<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: Basic SSO and NTLM help, please... Getting frustrated... in Alfresco Archive</title>
    <link>https://connect.hyland.com/t5/alfresco-archive/basic-sso-and-ntlm-help-please-getting-frustrated/m-p/229075#M182205</link>
    <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;SPAN&gt;Try this&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;passthru.authentication.domain=&lt;/SPAN&gt;&lt;BR /&gt;&lt;SPAN&gt;passthru.authentication.servers=MYDOMAIN\\dc.mydomain.local,dc.mydomain.local&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;Don't use the userLocalServer, domain or servers properties at the same time. They are mutually exclusive. If you set domain, it will try to work out your domain server from the domain name. It's most reliable to list the servers explicitly as above. Include a server without a domain mapping as a 'fallback' when no domain is specified in the authentication request.&lt;/SPAN&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
    <pubDate>Tue, 14 Jul 2009 17:26:18 GMT</pubDate>
    <dc:creator>dward</dc:creator>
    <dc:date>2009-07-14T17:26:18Z</dc:date>
    <item>
      <title>Basic SSO and NTLM help, please... Getting frustrated...</title>
      <link>https://connect.hyland.com/t5/alfresco-archive/basic-sso-and-ntlm-help-please-getting-frustrated/m-p/229074#M182204</link>
      <description>This is really wearing me down…&amp;nbsp; :shock: I'm using 3.2 and have read http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems pretty heavily, and I still can't seem to get this to work correctly.All I want to do is the following:1. User visits an Alfresco page and based on the logged in doma</description>
      <pubDate>Tue, 14 Jul 2009 17:15:41 GMT</pubDate>
      <guid>https://connect.hyland.com/t5/alfresco-archive/basic-sso-and-ntlm-help-please-getting-frustrated/m-p/229074#M182204</guid>
      <dc:creator>deaconboogie</dc:creator>
      <dc:date>2009-07-14T17:15:41Z</dc:date>
    </item>
    <item>
      <title>Re: Basic SSO and NTLM help, please... Getting frustrated...</title>
      <link>https://connect.hyland.com/t5/alfresco-archive/basic-sso-and-ntlm-help-please-getting-frustrated/m-p/229075#M182205</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;SPAN&gt;Try this&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;passthru.authentication.domain=&lt;/SPAN&gt;&lt;BR /&gt;&lt;SPAN&gt;passthru.authentication.servers=MYDOMAIN\\dc.mydomain.local,dc.mydomain.local&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;Don't use the userLocalServer, domain or servers properties at the same time. They are mutually exclusive. If you set domain, it will try to work out your domain server from the domain name. It's most reliable to list the servers explicitly as above. Include a server without a domain mapping as a 'fallback' when no domain is specified in the authentication request.&lt;/SPAN&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Tue, 14 Jul 2009 17:26:18 GMT</pubDate>
      <guid>https://connect.hyland.com/t5/alfresco-archive/basic-sso-and-ntlm-help-please-getting-frustrated/m-p/229075#M182205</guid>
      <dc:creator>dward</dc:creator>
      <dc:date>2009-07-14T17:26:18Z</dc:date>
    </item>
    <item>
      <title>Re: Basic SSO and NTLM help, please... Getting frustrated...</title>
      <link>https://connect.hyland.com/t5/alfresco-archive/basic-sso-and-ntlm-help-please-getting-frustrated/m-p/229076#M182206</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;BLOCKQUOTE class="jive-quote"&gt;Try this&lt;/BLOCKQUOTE&gt;&lt;BR /&gt;&lt;SPAN&gt;Trying… Alfresco sure takes a long time to start. Close to five minutes. It makes testing changes that much more painful… &lt;img id="smileysad" class="emoticon emoticon-smileysad" src="https://connect.hyland.com/i/smilies/16x16_smiley-sad.png" alt="Smiley Sad" title="Smiley Sad" /&gt;&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;What kind of hoops am I going to go through to get Share working with this? I read in another thread that NTLM is broken with 3.2?&lt;/SPAN&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Tue, 14 Jul 2009 17:43:57 GMT</pubDate>
      <guid>https://connect.hyland.com/t5/alfresco-archive/basic-sso-and-ntlm-help-please-getting-frustrated/m-p/229076#M182206</guid>
      <dc:creator>deaconboogie</dc:creator>
      <dc:date>2009-07-14T17:43:57Z</dc:date>
    </item>
    <item>
      <title>Re: Basic SSO and NTLM help, please... Getting frustrated...</title>
      <link>https://connect.hyland.com/t5/alfresco-archive/basic-sso-and-ntlm-help-please-getting-frustrated/m-p/229077#M182207</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;SPAN&gt;Well in the upcoming enterprise version you can edit these settings using Jconsole without restarting the entire system but I guess that's no consolation.&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;We expect to have a fix for Share NTLM very soon.&lt;/SPAN&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Tue, 14 Jul 2009 17:46:14 GMT</pubDate>
      <guid>https://connect.hyland.com/t5/alfresco-archive/basic-sso-and-ntlm-help-please-getting-frustrated/m-p/229077#M182207</guid>
      <dc:creator>dward</dc:creator>
      <dc:date>2009-07-14T17:46:14Z</dc:date>
    </item>
    <item>
      <title>Re: Basic SSO and NTLM help, please... Getting frustrated...</title>
      <link>https://connect.hyland.com/t5/alfresco-archive/basic-sso-and-ntlm-help-please-getting-frustrated/m-p/229078#M182208</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;BLOCKQUOTE class="jive-quote"&gt;Try this&lt;/BLOCKQUOTE&gt;&lt;BR /&gt;&lt;SPAN&gt;No dice. Same problem as before.&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;BTW: I am sure that NTLM is enabled and the URL is in my intranet site list.&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;How can I enable some form of debugging for the authentication so I can see what possible issue it is having?&lt;/SPAN&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Tue, 14 Jul 2009 17:48:03 GMT</pubDate>
      <guid>https://connect.hyland.com/t5/alfresco-archive/basic-sso-and-ntlm-help-please-getting-frustrated/m-p/229078#M182208</guid>
      <dc:creator>deaconboogie</dc:creator>
      <dc:date>2009-07-14T17:48:03Z</dc:date>
    </item>
    <item>
      <title>Re: Basic SSO and NTLM help, please... Getting frustrated...</title>
      <link>https://connect.hyland.com/t5/alfresco-archive/basic-sso-and-ntlm-help-please-getting-frustrated/m-p/229079#M182209</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;SPAN&gt;Same problem as before what?&lt;/SPAN&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Tue, 14 Jul 2009 17:50:58 GMT</pubDate>
      <guid>https://connect.hyland.com/t5/alfresco-archive/basic-sso-and-ntlm-help-please-getting-frustrated/m-p/229079#M182209</guid>
      <dc:creator>dward</dc:creator>
      <dc:date>2009-07-14T17:50:58Z</dc:date>
    </item>
    <item>
      <title>Re: Basic SSO and NTLM help, please... Getting frustrated...</title>
      <link>https://connect.hyland.com/t5/alfresco-archive/basic-sso-and-ntlm-help-please-getting-frustrated/m-p/229080#M182210</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;SPAN&gt;Oh I see. Please forgive me. I re-read the original post. Have an idea…&lt;/SPAN&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Tue, 14 Jul 2009 17:52:29 GMT</pubDate>
      <guid>https://connect.hyland.com/t5/alfresco-archive/basic-sso-and-ntlm-help-please-getting-frustrated/m-p/229080#M182210</guid>
      <dc:creator>dward</dc:creator>
      <dc:date>2009-07-14T17:52:29Z</dc:date>
    </item>
    <item>
      <title>Re: Basic SSO and NTLM help, please... Getting frustrated...</title>
      <link>https://connect.hyland.com/t5/alfresco-archive/basic-sso-and-ntlm-help-please-getting-frustrated/m-p/229081#M182211</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;SPAN&gt;In the authentication subsystems wiki, it explains that SSO and CIFS authentication cannot be chained. You have two SSO-capable subsystems in your chain&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;authentication.chain=alfrescoNtlm1:alfrescoNtlm,passthru1&lt;img id="smileytongue" class="emoticon emoticon-smileytongue" src="https://connect.hyland.com/i/smilies/16x16_smiley-tongue.png" alt="Smiley Tongue" title="Smiley Tongue" /&gt;assthru&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;therefore the first enabled one in the chain (alfrescoNtlm1) will do the SSO authentication.&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;Probably best to take alfresco out the chain&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;authentication.chain=passthru1&lt;img id="smileytongue" class="emoticon emoticon-smileytongue" src="https://connect.hyland.com/i/smilies/16x16_smiley-tongue.png" alt="Smiley Tongue" title="Smiley Tongue" /&gt;assthru&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;Or if you really do want Alfresco internal users to be able to log in as well as domain users, you are going to have to switch off sso.enabled on both subsystems.&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;This is a limitation imposed on us by the NTLM negotiation mechanism.&lt;/SPAN&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Tue, 14 Jul 2009 17:55:42 GMT</pubDate>
      <guid>https://connect.hyland.com/t5/alfresco-archive/basic-sso-and-ntlm-help-please-getting-frustrated/m-p/229081#M182211</guid>
      <dc:creator>dward</dc:creator>
      <dc:date>2009-07-14T17:55:42Z</dc:date>
    </item>
    <item>
      <title>Re: Basic SSO and NTLM help, please... Getting frustrated...</title>
      <link>https://connect.hyland.com/t5/alfresco-archive/basic-sso-and-ntlm-help-please-getting-frustrated/m-p/229082#M182212</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;BLOCKQUOTE class="jive-quote"&gt;In the authentication subsystems wiki, it explains that SSO and CIFS authentication cannot be chained. You have two SSO-capable subsystems in your chain&lt;BR /&gt;&lt;BR /&gt;authentication.chain=alfrescoNtlm1:alfrescoNtlm,passthru1&lt;img id="smileytongue" class="emoticon emoticon-smileytongue" src="https://connect.hyland.com/i/smilies/16x16_smiley-tongue.png" alt="Smiley Tongue" title="Smiley Tongue" /&gt;assthru&lt;/BLOCKQUOTE&gt;&lt;BR /&gt;&lt;SPAN&gt;Okay, that makes sense… I was going off of the example that seemed to describe what I want at first glance. I probably misread it in the panic.&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;The fact that it's called "alfresco&lt;/SPAN&gt;&lt;STRONG&gt;Ntml&lt;/STRONG&gt;&lt;SPAN&gt;" when it may or may not have anything to do with NTLM may have thrown me off… I mean, if it says NTLM and it has to do with the local Alfresco user database, in the context of creating local users with matching password hashes, it seems confusing. And even my just-stated understanding may be grossly inaccurate. &lt;img id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://connect.hyland.com/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" /&gt;&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;The chain modification above seems to work. However… I found another somewhat disturbing issue:&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;It looks like &lt;/SPAN&gt;&lt;STRONG&gt;all three&lt;/STRONG&gt;&lt;SPAN&gt; variations of the login/credentials work (user@domain, domain\user, user)&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;Notice my passthru.authentication.defaultAdministratorUserNames contains just "administrator". When I log in as administrator@domain or domain\administrator, I do not receive the administrative icon in the toolbar. When I log in as just "administrator", I do get the admin icon.&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;Won't this cause issues if the user is not using NTLM and has to type their credentials?&lt;/SPAN&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Tue, 14 Jul 2009 18:12:32 GMT</pubDate>
      <guid>https://connect.hyland.com/t5/alfresco-archive/basic-sso-and-ntlm-help-please-getting-frustrated/m-p/229082#M182212</guid>
      <dc:creator>deaconboogie</dc:creator>
      <dc:date>2009-07-14T18:12:32Z</dc:date>
    </item>
    <item>
      <title>Re: Basic SSO and NTLM help, please... Getting frustrated...</title>
      <link>https://connect.hyland.com/t5/alfresco-archive/basic-sso-and-ntlm-help-please-getting-frustrated/m-p/229083#M182213</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;SPAN&gt;I'm trying to understand SSO systems right.&lt;/SPAN&gt;&lt;BR /&gt;&lt;SPAN&gt;I try to use ldap sync and therefore use ldap-ad as second part of my authentication chain. To log the synced users in, I use passthru with SSO and CIFS enabled. This is working good. But I still would like to be able to use the internal guest account for webscripts or what may come.&lt;/SPAN&gt;&lt;BR /&gt;&lt;SPAN&gt;So my requirements are: syncing from ldap-ad, sso through browser, cifs and having a guest account.&lt;/SPAN&gt;&lt;BR /&gt;&lt;SPAN&gt;If I add alfrescoNtlm to the authentication chain I'm either able to login by SSO as 'me', but having no guest account (log saying '[org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Authentication failed, 06150006 Account disabled' when trying to manually sign on as guest) &lt;/SPAN&gt;&lt;EM&gt;or&lt;/EM&gt;&lt;SPAN&gt; having a usable guest account, which is auto-signing me on regardless of my real username.&lt;/SPAN&gt;&lt;BR /&gt;&lt;SPAN&gt;Is this a NTLM-limitation, or did I do something wrong? I tested almost every combination in the authentication chain and of the true/false options that come with the subsystems.&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;Thanks a lot for the clarifying statements in this forum!&lt;/SPAN&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Wed, 15 Jul 2009 15:45:24 GMT</pubDate>
      <guid>https://connect.hyland.com/t5/alfresco-archive/basic-sso-and-ntlm-help-please-getting-frustrated/m-p/229083#M182213</guid>
      <dc:creator>_sax</dc:creator>
      <dc:date>2009-07-15T15:45:24Z</dc:date>
    </item>
    <item>
      <title>Re: Basic SSO and NTLM help, please... Getting frustrated...</title>
      <link>https://connect.hyland.com/t5/alfresco-archive/basic-sso-and-ntlm-help-please-getting-frustrated/m-p/229084#M182214</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;SPAN&gt;It would appear that guest logons are validated against the back-end domain server. So you would have to actually enable the domain guest account to enable guest logins using passthru.&lt;/SPAN&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Wed, 15 Jul 2009 16:42:31 GMT</pubDate>
      <guid>https://connect.hyland.com/t5/alfresco-archive/basic-sso-and-ntlm-help-please-getting-frustrated/m-p/229084#M182214</guid>
      <dc:creator>dward</dc:creator>
      <dc:date>2009-07-15T16:42:31Z</dc:date>
    </item>
    <item>
      <title>Re: Basic SSO and NTLM help, please... Getting frustrated...</title>
      <link>https://connect.hyland.com/t5/alfresco-archive/basic-sso-and-ntlm-help-please-getting-frustrated/m-p/229085#M182215</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;SPAN&gt;Okay, thank you! I checked webscripts, and they are working, even though I'm not able to login manually as guest. So all is well&amp;nbsp; &lt;img id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://connect.hyland.com/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" /&gt;&lt;/SPAN&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Wed, 15 Jul 2009 17:14:42 GMT</pubDate>
      <guid>https://connect.hyland.com/t5/alfresco-archive/basic-sso-and-ntlm-help-please-getting-frustrated/m-p/229085#M182215</guid>
      <dc:creator>_sax</dc:creator>
      <dc:date>2009-07-15T17:14:42Z</dc:date>
    </item>
    <item>
      <title>Re: Basic SSO and NTLM help, please... Getting frustrated...</title>
      <link>https://connect.hyland.com/t5/alfresco-archive/basic-sso-and-ntlm-help-please-getting-frustrated/m-p/229086#M182216</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;SPAN&gt;OK, I have a similar situation.&amp;nbsp; Bottom line is that I got the web authentication working by using the information in this post.&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;I'm having a problem with trying to authenticate with my AD credentials to the cifs share.&amp;nbsp; I can login to the share using the local default admin/admin username and password, but can't use my AD credentials.&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;I have a feeling that I didn't set an option up properly.&amp;nbsp; Can somebody assist in giving a hint on how to accomplish this?&lt;/SPAN&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Fri, 27 Aug 2010 16:48:49 GMT</pubDate>
      <guid>https://connect.hyland.com/t5/alfresco-archive/basic-sso-and-ntlm-help-please-getting-frustrated/m-p/229086#M182216</guid>
      <dc:creator>wiz561</dc:creator>
      <dc:date>2010-08-27T16:48:49Z</dc:date>
    </item>
  </channel>
</rss>

