Welcome to Geeklog, Anonymous Sunday, October 06 2024 @ 10:33 pm EDT
Geeklog Forums
Login fails on OSX, works on Windows
Page navigation
I just installed GL on 2 separate servers for 2 sites for public schools. Both servers run MacOSX10.3, and went thru the exact same process on both machines, but I am having the problems logging into GL on one of them.
Here's the deal:
Server 1 - users hit via URL (works completely.) I can login to GL from Server 1, from Server 2, other Macs, and from a laptop using Windows/IE.
Server 2 - users access via IP address - there is no DNS entry for this machine (and only some users can login.) I can not login to GL on this machine from Server 1 or 2, or other Mac's, but I CAN login to GL from Windows/IE laptop.
SO - basically Mac's can login to GL on server 1 but not server 2. Windows machine can login to GL on both.
The Mac machines don't get a cookie from server 2, the Windows machine does. The Macs are configured to accept all cookies, and can login to GL site on Server1, so I believe I've isolated it to the config.php on server 2.
I went thru the FAQ, and adjusted cookie settings to make sure I'm not having a cookie collision (gave different cookie names, and tried changing cookiedomain - same result regardless - Windows can login to GL, Mac cannot.)
Are the Mac's are not accepting the cookie from server 2 because they are hitting the website via IP, and they want to have a DNS name instead?
Current issues with (no) tech people running DNS with this organization make it very difficult to get a new DNS name for Server 2. Is there a workaround that would allow me to get Mac's to login to server 2 without configuring a DNS name for it?
Many thanks,
Dan
Here's the deal:
Server 1 - users hit via URL (works completely.) I can login to GL from Server 1, from Server 2, other Macs, and from a laptop using Windows/IE.
Server 2 - users access via IP address - there is no DNS entry for this machine (and only some users can login.) I can not login to GL on this machine from Server 1 or 2, or other Mac's, but I CAN login to GL from Windows/IE laptop.
SO - basically Mac's can login to GL on server 1 but not server 2. Windows machine can login to GL on both.
The Mac machines don't get a cookie from server 2, the Windows machine does. The Macs are configured to accept all cookies, and can login to GL site on Server1, so I believe I've isolated it to the config.php on server 2.
I went thru the FAQ, and adjusted cookie settings to make sure I'm not having a cookie collision (gave different cookie names, and tried changing cookiedomain - same result regardless - Windows can login to GL, Mac cannot.)
Are the Mac's are not accepting the cookie from server 2 because they are hitting the website via IP, and they want to have a DNS name instead?
Current issues with (no) tech people running DNS with this organization make it very difficult to get a new DNS name for Server 2. Is there a workaround that would allow me to get Mac's to login to server 2 without configuring a DNS name for it?
Many thanks,
Dan
35
34
Quote
Status: offline
macboy
Forum User
Junior
Registered: 06/10/04
Posts: 15
1) What browser are you using on the Mac clients, and what OS is running on them.
2) Clear the browser cache on the Macs, and then do a shift-refresh just to make sure..
3) Do you have Server2's IP address where the DNS name should be in config.php
4) Is the GL site running OS X server or client?
5) I'd be happy to help you test. I'm also running GL on OS 10.3 and 10.2
2) Clear the browser cache on the Macs, and then do a shift-refresh just to make sure..
3) Do you have Server2's IP address where the DNS name should be in config.php
4) Is the GL site running OS X server or client?
5) I'd be happy to help you test. I'm also running GL on OS 10.3 and 10.2
34
31
Quote
Status: offline
danv
Forum User
Junior
Registered: 08/30/04
Posts: 22
1) Mac clients running Safari on 10.3 also. To clarify... they CAN login to GL on server 1, just not on server 2.
2) I also tried IE on the clients, and no dice. Cleared cache, shift-refresh, etc..., they just don't even get the cookie from the server 2 session, regardless of browser.
3) Yes. Currently http://IPaddress
4) GLsite running on OSX client
5) Unfortunately the server that's not working is on an internal, non-routable IP, so that one I can't have you connect to.
I'm not a Mac specialist, but it seems that the Macs know more about each other than the Windows machine knows about them, which is causing the Mac's to deny the cookie based on security that the name of the cookie (with the IP as domain name) isn't matching what they're expecting from that machine... does that sound reasonable? And if so, what would the Mac client be expecting (so I can populate that into the cookiename...)
I appreciate your help.
Dan
2) I also tried IE on the clients, and no dice. Cleared cache, shift-refresh, etc..., they just don't even get the cookie from the server 2 session, regardless of browser.
3) Yes. Currently http://IPaddress
4) GLsite running on OSX client
5) Unfortunately the server that's not working is on an internal, non-routable IP, so that one I can't have you connect to.
I'm not a Mac specialist, but it seems that the Macs know more about each other than the Windows machine knows about them, which is causing the Mac's to deny the cookie based on security that the name of the cookie (with the IP as domain name) isn't matching what they're expecting from that machine... does that sound reasonable? And if so, what would the Mac client be expecting (so I can populate that into the cookiename...)
I appreciate your help.
Dan
34
29
Quote
Status: offline
macboy
Forum User
Junior
Registered: 06/10/04
Posts: 15
1) That's what boggles me the most - that fact that Server1 works fine. I'm starting to wonder if it's more of a config problem.
2) OR, perhaps it could be Rendezvous.... I've run into some odd problems with this... "...but it seems that the Macs know more about each other than the Windows machine knows about them..."
3) This sounds dumb, but have you shut down the client and rebooted it during your testing? Also, have you checked from more than one Mac client?
4) Are the Mac clients connected to a OS X server?
5) Have you logged into the Mac as a different user and duplicated the problem?
I'll email you to discuss more off-line.
30
30
Quote
Status: offline
danv
Forum User
Junior
Registered: 08/30/04
Posts: 22
1) I too think it's a config issue, and I'm convinced that it's solely because of the IP address with no DNS entry, because other that that, server 1 and server2 config is identical.
I'm going to test that out later, by switching the config's on the two machines. But that has to wait until tomorrow for other reasons.
In the meantime, other speculation about what might be the issue at hand here is welcome!
2) I don't know what Rendezvous is (in terms of Macs...) but I thought that perhaps the communication protocol may be different between the Macs, than between the Mac server and Windows client, resulting in the Macs denying the cookie...
does this thought make sense? And if so, what would the client expect, so that I can try that in the cookie_domain...
3) Sure have. Lots of times. Several different clients. All same result.
4) Clients do not connect to OSX server, just a network of standalones...
5) Yes. different users, same result...
Thanks for the email follow up... will post again after next test tomorrow.
Dan
I'm going to test that out later, by switching the config's on the two machines. But that has to wait until tomorrow for other reasons.
In the meantime, other speculation about what might be the issue at hand here is welcome!
2) I don't know what Rendezvous is (in terms of Macs...) but I thought that perhaps the communication protocol may be different between the Macs, than between the Mac server and Windows client, resulting in the Macs denying the cookie...
does this thought make sense? And if so, what would the client expect, so that I can try that in the cookie_domain...
3) Sure have. Lots of times. Several different clients. All same result.
4) Clients do not connect to OSX server, just a network of standalones...
5) Yes. different users, same result...
Thanks for the email follow up... will post again after next test tomorrow.
Dan
28
30
Quote
Status: offline
rjrufo
Forum User
Regular Poster
Registered: 06/14/03
Posts: 95
I recently switched my GL to a Mac OSX machine, and had a similar problem. I checked the differences in many files from the UNIX machine that previously ran the site and the OSX machine. The only difference I could find was that in php.ini, register_globals was off instead of on. Once I fixed that, the site ran perfectly - even faster than the UNIX machine. (It is a geriatric machine, so I'm not surprised.)
You may want to verify that register_globals is on, since that was causing me problems similar to yours.
You may want to verify that register_globals is on, since that was causing me problems similar to yours.
24
34
Quote
Status: offline
danv
Forum User
Junior
Registered: 08/30/04
Posts: 22
Thanks, but yep, I did this in the course of the setup, and checked it again, and again the only difference between the 2 servers is the IP instead of URL.
And the weirdest thing is that I can login into GL on this server from a Windows machine... so it's not like the server isn't working.
It's that the Mac clients don't accept the cookie for some reason.
Thank you for the suggestion.
Dan
And the weirdest thing is that I can login into GL on this server from a Windows machine... so it's not like the server isn't working.
It's that the Mac clients don't accept the cookie for some reason.
Thank you for the suggestion.
Dan
34
29
Quote
Status: offline
rjrufo
Forum User
Regular Poster
Registered: 06/14/03
Posts: 95
Are you using OSX' built in web server, or something else? You said that it's not accessible from the net, how are you blocking it from the outside world? Firewall? NAT?
Have you tried deleting all your cookies?
I think it's strange that your Macs can't log in, but your Windows machine can. I also find it strange that your Macs aren't accepting cookies. Have you tried various browsers such as Camino, Firebird, or even IE for Mac?
Have you tried deleting all your cookies?
I think it's strange that your Macs can't log in, but your Windows machine can. I also find it strange that your Macs aren't accepting cookies. Have you tried various browsers such as Camino, Firebird, or even IE for Mac?
28
33
Quote
Status: offline
macboy
Forum User
Junior
Registered: 06/10/04
Posts: 15
I'm actually starting to think the Mac's CAN login.... but the refresh isn't working.
Try this...
Go to Server2 and type in your login credentials. After the page redraws and it "looks" like you didn't login, do a shift-refresh. If that doesn't work, do it again. I had this issue with one of my GL sites running under OS X, but the problem went away after a GL upgrade.
BTW, what's the cookie name from Server2???
Try this...
Go to Server2 and type in your login credentials. After the page redraws and it "looks" like you didn't login, do a shift-refresh. If that doesn't work, do it again. I had this issue with one of my GL sites running under OS X, but the problem went away after a GL upgrade.
BTW, what's the cookie name from Server2???
34
28
Quote
Status: offline
danv
Forum User
Junior
Registered: 08/30/04
Posts: 22
OK - I know I'm going to hear about it on this, but the school wants to use Webstar for their server.
Now before anyone says "there's the problem," have a look at server1 - which IS working, and also uses Webstar:
www.mves.aps.edu
As far as why they want to use Webstar, it has to do with ease of administration, automatic updates, and support/license agreements. Understand, they don't have tech people - teachers are going to maintain this site after I get GL set up for them.
Yep, I've deleted cookies, and tried IE for Mac.
And to answer your question, macboy, I have tried the refresh trick as well, with no result. The cookie just never shows up on the client Mac.
As far as how server2 is non-accessable, it's just on a non-routable IP on a completely internal network. It's to be used by the kids in the school, and this provides them with a way to safely chat, post their work, etc. Server1 is for the school to communicate to the outside world, but kids won't use it.
Now before anyone says "there's the problem," have a look at server1 - which IS working, and also uses Webstar:
www.mves.aps.edu
As far as why they want to use Webstar, it has to do with ease of administration, automatic updates, and support/license agreements. Understand, they don't have tech people - teachers are going to maintain this site after I get GL set up for them.
Yep, I've deleted cookies, and tried IE for Mac.
And to answer your question, macboy, I have tried the refresh trick as well, with no result. The cookie just never shows up on the client Mac.
As far as how server2 is non-accessable, it's just on a non-routable IP on a completely internal network. It's to be used by the kids in the school, and this provides them with a way to safely chat, post their work, etc. Server1 is for the school to communicate to the outside world, but kids won't use it.
19
31
Quote
Status: offline
danv
Forum User
Junior
Registered: 08/30/04
Posts: 22
UPDATE:
Part of this project was to document the process so it could be duplicated at other elementary schools. This way they can have their own sites without paying a company $200/month to host it for them.
So - I'm now cloning server1 over server2 to test that procedure.
Until I've completed that, and get it config'd back to be the interal server with the IP as Site_URL again, I can't test anymore ideas.
Here's what I would like to request of all of you out there..
Can anyone with a MacOS X10.3 GL server, try to configure their site_URL as an IP address instead of a URL, then try to login to it with another MacOSX client, and let me know if you can successfully do it. I would be very grateful to know what had to go into the config.php to make it work.
If you can't login with a Mac client - try to login to it with a Windows machine. If that does work then the issue is replicated.
Thank you,
Dan
Part of this project was to document the process so it could be duplicated at other elementary schools. This way they can have their own sites without paying a company $200/month to host it for them.
So - I'm now cloning server1 over server2 to test that procedure.
Until I've completed that, and get it config'd back to be the interal server with the IP as Site_URL again, I can't test anymore ideas.
Here's what I would like to request of all of you out there..
Can anyone with a MacOS X10.3 GL server, try to configure their site_URL as an IP address instead of a URL, then try to login to it with another MacOSX client, and let me know if you can successfully do it. I would be very grateful to know what had to go into the config.php to make it work.
If you can't login with a Mac client - try to login to it with a Windows machine. If that does work then the issue is replicated.
Thank you,
Dan
29
31
Quote
Status: offline
rjrufo
Forum User
Regular Poster
Registered: 06/14/03
Posts: 95
Quote by danv:
Can anyone with a MacOS X10.3 GL server, try to configure their site_URL as an IP address instead of a URL, then try to login to it with another MacOSX client, and let me know if you can successfully do it. I would be very grateful to know what had to go into the config.php to make it work.
If you can't login with a Mac client - try to login to it with a Windows machine. If that does work then the issue is replicated.
Thank you,
Dan
Can anyone with a MacOS X10.3 GL server, try to configure their site_URL as an IP address instead of a URL, then try to login to it with another MacOSX client, and let me know if you can successfully do it. I would be very grateful to know what had to go into the config.php to make it work.
If you can't login with a Mac client - try to login to it with a Windows machine. If that does work then the issue is replicated.
Thank you,
Dan
Dan, out of curiosity, I tried using the IP address on my development server (OSX - 10.3.5 client), with no luck - as far as the Macs are concerned. I don't have any Windows machines anymore, so I couldn't test it with that, but if the Mac didn't receive any cookies, I'm going to assume that that's your problem. I have a duplicate GL installation on the development server to make any modifications that I need, and to test them out, before uploading the changes to the main server. I have the config.php file set to http://localhost, but that won't work for you I'm afraid.
Also, I registered on your site to see how you have it set up, so feel free to delete my account. The username is the same as mine here.
31
34
Quote
AddictedToMac
Anonymous
Have you tried to put your ip address as the $_CONF['cookiedomain'] in your config.php I think I read somewhere that you have to do that for security reasons for some browsers (I might be mis-remembering though).
29
48
Quote
Status: offline
danv
Forum User
Junior
Registered: 08/30/04
Posts: 22
yes - sure have... and again, it works when logging in via windows, so it's config'd properly, just Mac's can't login.
I read something about browsing in Mac environments by Rendezvous names - so I'm going to try that next, and see if that fixes it - if so - it will also mean that only Mac client's will be able to connect... but that should be OK in this location...
I read something about browsing in Mac environments by Rendezvous names - so I'm going to try that next, and see if that fixes it - if so - it will also mean that only Mac client's will be able to connect... but that should be OK in this location...
32
30
Quote
Status: offline
macboy
Forum User
Junior
Registered: 06/10/04
Posts: 15
Rendezvous will give you a bogus domain name of "machine-name.local" Windows machines will fail lookups for this.
You'll find more on Rendezvous (which is actually Apple's name for the Zero-Conf open standard) at http://www.zeroconf.org/ and also at http://developer.apple.com/macosx/rendezvous/faq.html Give it a go and let us know how it works. By the way, OS X's built in Apache under 10.3 (and somewhere in the 10.2.x series) has mod_rendezvous_apple.c configured by default - which lets Apache advertise its websites via Rendezvous. Check the Apache config file in /etc/httpd/httpd.conf and look for rendezvous_apple_module and mod_rendezvous_apple.c.
You'll find more on Rendezvous (which is actually Apple's name for the Zero-Conf open standard) at http://www.zeroconf.org/ and also at http://developer.apple.com/macosx/rendezvous/faq.html Give it a go and let us know how it works. By the way, OS X's built in Apache under 10.3 (and somewhere in the 10.2.x series) has mod_rendezvous_apple.c configured by default - which lets Apache advertise its websites via Rendezvous. Check the Apache config file in /etc/httpd/httpd.conf and look for rendezvous_apple_module and mod_rendezvous_apple.c.
33
43
Quote
Status: offline
danv
Forum User
Junior
Registered: 08/30/04
Posts: 22
OK - this is the answer (I had suspected that someting like this was the case, but thank you's go to macboy for identifying it)...
If I use an IP address for the Site_URL on a GL installation running on a MacOSX machine, I can login with Windows machines AND any MacOS9 or previous - no problems there.
But what happens with the MacOSX clients is that they talk in Rendezvous to the MacOSX server, and they know the Rendezvous name of the server, (machinename.local).
The OSX client rejects the cookie coming from that machine - because GL names it with the Site_URL (in this case the IP) and they expect it to be named with teh Rendezvous name.
SO - to accomodate the OSX clients, I changed the Site_URL to match the Rendezvous name, and browsed to the GL site by Rendezvous name (http://machinename.local), and they now can login great....
the problem with this is that now the Windows and MacOS9 clients cannot login - because they don't speak Rendezvous. (I've looked around for Rendezvous protocol installers for Windows and MacOS9 with no luck so far...)
I've experimented previously with changing around the cookie_name and other settings in the config.php, but this was before I knew about the Rendezvous thing... so I'm next going to see about getting both OS9 and OSX to work by having the Site_URL be the IP address, and manipulating the cookie_name to match the Rendezvous name....
I'll post more if I can figure out anything else.
If I use an IP address for the Site_URL on a GL installation running on a MacOSX machine, I can login with Windows machines AND any MacOS9 or previous - no problems there.
But what happens with the MacOSX clients is that they talk in Rendezvous to the MacOSX server, and they know the Rendezvous name of the server, (machinename.local).
The OSX client rejects the cookie coming from that machine - because GL names it with the Site_URL (in this case the IP) and they expect it to be named with teh Rendezvous name.
SO - to accomodate the OSX clients, I changed the Site_URL to match the Rendezvous name, and browsed to the GL site by Rendezvous name (http://machinename.local), and they now can login great....
the problem with this is that now the Windows and MacOS9 clients cannot login - because they don't speak Rendezvous. (I've looked around for Rendezvous protocol installers for Windows and MacOS9 with no luck so far...)
I've experimented previously with changing around the cookie_name and other settings in the config.php, but this was before I knew about the Rendezvous thing... so I'm next going to see about getting both OS9 and OSX to work by having the Site_URL be the IP address, and manipulating the cookie_name to match the Rendezvous name....
I'll post more if I can figure out anything else.
35
39
Quote
Status: offline
macboy
Forum User
Junior
Registered: 06/10/04
Posts: 15
Since this is indeed the case, the fix is to simply turn off Rendezvous on the server, OR, disable apache from using it. For our purposes, we'll just disable it in Apache. That way all platforms & browsers will be happy (and the fix only takes a few minutes to do)
As always, (insert legal disclaimer here)make sure you back up your httpd.conf file BEFORE editing!!!!!
Open the Apache config file in your favorite editor (I use vi, but you can use whatever floats yer boat!):
locate this line:
...and comment it out like by adding a "#" in front of it so it looks like this:
Next, find this line:
and comment it out as well. Save the file and restart Apache. Now Apache will not advertise itself via Rendezvous, and all your problems should be fixed. Let me know how it goes.
As always, (insert legal disclaimer here)make sure you back up your httpd.conf file BEFORE editing!!!!!
Open the Apache config file in your favorite editor (I use vi, but you can use whatever floats yer boat!):
sudo vi /etc/httpd/httpd.conf
locate this line:
LoadModule rendezvous_apple_module libexec/httpd/mod_rendezvous_apple.so
...and comment it out like by adding a "#" in front of it so it looks like this:
# LoadModule rendezvous_apple_module libexec/httpd/mod_rendezvous_apple.so
Next, find this line:
AddModule mod_rendezvous_apple.c
and comment it out as well. Save the file and restart Apache. Now Apache will not advertise itself via Rendezvous, and all your problems should be fixed. Let me know how it goes.
34
36
Quote
Status: offline
macboy
Forum User
Junior
Registered: 06/10/04
Posts: 15
This is from the Apple Developer site:
http://developer.apple.com/macosx/rendezvous/
and says "...Rendezvous technology is now available on Windows 2000 and XP. This preview release includes full link-local support, allowing Windows machines to discover advertised HTTP and FTP servers using Internet Explorer..."
Though installing this on every machine is NOT the answer, I thought you may find it interesting. There is no hope for OS 9, though. Apple announced last year it was at it's End of Life and no updates would be made pase 9.2.2.
http://developer.apple.com/macosx/rendezvous/
and says "...Rendezvous technology is now available on Windows 2000 and XP. This preview release includes full link-local support, allowing Windows machines to discover advertised HTTP and FTP servers using Internet Explorer..."
Though installing this on every machine is NOT the answer, I thought you may find it interesting. There is no hope for OS 9, though. Apple announced last year it was at it's End of Life and no updates would be made pase 9.2.2.
33
35
Quote
Page navigation
All times are EDT. The time is now 10:33 pm.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content