test

Sun Gathering Debug Data for Sun Java System Web Proxy Server

Procedure1.5.5 To Collect Debug Data on Web Proxy Server Authentication Problems

Use this task to collect data when Web Proxy Server is experiencing authentication problems.

A Web Proxy Server authentication problem is when Proxy Server prohibits access when it should not, or the inability of the Proxy Server to authenticate a user correctly while using the Directory Server for authentication.

  1. Collect the general system information as explained in To Collect Required Debug Data for Any Web Proxy Server Problem.

  2. Provide all the files under the following directories:

    UNIX and Linux

    server-root/proxy-identifier/conifgserver-root/userdbserver-root/httpaclserver-root/adminacl

    Windows

    server-rootproxy-identifier\conifgserver-root\userdbserver-root\httpaclserver-root\adminacl

  3. If the Web Proxy Server uses a Directory Server, provide the access, errors and audit logs of the Directory Server used by the Web Proxy Server.

    • Access log

      UNIX and Linux

      server-root/slapd-identifier/logs/access

      Windows

      server-root\slapd-identifier\logs\access

    • Errors log

      UNIX and Linux

      server-root/slapd-identifier/logs/errors

      Windows

      server-root\slapd-identifier\logs\errors

    • Audit log

      UNIX and Linux

      server-root/slapd-identifier/logs/audit (if enabled)

      Windows

      server-root\slapd-identifier\logs\audit (if enabled)

    Note –

    The paths of these logs files are specified by the following parameters in the dse.ldif file: nsslapd-accesslog, nsslap-errorlog, and nsslapd-auditlog

    The dse.1dif file is located in the config directory:

    UNIX and Linux: server-root/slapd-identifier/config/dse.ldif

    Windows: server-root\slapd-identifier\config\dse.ldif

  4. Provide network trace files between components, such as these:

    • Browser and Proxy Server

    • Proxy Server and Firewall

    • Proxy Server and Directory Server

    • Firewall and the Web

    Here are examples of commands on the proxy server side:

    Solaris

    snoop -V -vvv -d <interface> -o /tmp/proxy-snoop-web <IP_WEB_SERVER>

    HP-UX

    tcpdump -i <interface> -w /tmp/proxy-snoop-web host <IP_WEB_SERVER>

    Note –

    tcpdump for HP-UX is available at: http://hpux.connect.org.uk. You can also use the native command nettl.

    Linux

    tethereal -V -F snoop -i <interface> -w /tmp/proxy-snoop-web host <IP_WEB_SERVER>

    Note –

    You can use the graphical user interface for tethereal or use the command tcpdump. tethereal is available at: http://www.ethereal.com.

    Windows

    tethereal -vvv -i <interface> -w /tmp/proxy-snoop-web host <IP_WEB_SERVER>

    Note –

    You can use either the graphical user interface or the command for tethereal. tethereal is available at: http://www.ethereal.com.

    Note –

    Clearly indicate IP and hostname for each component. This will help to read the network trace files correctly .