http://www.nnseek.com/e/novell.support.access-manager/ Posts for novell.support.access-manager Thu, 18 Jan 2007 03:38:44 PST http://www.nnseek.com/ http://www.nnseek.com/img/64.png 64 64 NNSeek http://www.nnseek.com/e/novell.support.access-manager/authentication_credentials_13880271t.html http://www.nnseek.com/e/novell.support.access-manager/authentication_credentials_13880271t.html moment we use iChain to protect lots of internal applications and we have
always used eamil address rather that UID for login credentials. I am
evaluating NAM as a replacement and a requirement would be to continue to
use email address.

> david.moore@peterblack.co.uk,
>
> >to use the email address to identify the user rather than
> >username. We are using edir as the id vault.
>
> Ahh I c.
> So for example, You are trying to authenticate to Exchange WebAccess.
You
> want to use user@domain.com not userID for the "username" field.
>
> Correct?
>
> --
> Jared Jennings - Data Technique, Inc.
> Novell Support Forums Sysop
> My Blog and Wiki with Tips, Tricks, and Tutorials
> http://jaredjennings.org

Posted In: novell.support.access-manager

no comments

Reply

]]> Thu, 18 Jan 2007 03:38:44 PST http://www.nnseek.com/e/novell.support.access-manager/problem_with_post_forms_and_timeout_13880527t.html http://www.nnseek.com/e/novell.support.access-manager/problem_with_post_forms_and_timeout_13880527t.html when users use a long time (+5min) to enter information inn a web form on
the site. In the LAG logs i se the POST being re-directed for re-
authentication and the POST data is lost. The user ends up in the same
form but with no data inn it.

Where can i set the timeout for re-authentication ? This is only a
problem with POST method.

Posted In: novell.support.access-manager

no comments

Reply

]]> Thu, 18 Jan 2007 03:18:03 PST http://www.nnseek.com/e/novell.support.access-manager/error_500_when_enabling_ssl_from_ag_to_website_13880015t.html http://www.nnseek.com/e/novell.support.access-manager/error_500_when_enabling_ssl_from_ag_to_website_13880015t.html
I've setup a typical LAG proxy: https://www.sitename.com >> reverse
proxy >> http://www.othername.com - this works just fine. I'm
SSLiszing the http connection without any problem.

BUT

whenever I enable SSL from the LAG to the back-end website, I get the
following error:

Your request cannot be processed for this multi-homed web site because
the specified host could not be located.

Status Description: 500 Internal Server Error



Other related tidbits:

*The URLs for the Embedded Service Provider (Metadata, Health-Check,
Logout) also produce the Error 500.

*I've imported the various certificates for the back-end web server

*in /var/log/ics_dyn.log - there's this error: "No matching
accelerator child"

*In the proxy console/configured addresses and services it shows:

Configured Addresses and Services
TCP/IP Addresses Bound On This Server:
127.0.0.1, 172.20.11.207
Proxy will NOT generate cache information headers
Configured Services:
HTTP Server Path Based Accelerator (child) for icon.cimcitynews.com
Path starts with: (null)
at TCP/IP address 172.20.11.207:443
Filling from: TCP/IP address 127.0.0.1:8080
Unknown global service type 401.
HTTP Server Path Based Accelerator (master) for [1]:
Path starts with: (null)
at TCP/IP address 172.20.11.207:443
** Error ** SSL Register error (-5) Processing Certificate Error

HTTP Server Host Based Accelerator (master) for [0]:
at TCP/IP address 172.20.11.207:443
Identity Agent at all configured TCP/IP listeners



Clearly the error "SSL Register error (-5) Processing Certificate
Error" is probably the cause, however I haven't been able to find that
error anywhere...

Ideas?

thanks!

Eric

Posted In: novell.support.access-manager

no comments

Reply

]]> Wed, 17 Jan 2007 17:30:22 PST http://www.nnseek.com/e/novell.support.access-manager/multiple_webservers_causes_redirect_loop_13439439t.html http://www.nnseek.com/e/novell.support.access-manager/multiple_webservers_causes_redirect_loop_13439439t.html all parts running on one server. It works well when we configure an
accelerator with a single backend web server but as soon as we add a second
backend web sever to load balance we cannot get the accelerator to work.
The browser reports a redirect error and in the LAG log it shows 'Redirect
(Redirecting to LAG Broker url)' for all requests to the accelerator with a
302 error. We cannot find any information on this 'LAG Broker url' in the
documentation or anywhere else.

Any help would be much appreciated.

Guy Flaherty

Posted In: novell.support.access-manager

no comments

Reply

]]> Sun, 14 Jan 2007 14:42:25 PST http://www.nnseek.com/e/novell.support.access-manager/sso_from_workstation_12181455t.html http://www.nnseek.com/e/novell.support.access-manager/sso_from_workstation_12181455t.html SPAMmyrealbox.com> wrote:

>David Gersic,
>
>>Yes, it's possible. That's essentially what they've said they're going
>>to do. Now it's just a matter of getting it to happen, then finding out
>>what it is we need to do to be able to do it.
>
>Actually that used to work in iChain. In Access Manager they removed
>support for NetIdentity.

I know. And they've said, at least here at NIU, that SP1 (around
December 2006) would have some kind of replacement for this
functionality, likely based on some kind of Kerberos thing.

Now, I'm just waiting to see code I can try. The rest of AM looks pretty
slick.


---------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu

I'm tired of receiving rubbish in my mailbox, so the E-mail address is
munged to foil the junkmail bots. Humans will figure it out on their own.

Posted In: novell.support.access-manager

no comments

Reply

]]> Thu, 04 Jan 2007 13:29:57 PST http://www.nnseek.com/e/novell.support.access-manager/change_password_url_11965903t.html http://www.nnseek.com/e/novell.support.access-manager/change_password_url_11965903t.html
I managed to get the pwm (Password Management) solution off of the
forge. (http://forge.novell.com/modules/xfmod/project/?pwm)

This is a really clean solution and integrates nicely with AM. It does
require Java JDK 5 and tomcat 4 or 5. It won't run on Netware because
JDK 5 isn't available for Netware.

I built a SLES 10 box with JDK 5 and tomcat5 to run it on -- an
adventure in its own right -- and it works perfectly.

My last little glitch is getting tomcat 5 to start as a daemon at
boot. Put the working script into init.d, pointed to it from rc3.d,
but it doesn't start.

Oh, well.

Thanks all,

Don

Posted In: novell.support.access-manager

no comments

Reply

]]> Tue, 02 Jan 2007 09:21:34 PST http://www.nnseek.com/e/novell.support.access-manager/change_password_url_11553487t.html http://www.nnseek.com/e/novell.support.access-manager/change_password_url_11553487t.html prv-forum2.provo.novell.com>,
jaredljenningsNO@SPAMmyrealbox.com says...
> m_jonis,
>
> >
> >So would that not still require setting up a SLES box? Or do you mean
> >setup the LAG and run the password servlets on it?
>
> That I don't know. I would have to try it before I could say.
>
> If you don't want to wait for me, repost the question as a new question.
> Maybe someone else will see it.
>
>

Oh, no biggie for me. I'm just curiuos now is all. I still have to
setup the SLES 10 box anyway for User Application, so it's not wasted
time.

:)

Posted In: novell.support.access-manager

no comments

Reply

]]> Fri, 29 Dec 2006 06:26:15 PST http://www.nnseek.com/e/novell.support.access-manager/change_password_url_11204815t.html http://www.nnseek.com/e/novell.support.access-manager/change_password_url_11204815t.html
>I'm looking for suggestions for a password change url that lets the
>currently logging in user change his/her password with minimum
>interaction and then exits when it's done.

Have you seen Novells Password Self Service?
http://www.novell.com/documentation/password_management/index.html?page=/documen...

Although, maybe you are just wanting to know the url to the password self
service so that users can change their password.....

--
Jared Jennings - Data Technique, Inc.
Novell Support Forums Sysop
My Blog and Wiki with Tips, Tricks, and Tutorials
http://jaredjennings.org

Posted In: novell.support.access-manager

3 Comments

Reply

]]> Fri, 22 Dec 2006 08:21:30 PST http://www.nnseek.com/e/novell.support.access-manager/on_box_identity_server_the_unsupported_option_10936783t.html http://www.nnseek.com/e/novell.support.access-manager/on_box_identity_server_the_unsupported_option_10936783t.html not much documentation on this feature, other than the fact that it's "not
currently supported in production environments". What's the story with
this? Is it it something that's going to be supported in the long-run?
Does it work? What are the disadvantages?

We're a school district who wishes to use access-manager. The load on NAM
would not be very much. It seems easy enough to use/configure, and we would
get it for a good price through SLA. If at all possible, we would like to
keep the number of servers required to a minimum, making the on-box IDS
somewhat attractive. My next option would be virtualization.

Posted In: novell.support.access-manager

1 Comment

Reply

]]> Wed, 20 Dec 2006 08:46:55 PST http://www.nnseek.com/e/novell.support.access-manager/need_guide_for_terminal_service_10873551t.html http://www.nnseek.com/e/novell.support.access-manager/need_guide_for_terminal_service_10873551t.html
Does Anybody know how to apply the solution for using NAM+token to
work with the terminal service? The criteria need to apply those 2 things:
1. Anyone who sits in front of the server , doesn't need to use token to
login to the server, just need only the user and password. Or he can use his
own machine to login as the terminal client and using only with the user and
password ,too if he sit inside the server room.
2. But anyone outside the server room, they need to use both password and
token for authentication to the terminal server.

Please guide me. God bless you.

Thip

Posted In: novell.support.access-manager

no comments

Reply

]]> Tue, 19 Dec 2006 20:18:55 PST