot1x_auth_bend Gi1/0/2: idle during state auth_bend_timeout
002338: Mar 26 16:23:36.001: @@@ dot1x_auth_bend Gi1/0/2: auth_bend_timeout -> auth_bend_idle
002339: Mar 26 16:23:36.001: dot1x-sm(Gi1/0/2): 0x6D000054:auth_bend_idle_enter called
002340: Mar 26 16:23:36.001: dot1x-sm(Gi1/0/2): Posting AUTH_TIMEOUT on Client 0x6D000054
002341: Mar 26 16:23:36.001: dot1x_auth Gi1/0/2: during state auth_authenticating, got event 14(authTimeout)
002342: Mar 26 16:23:36.001: @@@ dot1x_auth Gi1/0/2: auth_authenticating -> auth_authc_result
002343: Mar 26 16:23:36.001: dot1x-sm(Gi1/0/2): 0x6D000054:auth_authenticating_exit called
002344: Mar 26 16:23:36.001: dot1x-sm(Gi1/0/2): 0x6D000054:auth_authc_result_enter called
002345: Mar 26 16:23:36.001: %DOT1X-5-FAIL: Authentication failed for client (Unknown MAC) on Interface Gi1/0/2 AuditSessionID 6A7D1FAF0000006001916AC3
002346: Mar 26 16:23:36.001: dot1x-ev(Gi1/0/2): Sending event (2) to Auth Mgr for 0000.0000.0000
002347: Mar 26 16:23:36.001: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (Unknown MAC) on Interface Gi1/0/2 AuditSessionID 6A7D1FAF0000006001916AC3
002348: Mar 26 16:23:36.001: dot1x-ev(Gi1/0/2): Received Authz fail for the client 0x6D000054 (0000.0000.0000)
002349: Mar 26 16:23:36.001: dot1x-ev(Gi1/0/2): Deleting client 0x6D000054 (0000.0000.0000)
002350: Mar 26 16:23:36.001: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (Unknown MAC) on Interface Gi1/0/2 AuditSessionID 6A7D1FAF0000006001916AC3
002351: Mar 26 16:23:36.001: dot1x-sm(Gi1/0/2): Posting_AUTHZ_FAIL on Client 0x6D000054
002352: Mar 26 16:23:36.001: dot1x_auth Gi1/0/2: during state auth_authc_result, got event 22(authzFail)
002353: Mar 26 16:23:36.006: @@@ dot1x_auth Gi1/0/2: auth_authc_result -> auth_held
002354: Mar 26 16:23:36.006: dot1x-ev:Delete auth client (0x6D000054) message
002355: Mar 26 16:23:36.006: dot1x-ev:Auth client ctx destroyed
002356: Mar 26 16:23:36.006: dot1x-ev:Aborted posting message to authenticator state machine: Invalid client

Xsan with Linux client

Anyone have experience with hooking up a linux machine to an Xsan? Any pitfalls or problems? Also interested in what version of linux and the type of hardware used. Thanks in advance.

Just wanted to add: I use StorNext on SGI and it
works fine with XSan MDCs. I know that Linux is
supposed to work as well, but ADIC is having a lot of
trouble with the 2.6 Kernel, specially when resharing
the SAN via NFS. You should contact them first...
jotjot
jotjot
is it possible to tell how much did you pay for the SGI client license ?
We have some sgi's that we'd like to add to XSan
Thanks

Trying to learn how to setup Linux Domain with Linux client

Okay I know I might get some problems for this, but I am trying to setup a ubuntu based server (domain), with an arch based client. I am having a hard time getting the two to cooperate and working with centralized passwords and roaming profiles. I am a real newbie when it comes to linux, much less samba server. This is where I chose to start off since I do have an interest in networking,

Welcome to the forums.
We can't help you with the Ubuntu side of things obviously, but I think you might get some usefull info from the Samba Wiki article.

Linux client not returning all entries from LDAP

We have Solaris and Linux systems using ODS 11.1.1.5.0 for login authentication. The Solaris clients see all the users with no problems, but the Linux systems are only seeing 2161 entries. I have SizeLimit set to 5000 and LookthroughLimit set to 30000 in ODS. There are VLV indexes created and Solaris is using them. When I do a getent passwd on Solaris I see this in the ODS logs :
[08/May/2012:13:32:53 -0400] conn=7 op=9133 msgId=9134 - SRCH base="ou=people,o=tsg,o=ge.com" scope=2 filter="(&(tsgunixstatus=A)(|(tsgservergroup=USERS)(tsgservergroup=nec_dev)))" attrs="cn uid uidNumber gidNumber gecos description tsgunixhomedirectory tsgunixloginshell"
[08/May/2012:13:32:53 -0400] conn=7 op=9133 msgId=9134 - SORT cn uid
[08/May/2012:13:32:53 -0400] conn=7 op=9133 msgId=9134 - VLV 0:999:0:0 1:5857 (0)
[08/May/2012:13:32:55 -0400] conn=7 op=9133 msgId=9134 - RESULT err=0 tag=101 nentries=1000 etime=2
etc, until all the entries are returned. On Linux, the same getent passwd gets this in the ODS logs :
[08/May/2012:13:12:19 -0400] conn=8189 op=1 msgId=2 - SRCH base="ou=people,o=tsg,o=ge.com" scope=2 filter="(&(objectClass=tsgposixaccount)(&(tsgunixstatus=A)(|(tsgservergroup=USERS)(tsgservergroup=nec_dev))))" attrs="uid userPassword uidNumber gidNumber cn tsglinuxhomedirectory tsglinuxloginshell gecos description objectClass"
[08/May/2012:13:12:26 -0400] conn=8189 op=1 msgId=2 - RESULT err=11 tag=101 nentries=2161 etime=7 notes=U
[08/May/2012:13:12:26 -0400] conn=8189 op=2 msgId=0 - RESULT err=80 tag=120 nentries=0 etime=0
I see that Linux adds an extra (objectClass=tsgposixaccount) to the search filter, and I added VLV indexes for linux to match what is shown in the logs for the filter. The only piece I was not sure of was the Sort for the linux VLV, I used cn uid as Solaris uses.
Is there something I need to do to get the VLV's to work with Linux clients? I do not want to set my SizeLimit or LookthroughLimit to unlimited if I do not have to. The /etc/ldap.conf for linux are pretty standard. I did add a pagesize 1000 and nss_paged_results yes but neither was any help.
Thanks,
Jay

Hi Jay,
just looking at the access log, the output of the first search (the one performed by the Solaris client) basically queries/handles the first 1000 records, whereas the second search (issued by the linux client) is getting far more results even though the search filter in theory is more restrictive (having a logical AND plus: &(objectClass=tsgposixaccount) )
Did you by chance implemented the nsslapd-search-tune parameter in the dse.ldif, activating bits 8 and 16? We don't see the 'notes=F' that is generally applied when filters are skipped, but it could be due to the fact that we already have the 'notes=U' for the unindexed search on (presumably: objectClass=tsgposixaccount). And in the end, the fact that one of the components of the filter is unindexed could lead to have in the result set also entries not matching the search filter.
HTH,
marco

Novell Client with NCS cluster behind firewall (IP filter)

I try to connect with Novell Client on Windows to a OES NCS cluster
behind a firewall. Currently open ports are 524/tcp, 524/tcp, and
427/tcp for the Master IP Address and the virtual servers.
This does not work. My first analysis shows that the client tries to
connect to the host running the Master IP Address with it's primary IP.
Is this correct? Is there a way to use the Novell Client without
allowing packets with the destination IP address of the NCS cluster hosts?
Gnther

Massimo Rosen wrote:
> On 29.03.2011 17:22, Gnther Schwarz wrote:
>> I try to connect with Novell Client on Windows to a OES NCS cluster
>> behind a firewall. Currently open ports are 524/tcp, 524/tcp, and
>> 427/tcp for the Master IP Address and the virtual servers.
>> This does not work.
>
> Correct.
>
>> My first analysis shows that the client tries to
>> connect to the host running the Master IP Address with it's primary IP.
>> Is this correct?
>
> Yes, assuming it holds a replica of eDirectory.
>
>> Is there a way to use the Novell Client without
>> allowing packets with the destination IP address of the NCS cluster
>> hosts?
>
> No, because the physical hosts are the ones running and advertising
> eDirectory, and a client needs to login to edirectory too, in addition
> to the actual server holding a resource it needs. In essence, you cannot
> / should not hinder connectivity to any physical server holding
> writeable eDirectory replicas, and you can not do this for any master
> replica. At the very least you'll be causeing massive slowdowns, if
> necessary master replicas can't be reached, it'll be stopped from
> working entirely.
Thank you very much indeed for the thorough answer and explanation. We
adjusted the rules on the router appliance and are able to connect now.
Ports 524 und 427 are exposed for tcp and udp on all physical and
virtual servers including the Master IP Address.
Gnther

Problems with Linux OpenVPN connection through E4200 v2 router

When I try to connect OpenVPN through an E4200 v2 router from my Linux Fedora 16 client, the connection hangs. The connection log show that OpenVPN has connected to the VPN server. Internet also freezes until I disconnect OpenVPN.
OpenVPN on Windows works fine through the E4200 router.
If I connect the Linux client directly to my Inteno fiber router, OpenVPN works fine.
Passthrough is enabled in the router, and I have configured QoS and port forwarding for port 1194. The router has firmware version 2.0.37.
Can anyone help me with this problem?

arvidholm wrote:
When I try to connect OpenVPN through an E4200 v2 router from my Linux Fedora 16 client, the connection hangs. The connection log show that OpenVPN has connected to the VPN server. Internet also freezes until I disconnect OpenVPN.
OpenVPN on Windows works fine through the E4200 router.
If I connect the Linux client directly to my Inteno fiber router, OpenVPN works fine.
Passthrough is enabled in the router, and I have configured QoS and port forwarding for port 1194. The router has firmware version 2.0.37.
Can anyone help me with this problem?
Is that working before?

No classes12.zip included with Linux Oracle 8.1.7 client install??

I noticed on the linux client install - it includes a
lclasses11.zip, but this is not the JDBC classes that come with
Windows clients.
1.) What is the lclasses11 or 12.zip files for?
2.) Do I need to copy Windows client classes12.zip, etc to a
linux client? What aren't these included?
Thanks
CHris

Hi,
I faced a problem that I want a Oracle8 driver for Linux, so I
can connect my DB that installed in NT from Linux, I see that
you face the same problem, I hope you find a solution, so could
you please help me in this, should I install Oracle in the
Linux, or not, from where can I install every thing.
Thanx,
Ahmed.

Install PT8.53 with Linux Issue: Jolt client (ip address 192.168.196.102) does not have proper application password

Folks,
Hello.
I am installing PeopleTools 8.53 with Oracle Database Server 11gR1 and OS Oracle Linux 5.10.
Data Mover Bootstrap and Application Designer can log into Database instance successfully. My procedure to run PIA is below:
Step 1: start Oracle Database Server and LISTENR is listening.
Step 2: start Application Server ./psadmin and 8 processes are started.
Step 3: start WebLogic Server PIA /opt/PT8.53/webserv/PT853/bin/startPIA.sh
In Browser, http://192.168.196.102:8000/ps/signon.html comes up successfully. But when sign in using UserID PSADMIN and password "myname", I get the error message in Browser as below:
The application server is down at this time.
CHECK APPSERVER LOGS. THE SITE BOOTED WITH INTERNAL DEFAULT SETTINGS, BECAUSE OF: bea.jolt.ServiceException: Invalid Session
We've detected that your operating system is not supported by this website. For best results, use one of the following operating systems:
Mac OS X 10.6(Snow Leopard)
Mac OS X 10.5(Leopard)
iPad
Oracle Linux Enterprise
Mac OS X 10.4(Tiger)
Windows 8
Windows 7
Mac OS X 10.7(Lion)
Regarding Application Designer, both Database Type "Oracle" and Connection Type "Application Server", UserID "PSADMIN" and password "myname" login successfully. I view TUXLOG (current Tuxedo log file) and its last screen is below:
191723.lucylinux.lucydomain!JSH.32462.2485226496.-2: JOLT_CAT:1626: "ERROR: Jolt client (ip address 192.168.196.102) does not have proper application password"
191723.lucylinux.lucydomain!JSH.32462.2485226496.-2: JOLT_CAT:1626: "ERROR: Jolt client (ip address 192.168.196.102) does not have proper application password"
191723.lucylinux.lucydomain!JSH.32462.2485226496.-2: JOLT_CAT:1626: "ERROR: Jolt client (ip address 192.168.196.102) does not have proper application password"
191724.lucylinux.lucydomain!JSH.32462.2485226496.-2: JOLT_CAT:1626: "ERROR: Jolt client (ip address 192.168.196.102) does not have proper application password"
191724.lucylinux.lucydomain!JSH.32462.2485226496.-2: JOLT_CAT:1626: "ERROR: Jolt client (ip address 192.168.196.102) does not have proper application password"
191724.lucylinux.lucydomain!JSH.32462.2485226496.-2: JOLT_CAT:1626: "ERROR: Jolt client (ip address 192.168.196.102) does not have proper application password"
191724.lucylinux.lucydomain!JSH.32462.2485226496.-2: JOLT_CAT:1626: "ERROR: Jolt client (ip address 192.168.196.102) does not have proper application password"
191724.lucylinux.lucydomain!JSH.32462.2485226496.-2: JOLT_CAT:1626: "ERROR: Jolt client (ip address 192.168.196.102) does not have proper application password"
191725.lucylinux.lucydomain!JSH.32462.2485226496.-2: JOLT_CAT:1626: "ERROR: Jolt client (ip address 192.168.196.102) does not have proper application password"
191725.lucylinux.lucydomain!JSH.32462.2485226496.-2: JOLT_CAT:1626: "ERROR: Jolt client (ip address 192.168.196.102) does not have proper application password"
191725.lucylinux.lucydomain!JSH.32462.2485226496.-2: JOLT_CAT:1626: "ERROR: Jolt client (ip address 192.168.196.102) does not have proper application password"
191726.lucylinux.lucydomain!JSH.32462.2485226496.-2: JOLT_CAT:1626: "ERROR: Jolt client (ip address 192.168.196.102) does not have proper application password"
191726.lucylinux.lucydomain!JSH.32462.2485226496.-2: JOLT_CAT:1626: "ERROR: Jolt client (ip address 192.168.196.102) does not have proper application password"
191726.lucylinux.lucydomain!JSH.32462.2485226496.-2: JOLT_CAT:1626: "ERROR: Jolt client (ip address 192.168.196.102) does not have proper application password"
191726.lucylinux.lucydomain!JSH.32462.2485226496.-2: JOLT_CAT:1626: "ERROR: Jolt client (ip address 192.168.196.102) does not have proper application password"
191726.lucylinux.lucydomain!JSH.32462.2485226496.-2: JOLT_CAT:1626: "ERROR: Jolt client (ip address 192.168.196.102) does not have proper application password"
191727.lucylinux.lucydomain!JSH.32462.2485226496.-2: JOLT_CAT:1626: "ERROR: Jolt client (ip address 192.168.196.102) does not have proper application password"
191727.lucylinux.lucydomain!JSH.32462.2485226496.-2: JOLT_CAT:1626: "ERROR: Jolt client (ip address 192.168.196.102) does not have proper application password"
191727.lucylinux.lucydomain!JSH.32462.2485226496.-2: JOLT_CAT:1626: "ERROR: Jolt client (ip address 192.168.196.102) does not have proper application password"
191727.lucylinux.lucydomain!JSH.32462.2485226496.-2: JOLT_CAT:1626: "ERROR: Jolt client (ip address 192.168.196.102) does not have proper application password"
I View APPSRV_1023.LOG (current server log file) and its content is below:
PSADMIN.32259 (0) [2013-10-23T18:55:12.134](0) Begin boot attempt on domain PT853
PSAPPSRV.32290 (0) [2013-10-23T18:55:35.701](0) PeopleTools Release 8.53 (Linux) starting. Tuxedo server is APPSRV(99)/1
PSAPPSRV.32290 (0) [2013-10-23T18:55:35.923](0) Cache Directory being used: /home/user/psft/pt/8.53/appserv/PT853/CACHE/PSAPPSRV_1/
PSAPPSRV.32290 (0) [2013-10-23T18:56:19.256](2) App server host time skew is DB+00:00:00 (ORACLE PT853)
PSAPPSRV.32290 (0) [2013-10-23T18:56:23.504](0) Server started
PSAPPSRV.32290 (0) [2013-10-23T18:56:23.507](3) Detected time zone is EDT
PSAPPSRV.32338 (0) [2013-10-23T18:56:25.793](0) PeopleTools Release 8.53 (Linux) starting. Tuxedo server is APPSRV(99)/2
PSAPPSRV.32338 (0) [2013-10-23T18:56:26.003](0) Cache Directory being used: /home/user/psft/pt/8.53/appserv/PT853/CACHE/PSAPPSRV_2/
PSAPPSRV.32338 (0) [2013-10-23T18:57:08.871](2) App server host time skew is DB+00:00:00 (ORACLE PT853)
PSAPPSRV.32338 (0) [2013-10-23T18:57:10.662](0) Server started
PSAPPSRV.32338 (0) [2013-10-23T18:57:10.663](3) Detected time zone is EDT
PSSAMSRV.32388 (0) [2013-10-23T18:57:12.159](2) Min instance is set to 1. To avoid loss of service, configure Min instance to atleast 2.
PSSAMSRV.32388 (0) [2013-10-23T18:57:12.168](0) PeopleTools Release 8.53 (Li nux) starting. Tuxedo server is APPSRV(99)/100
PSSAMSRV.32388 (0) [2013-10-23T18:57:12.265](0) Cache Directory being used: /home/user/psft/pt/8.53/appserv/PT853/CACHE/PSSAMSRV_100/
PSSAMSRV.32388 (0) [2013-10-23T18:57:59.414](0) Server started
PSSAMSRV.32388 (0) [2013-10-23T18:57:59.416](3) Detected time zone is EDT
PSADMIN.32259 (0) [2013-10-23T18:58:48.149](0) End boot attempt on domain PT853
PSAPPSRV.32290 (1) [2013-10-23T18:59:06.144 GetCertificate](3) Returning context. ID=PSADMIN, Lang=ENG, UStreamId=185906140_32290.1, Token=PT_LOCAL/2013-10-23-11.59.26.248432/PSADMIN/ENG/vSz0ix+wq8d+zPRwQ0Wa4hcek0Q=
~
I think the error is indicated in TUXLOG file "ERROR: Jolt client (ip address 192.168.196.102) does not have proper application password". The application password "myname" in Browser http://192.168.196.102:8000/ps/signon.html page is not working. I use the same password "myname" to login Data Mover Bootstrap mode, Application Designer, and Application Server psadmin configuration successfully. I have tried a few other passwords in Browser http://192.168.196.102:8000/ps/signon.html page but not working.
My question is:
How to solve Sign In issue on http://192.168.196.102:8000/ps/signon.html that is "ERROR: Jolt client (ip address 192.168.196.102) does not have proper application password" ?
Thanks.

Dear Nicolas,
Hello. I have used the same password for "DomainConnectPswd" in the file Configuration.properties with that for Application Server setting. Eventually, UserID PSADMIN sign in http://192.168.196.102:8000/ps/signon.html successfully. PeopleTools 8.53 runs correctly in Browser.
It seems that whether upgrade Oracle Linux 5.0 to the latest 5.10 does not have effect !
I am very grateful to your great help for this installation of PT8.53 with Linux and Oracle Database !

Tta_printer with linux client behind router

Similar Messages

Maybe you are looking for