https://connect.hyland.com/t5/alfresco-archive/kerberors-auth-against-ms-ad/m-p/29826#M15271 <HTML><HEAD></HEAD><BODY><SPAN>Hello Everyone,</SPAN><BR /><BR /><SPAN>I'm new to Alfresco. First of all everything is working fine with my configuration.</SPAN><BR /><SPAN>The Authentication over LDAP to the Active Directory works fine.</SPAN><BR /><BR /><SPAN>Now I want activate CIFS and authentification with Kerberos.</SPAN><BR /><SPAN>I finished all steps succesfully from here: </SPAN><A href="http://docs.alfresco.com/5.0/tasks/auth-kerberos-ADconfig.html" rel="nofollow noopener noreferrer">http://docs.alfresco.com/5.0/tasks/auth-kerberos-ADconfig.html</A><BR /><SPAN>But If I start Alfresco, in the log comes the following failures:</SPAN><BR /><BR /><SPAN>2015-03-26 13:13:18,612 ERROR [org.alfresco.filesys.auth.cifs.EnterpriseCifsAuthenticator] [localhost-startStop-1] CIFS Kerberos authenticator error</SPAN><BR /><SPAN>javax.security.auth.login.LoginException: Client not found in Kerberos database (6)</SPAN><BR /><SPAN>&nbsp;&nbsp; Caused by: KrbException: Client not found in Kerberos database (6)</SPAN><BR /><SPAN>&nbsp;&nbsp; Caused by: KrbException: Identifier doesn't match expected value (906)</SPAN><BR /><BR /><SPAN>2015-03-26 13:13:18,617 WARN&nbsp; [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Startup of 'Authentication' subsystem, ID: [Authentication, managed, kerberos1] failed</SPAN><BR /><SPAN>org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'cifsAuthenticator' defined in URL [jar:file:/opt/alfresco-5.0.d/tomcat/webapps/alfresco/WEB-INF/lib/alfresco-repository-5.0.d.jar!/alfresco/subsystems/Authentication/kerberos/kerberos-authentication-context.xml]: Invocation of init method failed; nested exception is org.alfresco.jlan.server.config.InvalidConfigurationException: Failed to login CIFS server service</SPAN><BR /><SPAN>&nbsp;&nbsp; Caused by: org.alfresco.jlan.server.config.InvalidConfigurationException: Failed to login CIFS server service</SPAN><BR /><BR /><SPAN>I have installed Alfresco 5.0.d (and with Alfresco 5.0.c I have the same Problem).</SPAN><BR /><SPAN>The Authentication works against a Windows Server 2012 R2 Active Directory.</SPAN><BR /><SPAN>If I execute the command 'kinit -V -k -t /etc/keys/AlfrescoCIFS.keytab "cifs/sles-alfresco.my.domain"' everything works fine - </SPAN><BR /><BR /><SPAN>Using existing cache: :/run/user/0/krb5cc/tkt</SPAN><BR /><SPAN>Using principal: cifs/sles-alfresco.my.domain@MY.DOMAIN</SPAN><BR /><SPAN>Using keytab: /etc/keys/AlfrescoCIFS.keytab</SPAN><BR /><SPAN>Authenticated to Kerberos v5</SPAN><BR /><BR /><SPAN>Here are some examples from my configs:</SPAN><BR /><BR /><SPAN>krb5.conf</SPAN><BR /><SPAN>[libdefaults]</SPAN><BR /><SPAN>#&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; default_realm = EXAMPLE.COM</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; default_realm = my.domain</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; default_keytab_name = FILE:/etc/keys/AlfrescoCIFS.keytab</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; default_tkt_enctypes = rc4-hmac aes256-cts aes128-cts des3-cbc-sha1 des-cbc-md5 des-cbc-crc</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; default_tgs_enctypes = rc4-hmac aes256-cts aes128-cts des3-cbc-sha1 des-cbc-md5 des-cbc-crc</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; permitted_enctypes = rc4-hmac aes256-cts aes128-cts des3-cbc-sha1 des-cbc-md5 des-cbc-crc</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; dns_lookup_kdc = true</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; dns_lookup_realm = false</SPAN><BR /><BR /><SPAN>[realms]</SPAN><BR /><SPAN>#&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; EXAMPLE.COM = {</SPAN><BR /><SPAN>#&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; kdc = kerberos.example.com</SPAN><BR /><SPAN>#&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; admin_server = kerberos.example.com</SPAN><BR /><SPAN>#&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; CONSENSO.LOCAL = {</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; kdc = dc01.my.domain</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; admin_server = dc01.my.domain</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }</SPAN><BR /><BR /><SPAN>[domain_realm]</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; dc01.my.domain = MY.DOMAIN</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .dc01.my.domain = MY.DOMAIN</SPAN><BR /><BR /><SPAN>[logging]</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; kdc = FILE:/var/log/krb5/krb5kdc.log</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; admin_server = FILE:/var/log/krb5/kadmind.log</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; default = SYSLOG:NOTICE<img id="smileyvery-happy" class="emoticon emoticon-smileyvery-happy" src="https://connect.hyland.com/i/smilies/16x16_smiley-very-happy.png" alt="Smiley Very Happy" title="Smiley Very Happy" />AEMON</SPAN><BR /><BR /><BR /><BR /><SPAN>alfresco-global.properties:</SPAN><BR /><SPAN>## cifs</SPAN><BR /><SPAN>filesystem.name=Alfresco</SPAN><BR /><SPAN>cifs.enabled=true</SPAN><BR /><SPAN>cifs.serverName=sles-alfresco</SPAN><BR /><SPAN>cifs.domain=my.domain</SPAN><BR /><SPAN>cifs.hostannounce=false</SPAN><BR /><SPAN>cifs.pseudoFiles.enabled=false</SPAN><BR /><SPAN>cifs.pseudoFiles.explorerURL.enabled=false</SPAN><BR /><SPAN>cifs.pseudoFiles.explorerURL.fileName=__Alfresco.url</SPAN><BR /><SPAN>cifs.pseudoFiles.shareURL.enabled=false</SPAN><BR /><SPAN>cifs.pseudoFiles.shareURL.fileName=__Share.url</SPAN><BR /><SPAN>ftp.enabled=false</SPAN><BR /><SPAN>nfs.enabled=false</SPAN><BR /><BR /><BR /><BR /><SPAN>java.login.config:</SPAN><BR /><SPAN>Alfresco {</SPAN><BR /><SPAN>&nbsp;&nbsp; com.sun.security.auth.module.Krb5LoginModule sufficient;</SPAN><BR /><SPAN>};</SPAN><BR /><BR /><SPAN>AlfrescoCIFS {</SPAN><BR /><SPAN>&nbsp;&nbsp; com.sun.security.auth.module.Krb5LoginModule required</SPAN><BR /><SPAN>&nbsp;&nbsp; storeKey=true</SPAN><BR /><SPAN>&nbsp;&nbsp; useKeyTab=true</SPAN><BR /><SPAN>&nbsp;&nbsp; doNotPrompt=true</SPAN><BR /><SPAN>&nbsp;&nbsp; keyTab="/etc/keys/AlfrescoCIFS.keytab"</SPAN><BR /><SPAN>&nbsp;&nbsp; principal="cifs/sles-alfresco.my.domain";</SPAN><BR /><SPAN>};</SPAN><BR /><BR /><SPAN>AlfrescoHTTP</SPAN><BR /><SPAN>{</SPAN><BR /><SPAN>&nbsp;&nbsp; com.sun.security.auth.module.Krb5LoginModule required</SPAN><BR /><SPAN>&nbsp;&nbsp; storeKey=true</SPAN><BR /><SPAN>&nbsp;&nbsp; useKeyTab=true</SPAN><BR /><SPAN>&nbsp;&nbsp; doNotPrompt=true</SPAN><BR /><SPAN>&nbsp;&nbsp; keyTab="/etc/keys/AlfrescoHTTP.keytab"</SPAN><BR /><SPAN>&nbsp;&nbsp; principal="HTTP/sles-alfresco.my.domain";</SPAN><BR /><SPAN>};</SPAN><BR /><BR /><SPAN>com.sun.net.ssl.client {</SPAN><BR /><SPAN>&nbsp;&nbsp; com.sun.security.auth.module.Krb5LoginModule sufficient;</SPAN><BR /><SPAN>};</SPAN><BR /><BR /><SPAN>other {</SPAN><BR /><SPAN>&nbsp;&nbsp; com.sun.security.auth.module.Krb5LoginModule sufficient;</SPAN><BR /><SPAN>};</SPAN><BR /><BR /><BR /><SPAN>Hope you can help me.</SPAN><BR /><SPAN>Thanks</SPAN><BR /><BR /><SPAN>Patrick</SPAN><BR /><BR /><BR /></BODY></HTML> Thu, 26 Mar 2015 13:07:27 GMT patsch 2015-03-26T13:07:27Z https://connect.hyland.com/t5/alfresco-archive/kerberors-auth-against-ms-ad/m-p/29826#M15271 Hello Everyone,I'm new to Alfresco. First of all everything is working fine with my configuration.The Authentication over LDAP to the Active Directory works fine.Now I want activate CIFS and authentification with Kerberos.I finished all steps succesfully from here: http://docs.alfresco.com/5.0/tasks Thu, 26 Mar 2015 13:07:27 GMT https://connect.hyland.com/t5/alfresco-archive/kerberors-auth-against-ms-ad/m-p/29826#M15271 patsch 2015-03-26T13:07:27Z https://connect.hyland.com/t5/alfresco-archive/kerberors-auth-against-ms-ad/m-p/29827#M15272 <HTML><HEAD></HEAD><BODY><SPAN>Hello,</SPAN><BR /><BR /><SPAN>I found a solution, so my Configuration works for me.</SPAN><BR /><SPAN>There is another file, that I must edit.</SPAN><BR /><BR /><SPAN>/opt/alfresco/tomcat/shared/classes/web-extension/share-config-custom.xml</SPAN><BR /><BR /><SPAN>Best regards</SPAN><BR /><SPAN>Patrick</SPAN></BODY></HTML> Mon, 30 Mar 2015 14:42:21 GMT https://connect.hyland.com/t5/alfresco-archive/kerberors-auth-against-ms-ad/m-p/29827#M15272 patsch 2015-03-30T14:42:21Z