We are testing application server 6.2 build 512 before upgrading our production system. I can't get support from 2X as we don't have a support agreement, but what I am asking is not support, but reporting BUGS. Why can't I see applications which are published to groups. Works fine if you publish to users. Using the web portal, why do you have to enter the '@domain' in the username. If you don't add this and your password has expired, you get a 'user name invalid' error message. We currently use Deepnet SafeID tokens, which is now integrated. Howerver, if you add the @domain in the username, because you know your password has expired, you get an error 'invalid domain'. The users of this system are external customers to us (just like I am to you), so why should I have to tell them what our domain is called just so that they can login. Why should I have to pay for a support contract when you release software with such fundamental bugs in it. This looks like we are testing the software for you and therefore we should be getting free email support. We will not be upgrading but continue to use the just as unreliable previous version and when I put my new server we will be considering a move back to Citrix unless these issues are sorted. In brief the things we have found to be a problem: Unable to publish applications to groups Shouldn't have to include the domain with the user name when logging. Feel free to call me whatever you like, it can't be as bad as the quality of this release. James - a very disappointed current customer.
I am still on 6.1 as well, but have seen this issue with groups. Apparently others have too: http://www.2x.com/forums/viewtopic.php?t=2088 I was told it is a problem with my AD setup, but every other application I have that uses AD for authentication and authorization (users, groups, and passwords) works fine. The problem for me is intermittent - sometimes the group access control works and the apps are visible, other times they are not. Kevin
I see what you are saying and if this is 2X's response, I think they need to get some better guys working there. We had a copy of the previous version running on this server and all worked perfectly OK publishing to groups. As soon as I upgraded to 6.2 it fails. Having had a quick look at the forum you mentioned, I think there are too many users who have this problem to make me think that groups within AD is not configured correctly. In my opinion, and I am a developer who writes systems which read/write to the AD, this is a 2X problem not an AD group configuration problem. James
Please note below nested groups support wasnt added till 6.2 beta 504 build and any build since has it, it wasnt in 6.1 and previous Application Server and Load Balancer Version 6.2.0 (504) Beta - 28th Nov 2008 Filtering - Support for Group in Group (LDAP Mode filtering) james the email you sent today has actually been tested by our support team and referred to development for further testing and review.
Thanks for update Lee, but you have slightly confused me. With production server is running version 6.1 build 468. We have applications published to AD groups. For our testing of 6.2 I installed 6.1.468 on a different server, configured identical to our production system with applications published to groups. This worked as expected until I upgraded it to 6.2. I thought I might have done something wrong in the upgrade so repeated the process. Same outcome. Third time I did a straight install of 6.2, not upgrading from 6.1. Same thing. Something happed in the 6.2 code change to cause groups to not work. When you say that it has gone to test, are you talking about the published apps to groups or the logging in issue using Deepnet authentication? James
you issue with deepnet 6.2 Server and client must be installed to authenticate for filtering on nested groups (group within a group) 6.1 and before could filter on groups but non nested ones groups within groups is working , the forum article referred to is almost a year old
Thanks Lee I think I may still be a little slow on the uptake here. I have created an organisation unit in my AD of Security. Within this organisation unit I have a Global Security group of Staff. I am a member of this Staff group. Even if I publish an application to the Builtin Users group, I don't see my application. How do you setup a group within a group? And if a group within a group works, how come the simpler group not work? Confusing. James [/img]
hi james i suspect something is wrong on the client or the server side configuration. You can enable logging on the console. The login as you and watch the log, you should see what is being passed ie username and domain and what is being filtered etc based on the log
Lee I think I should have raised my isses under different topics. Are you talking about published applications to groups? If so, I think I know where the problem is and I know how to get around it. I started again. Removed all traces of 2X. Install 6.1, same as our production. Published applications and all was fine. Upgraded to 6.2. I can still see my applications. Changed one of the applications to a different group, which I am a member of. Lost it. When I studied the two applications, I noticed that the changed application filtering is done by LDAP (this is the one I can't see) whilst the other application is done by WINNT (this I can see). I noticed that when adding the filtering, it defaults to use LDAP. I unchecked this and published again to a group I am in and all is fine, using WINNT. It could be a setup issue with LDAP on my server - we don't use it, so why should I configure it! But since I haven't got the server configured to use LDAP, why has 2X all of a sudden decided to use it as default. If you are talking about the login issue, I don't follow. With Deepnet enabled (we use SafeID tokens by the way, not software tokens), I can login fine by enter just the username. If my password has expired, I can't change the password unless I login as username@domain. On the username page, if you put in username@domain you get a message of invalid domain. A catch 22. I will speak with Deepnet on this one and see if they can guide you. James
sorry james, yes two article might have made it easier LDAP is much better for group within groups and resolves issues wiint method has with such groups (nested groups) The change password issue we have confirmed and is something we are looking to improve with Deepnet It is advised that the user always enters the domain with which he is going to authenticate for the time being.
Lee Thanks for this, I follow what you are saying. I am happy with using WINNT, our configuring is not that complicated. At least I know how to get around that problem. Is the mandatory domain name going to be removed. There is a setting on the 2X Connection Settings which as been set to user only our domain. Surely this should be used when logging in. Just a thought! James
hi james the issue doesn't occur when deepnet isnt used for authentication , as its using our method and parses the client domain. As I said earlier they are working on improving this in the product along with a whole new set of exciting features for future releases
