https://connect.hyland.com/t5/alfresco-archive/ntlm-single-sign-on-issues-lmcompatibilitylevel/m-p/158237#M112364 <HTML><HEAD></HEAD><BODY><SPAN>We have a NTLM Single-Sign-On problem that is client dependant. Some machines are working nicely while some others don't.</SPAN><BR /><BR /><SPAN>Client Machines are Windows XP and 2003 Srvr running InternetExplorer 6.0.29. </SPAN><BR /><BR /><SPAN>Our Server is Windows XP SP2 running Alfresco 2.1 on Tomcat 5.5 and Jdk 1.5.0. </SPAN><BR /><BR /><SPAN>We tested Alfresco 2.1.1 and 2.9.0B, with same results.</SPAN><BR /><BR /><SPAN>We activated NTLM debug. It seems that non-working machines are not sending correctly the password, since domain, username and workstation are correctly sent to Alfresco Server.</SPAN><BR /><BR /><SPAN>Set of tests executed on non-working machines:</SPAN><BR /><SPAN>- Upgrade IE to 7.0, no change.</SPAN><BR /><SPAN>- Set IE to ask for user password instead of single-sign-on, no change.</SPAN><BR /><SPAN>- Tried Firefox (no SSO, but asks for usr/passwd). Firefox is logging on correctly on the same machine.</SPAN><BR /><SPAN>- Debugging, here we found some interesting points: password length was much bigger on non-working machines, maybe it has to do with NTLM client settings?</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><BR /><SPAN>In development environment, which was working correctly, changed registry setting: </SPAN><BR /><SPAN>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\lmcompatibilitylevel</SPAN><BR /><SPAN>From value 0 to:</SPAN><BR /><SPAN>1 - Working Ok</SPAN><BR /><SPAN>2 - Working Ok</SPAN><BR /><SPAN>3 - Not working</SPAN><BR /><SPAN>4 - Not working</SPAN><BR /><SPAN>5 - Not working</SPAN><BR /><BR /><BR /><SPAN>Microsoft states that 3 value is forcing the client to use NTLMv2, and in our environment it fails to Authenticate. </SPAN><BR /><A href="http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/regentry/76052.mspx?mfr=true" rel="nofollow noopener noreferrer">http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/regentry/76052.mspx?mfr=true</A><BR /><BR /><SPAN>So the question is, is the NTLMAuthenticationFilter compatible with NTLMv2?</SPAN><BR /><BR /><SPAN>Anyway, probably in production environment we will not be able to change the lmcompatibilitylevel, so, anybody knows a good solution for this issue?</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><BR /><SPAN>Thanks in advance.</SPAN></BODY></HTML> Tue, 12 Feb 2008 11:28:10 GMT javier_arias 2008-02-12T11:28:10Z https://connect.hyland.com/t5/alfresco-archive/ntlm-single-sign-on-issues-lmcompatibilitylevel/m-p/158237#M112364 We have a NTLM Single-Sign-On problem that is client dependant. Some machines are working nicely while some others don't.Client Machines are Windows XP and 2003 Srvr running InternetExplorer 6.0.29. Our Server is Windows XP SP2 running Alfresco 2.1 on Tomcat 5.5 and Jdk 1.5.0. We tested Alfresco 2.1 Tue, 12 Feb 2008 11:28:10 GMT https://connect.hyland.com/t5/alfresco-archive/ntlm-single-sign-on-issues-lmcompatibilitylevel/m-p/158237#M112364 javier_arias 2008-02-12T11:28:10Z https://connect.hyland.com/t5/alfresco-archive/ntlm-single-sign-on-issues-lmcompatibilitylevel/m-p/158238#M112365 <HTML><HEAD></HEAD><BODY><SPAN>Hi</SPAN><BR /><BR /><SPAN>We support up to NTLMv1 - after that you have to move to Kerberos.</SPAN><BR /><BR /><SPAN>Andy</SPAN></BODY></HTML> Wed, 20 Feb 2008 12:54:39 GMT https://connect.hyland.com/t5/alfresco-archive/ntlm-single-sign-on-issues-lmcompatibilitylevel/m-p/158238#M112365 andy 2008-02-20T12:54:39Z https://connect.hyland.com/t5/alfresco-archive/ntlm-single-sign-on-issues-lmcompatibilitylevel/m-p/158239#M112366 <HTML><HEAD></HEAD><BODY><SPAN>Hello Andy,</SPAN><BR /><BR /><SPAN>please could you look at this thread?</SPAN><BR /><A href="http://forums.alfresco.com/viewtopic.php?t=11273" rel="nofollow noopener noreferrer">http://forums.alfresco.com/viewtopic.php?t=11273</A><BR /><BR /><SPAN>got problems with NTLM, is it because NTLMv2?</SPAN><BR /><BR /><SPAN>best regards</SPAN><BR /><SPAN>roman</SPAN></BODY></HTML> Thu, 28 Feb 2008 16:07:29 GMT https://connect.hyland.com/t5/alfresco-archive/ntlm-single-sign-on-issues-lmcompatibilitylevel/m-p/158239#M112366 roman 2008-02-28T16:07:29Z