Active Topics          Search          Help
            Register          Login
Omni Mobile Server for GroupWise Synchronization
 Omni Web Forum : GroupWise for PDAs and Smart Phones ~ Omni Mobile : Omni Mobile Server for GroupWise Synchronization
Subject Topic: FIX: Client Continuously Authenticating Post ReplyPost New Topic
Author
Message
Gordon Welling
Admin Group
Admin Group

Manager Technnical Support Services

Joined: 11-December-2003
Location: Canada
Posts: 555
Posted: 29-November-2006 at 3:05pm
Problem:  The Omni Mobile client is constantly displaying "Server handshake ...", "Initializing" and "Authenticating ..." while copying updates to the device.  In effect, the Omni Mobile client is continuously re-authenticating to the Omni Mobile server.

Cause:  WebAccess has a security measure which locks an authentication token (User Context) to a specific IP address in an effort to stop a packet sniffier from "borrowing" network credentials.  This is a great concept for non-SSL standard desktops which are non-roaming users that always have the same IP address.

But with mobile devices things change.  The WAP gateway which responds to the devices connection request can change at any time.  The device does not know about the change as it occurs on the internal data carrier networks.  This causes the WebAccess agent to think that another IP address is trying to borrow the User Context and treats the connection as a security failure.  This is similar to a network that provides their clients with cache array proxy load-balancing.

Novell has a TID on the this issue as it relates to how AOL does proxy load-balancing: http://support.novell.com/cgi-bin/search/searchtid.cgi?/1007 3035.htm

Resolution: This problem can be corrected by changing a setting in the webacc.cfg file to disable the IP locking feature.  When using SSL, the User Context is always encrypted and is never sent over the network in clear text.  Omni Mobile also encrypts this data on the local device.

To make the necessary change:
  1. Stop the Tomcat server (or service in Windows).

  2. Open the "webacc.cfg" file using a standard text editor.  Find and change:
         Security.UseClientIP.enable=true
            to read
         Security.UseClientIP.enable=false

    3.  Save the "webacc.cfg" file.

    4.  Start the Tomcat server (or service in Windows).

The webacc.cfg file is normally located at:
  • sys:\novell\webaccess (NetWare servers)
  • /opt/novell/groupwise/webaccess (Linux servers)
  • c:\novell\webaccess (Windows servers)



Edited by Gordon Welling on 29-November-2006 at 3:17pm
Back to Top
 

If you wish to post a reply to this topic you must first login
If you are not already registered you must first register

  Post ReplyPost New Topic
Printable version Printable version

Forum Jump
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You cannot vote in polls in this forum



This page was generated in 0.2344 seconds.