7.7 Connection and Authentication Issues

This section provides various troubleshooting scenarios and frequently asked questions that you might encounter while using the Access Gateway, and suggests appropriate actions.

7.7.1 Connection Details

To obtain connection information:

  1. Log in as the root user.

  2. At the bash prompt, enter one of the following netstat commands:

    Command

    Details

    netstat -anp

    Provides the connection information

    netstat -s -t

    Provides the connection statistics

7.7.2 Network Socket Issues

This section lists various issues related to network sockets and provides information on how to verify bind and connection issues:

Socket Listener Bind

To verify whether the socket listener is bound to the required port:

  1. Log in as the root user.

  2. At the bash prompt, enter the following command:

    netstat -anp | grep LISTEN

    All ports are displayed.

  3. Search for the desired port.

    If the required port is not visible in the list, a bind failure has occurred.

Issues with Outgoing Connections

To verify that the Access Gateway is able to make outbound connections:

  1. Log in as the root user.

  2. At the bash prompt, view the following log file:

    /var/log/ics_dyn.log

  3. Search for a connection message. If the service is unavailable, the file contains messages similar to the following:

    ERROR Connection FAILED with peer

7.7.3 Authentication Issues

User Details

To check details about the users logged in to the Access Gateway:

  1. To access the console, enter the following command:

    netcat localhost 2300

  2. Press Enter at the Please enter terminal type prompt.

    This displays the Access Gateway console screens.

    User Details

  3. Enter the Proxy Console option number at the Pick a Screen prompt.

    The Access Gateway Console screen is displayed.

  4. To select the Identity Agent Console option, enter the option number at Enter Option.

    Example

    The Identity Agent Console screen is displayed.

    Identity Agent Console Screen

    The user information contains the following items:

    • X: An authenticated user.

    • O: An unauthenticated user.

    • R: A retired user; the user session has timed out. The default timeout is 3 minutes. In this state, the user session is deleted. If the user makes another request from the browser session, the Access Gateway requires the user to authenticate.

    • L: The user has logged out of the session.

    • W: The user session is functional.

    • U: The use count is more than zero.

    • Username: The full distinguished name of the user. The username can contain a maximum of 20 characters.

    • TTL: The time remaining before the user session goes to the retired state if the user session remains idle.

    • Timeout: The session timeout is displayed in d:hh:mm:ss format.

    The screen displays 20 users at a time. The screen also displays the browser IP address. The following options are available at the bottom of the screen:

    • Previous Page: Takes you to the previous page.

    • Next Page: Takes you to the next page (to view the next set of users).

    • Refresh: Refreshes the page to reflect the latest user status.

    • Exit: Exits the console.

Error Codes

The following error codes indicate authentication problems:

500 Internal Server Error

Possible Cause: Authentication failed because of a system error.

Action: Contact Novell Support.

504 Gateway Timed Out

Possible Cause: The authentication back-end channel is not working.

Action: Use the following command to check to see if the Embedded Service Provider is listening on the loopback address 127.0.0.1 at port 8080: 

netstat -na | grep 8080

If the Embedded Service Provider is down, restart the service provider from the Administration Console.

If the issue persists, contact Novell Support.