This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HTTP proxy an Novel eDIR SSO

Hi,

I can't get eDIR SSO to work for my HTTP proxy an a ASG320. Every time the browser connects to the proxy a password box opens up and no SSO happens. I noticed some logging entries in aua.log:

2006:07:17-12:34:30 (none) aua[16344]: getAuthenticationByIP() eDirectory SSO Auth failed - no user found in eDir for IP: 10.33.1.14
2006:07:17-12:34:30 (none) aua[16344]: do_auth_edir() eDirectory Authentication failed - user '10.33.1.14' or password not valid
2006:07:17-12:34:30 (none) aua[16344]: U:10.33.1.14 F:http R[:D]ENIED C:edir

Any ideas what could be the cause of the problem?

Regards,

JoeM

This thread was automatically locked due to age.

Parents

0 hugo34 over 19 years ago

Hi JoeM,

be sure you use the option "eDirectory Single-Sign-On (SSO) on config
page | Proxies | HTTP | -> Operation Mode.

regards
Cancel
Vote Up 0 Vote Down

Cancel
0 SveN_01 over 19 years ago in reply to hugo34

Hi,
have you read this

cu SveN
Cancel
Vote Up 0 Vote Down

Cancel
0 JoeM over 19 years ago in reply to SveN_01

Hi,
have you read this

cu SveN

Yes I read this thread. But there seems to be no solution to my problem. Anyone seen the errors in aua.log that I get?
Cancel
Vote Up 0 Vote Down

Cancel
0 SveN_01 over 19 years ago in reply to JoeM

Hi,
have you checked with ldapbrowser that you user can browse the whole LDAP-Tree? What does DSTRACE on the Novell Box say?

cu SveN
Cancel
Vote Up 0 Vote Down

Cancel
0 HansKasbauer over 19 years ago in reply to SveN_01

Hi,

I have the same problem, since NOES Linux Servers have been installed in my customer's tree.

When a netware client gets authenticated by a netware server the networkAddress property being written to the user account in edir is "IP: x.x.x.x".
Since this property is an encoded multivalue structured attribute only the whole string can be compared and that's what asg is doing.

When a netware client gets authenticated by a NOES Linux server the networkAddress property being written to the user account in edir is "TCP: x.x.x.x: port" instead. That's the reason why asg edir sso is not working anymore.

I have raised a call at Novell to get this fixed.

regards
Hans
Cancel
Vote Up 0 Vote Down

Cancel
0 JoeM over 19 years ago in reply to HansKasbauer

Hi Hans,

any news from Novell concerning this bug?

Regards,
Joerg
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 JoeM over 19 years ago in reply to HansKasbauer

Hi Hans,

any news from Novell concerning this bug?

Regards,
Joerg
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 tobo over 19 years ago in reply to JoeM

Hey, Here some ideas:

- Make sure, your eDir objects are entered case sensitive in the NSM/Astaro, otherwhise it will not work.
- Another thing could be, that the Proxy user doesn't have enough rights to read the user objects the whole tree - check on your trustees
- And last one, check if you have TLS enabled or disabled on both sites the same, if you activate it on the NSM/Astaro, you have to do this on your ldap server in edirectory too.
Hope this helps.
This works here - even with OES Linux in the Net.
Regards,
tobo
Cancel
Vote Up 0 Vote Down

Cancel
0 HansKasbauer over 19 years ago in reply to tobo

Hi Joerg,

sorry for the late answer.

The Novell Incident Number is SR#10287247461.

Novell has accepted this as a bug and will come out with an edir update to fix it.
Don't know yet when this will be.

regards
Hans
Cancel
Vote Up 0 Vote Down

Cancel