Re: Random 403 forbidden errors on newer Workstations
Craig Johnson
> Anybody have seen anything similar?
>
Yes, kind of, but almost certainly unrelated. There was an old bug, I
think with 3.7, where the server would kind of lose proxy
authentication for a certain IP address and clntrust would stop
working. The workarounds there were to restart proxy, or change the
PC's IP address. That bug was fixed long ago.
Your bug sounds workstation-related, if it changes behavior with a
reboot. What I'd like to know is what kind of clntrust stats are
showing up when the problem occurs. 0's? Thousands of unsuccessful
attempts? Thousands of successful attempts?
Do you have a personal firewall of any kind running on those pc's? If
so, you need to open UDP port 3024. See tip #15 at the URL below.
Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on
BorderManager, go to http://www.craigjconsulting.com ***
Craig Johnson
> there were no authentication attempts whatsoever.
>
Try running dwntrust, then clntrust to restart clntrust next time, and
see if the stats change.
You do run dwntrust in the login script?
Craig Johnson
> everything was fine (until we would have updated clntrust and bump up
> the release of the zenapp the next time:-))
>
Well, that would have been extremely difficult to troubleshoot via the
forums! Glad you found it and gave us some feedback.
I'm curious as to why not simply run it from a login script? I don't
see a problem doing that, and it leads to less complications.
Craig Johnson
I solved the copy-on-upgrade issue years ago. Don't launch from
public. Launch from public/cln. Then when you need to update
clntrust, rename the cln directory to cln.old, create a new cln
directory and put the new version there.
Craig Johnson
> lab, it's been quite a while now.
>
Just make it easy to run DWNTRUST.
My CLN directory idea has been in my BMgr book for a long time now...