https://connect.hyland.com/t5/alfresco-archive/alfresco-authentication-using-kerberos/m-p/289216#M242346 <HTML><HEAD></HEAD><BODY><SPAN>Hi Mates,</SPAN><BR /><BR /><SPAN>I am writing this hopefully somebody will help me to fix the issue regarding Kerberos Authentication. I follow to this documentation </SPAN><A href="http://www.anotherstrangerme.com/afresco-integration-with-active-directory-using-kerberos/" rel="nofollow noopener noreferrer">http://www.anotherstrangerme.com/afresco-integration-with-active-directory-using-kerberos/</A><SPAN> to configure kerberos authentication, but can't get it working. Below is my configuration:</SPAN><BR /><BR /><SPAN>1.</SPAN><BR /><BR /><SPAN>authentication.chain=kerberos1:kerberos</SPAN><BR /><BR /><SPAN>2.</SPAN><BR /><BR /><SPAN>kerberos.authentication.realm=MYCOMPANY.COM</SPAN><BR /><SPAN>kerberos.authentication.sso.enabled=true</SPAN><BR /><SPAN>kerberos.authentication.authenticateCIFS=true</SPAN><BR /><SPAN>kerberos.authentication.user.configEntryName=Alfresco</SPAN><BR /><SPAN>kerberos.authentication.cifs.configEntryName=alfrescocifs</SPAN><BR /><SPAN>kerberos.authentication.http.configEntryName=alfrescohttp</SPAN><BR /><SPAN>kerberos.authentication.cifs.password=secrect</SPAN><BR /><SPAN>kerberos.authentication.http.password=secrect</SPAN><BR /><SPAN>kerberos.authentication.defaultAdministratorUserNames=alfrescocifs</SPAN><BR /><SPAN>kerberos.authentication.cifs.enableTicketCracking=false</SPAN><BR /><SPAN>kerberos.authentication.stripUsernameSuffix=true</SPAN><BR /><BR /><SPAN>3. </SPAN><BR /><BR /><SPAN>Alfresco {</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; com.sun.security.auth.module.Krb5LoginModule sufficient;</SPAN><BR /><SPAN>};</SPAN><BR /><SPAN> </SPAN><BR /><SPAN>AlfrescoCIFS {</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; com.sun.security.auth.module.Krb5LoginModule required</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; storeKey=true</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; debug=true</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; useKeyTab=true</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; keyTab="/opt/alfresco/alfrescocifs.keytab"</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; isInitiator=false</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; principal="cifs/alfresco.vng.com.vn";</SPAN><BR /><SPAN>};</SPAN><BR /><SPAN> </SPAN><BR /><SPAN>AlfrescoHTTP {</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; com.sun.security.auth.module.Krb5LoginModule required</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; storeKey=true</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; debug=true</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; useKeyTab=true</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; keyTab="/opt/alfresco/alfrescohttp.keytab"</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; isInitiator=false</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; principal="HTTP/alfresco.vng.com.vn";</SPAN><BR /><SPAN>};</SPAN><BR /><SPAN> </SPAN><BR /><SPAN>ShareHTTP {</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; com.sun.security.auth.module.Krb5LoginModule required</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; storeKey=true</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; useKeyTab=true</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; keyTab="/etc/krb5.alfresco.http.keytab"</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; isInitiator=false</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; principal="HTTP/alfresco.vng.com.vn";</SPAN><BR /><SPAN>};</SPAN><BR /><SPAN> </SPAN><BR /><SPAN>com.sun.net.ssl.client {</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; com.sun.security.auth.module.Krb5LoginModule sufficient;</SPAN><BR /><SPAN>};</SPAN><BR /><SPAN> </SPAN><BR /><SPAN>other {</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; com.sun.security.auth.module.Krb5LoginModule sufficient;</SPAN><BR /><SPAN>};</SPAN><BR /><BR /><SPAN>4.</SPAN><BR /><BR /><SPAN><SPAN>ktpass /princ </SPAN><A class="jive-link-email-small" href="mailto:cifs/alfresco.vng.com.vn@MYCOMPANY.COM" rel="nofollow noopener noreferrer">cifs/alfresco.vng.com.vn@MYCOMPANY.COM</A><SPAN> -pass secrect /mapuser VNG\alfrescocifs -crypto All /ptype KRB5_NT_PRINCIPAL /mapop set +desonly -out D:\Alfresco\alfrescocifs.keytab</SPAN></SPAN><BR /><BR /><SPAN><SPAN>ktpass /princ </SPAN><A class="jive-link-email-small" href="mailto:HTTP/alfresco.vng.com.vn@MYCOMPANY.COM" rel="nofollow noopener noreferrer">HTTP/alfresco.vng.com.vn@MYCOMPANY.COM</A><SPAN> /pass secrect&nbsp; /mapuser VNG\alfrescohttp -crypto All /ptype KRB5_NT_PRINCIPAL /mapop set +desonly -out D:\Alfresco\alfrescohttp.keytab</SPAN></SPAN><BR /><BR /><BR /><SPAN>setspn -a cifs/alfresco alfrescocifs</SPAN><BR /><SPAN>setspn -a cifs/alfresco.mycompany.com alfrescocifs</SPAN><BR /><BR /><SPAN>setspn -a HTTP/alfresco alfrescohttp</SPAN><BR /><SPAN>setspn -a HTTP/alfresco.mycompany.com alfrescohttp</SPAN><BR /><BR /><SPAN>setspn -l alfrescocifs</SPAN><BR /><SPAN>setspn -l alfrescohttp</SPAN><BR /><BR /><BR /><SPAN>5.</SPAN><BR /><BR /><SPAN>[libdefaults]</SPAN><BR /><SPAN>default_realm = MYCOMPANY.COM</SPAN><BR /><SPAN>[realms]</SPAN><BR /><SPAN>MYCOMPANY.COM = {</SPAN><BR /><SPAN>kdc = vnghcmads03.vng.com.vn</SPAN><BR /><SPAN>admin_server = vnghcmads01.mycompany.com</SPAN><BR /><SPAN>}</SPAN><BR /><SPAN>[domain_realm]</SPAN><BR /><SPAN>vnghcmads01.mycompany.com = MYCOMPANY.COM</SPAN><BR /><SPAN>.vnghcmads01.mycompany.com = MYCOMPANY.COM</SPAN><BR /><BR /><BR /><SPAN>But when I login to </SPAN><A href="http://alfresco.mycompany.com:8080/alfresco" rel="nofollow noopener noreferrer">http://alfresco.mycompany.com:8080/alfresco</A><SPAN> - I'm getting the error </SPAN><BR /><BR /><SPAN>Error creating bean with name 'cifsAuthenticator' defined in file [/opt/alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/kerberos/kerberos-authentication-context.xml]: Invocation of init method failed; nested exception is org.alfresco.jlan.server.config.InvalidConfigurationException: Failed to login CIFS server service</SPAN><BR /><BR /><SPAN>Any help would be appriciated !</SPAN><BR /><BR /><SPAN>Best regards,</SPAN></BODY></HTML> Wed, 18 Sep 2013 02:56:01 GMT thanhdc 2013-09-18T02:56:01Z https://connect.hyland.com/t5/alfresco-archive/alfresco-authentication-using-kerberos/m-p/289216#M242346 Hi Mates,I am writing this hopefully somebody will help me to fix the issue regarding Kerberos Authentication. I follow to this documentation http://www.anotherstrangerme.com/afresco-integration-with-active-directory-using-kerberos/ to configure kerberos authentication, but can't get it working. Bel Wed, 18 Sep 2013 02:56:01 GMT https://connect.hyland.com/t5/alfresco-archive/alfresco-authentication-using-kerberos/m-p/289216#M242346 thanhdc 2013-09-18T02:56:01Z https://connect.hyland.com/t5/alfresco-archive/alfresco-authentication-using-kerberos/m-p/289217#M242347 <HTML><HEAD></HEAD><BODY><SPAN>I literarly just figured out what this error is. So how Kerberos is divided up in alfresco is through two files, kerberos-authentication and kerberos-filter . The authentication file is responsible for CIFS/FTP/NFS while the filter is responsible for share/SSO. you're getting this error because in the filter file, the default is kerberos.authentication.sso.enabled=true if you don't need share(keep in mind just to turn it to true doesn't mean share SSO is done, there is more config that I haven't figured out), then turn it to false. </SPAN><BR /><SPAN>I hope that helps!</SPAN><BR /><BR /><SPAN>Thanks, </SPAN><BR /><SPAN>Michael</SPAN></BODY></HTML> Fri, 11 Oct 2013 16:58:54 GMT https://connect.hyland.com/t5/alfresco-archive/alfresco-authentication-using-kerberos/m-p/289217#M242347 msmorcos 2013-10-11T16:58:54Z https://connect.hyland.com/t5/alfresco-archive/alfresco-authentication-using-kerberos/m-p/289218#M242348 <HTML><HEAD></HEAD><BODY><SPAN>Also watch case sensitivity for the JASS and Kerberos principals.&nbsp; You have inconsistent names above.</SPAN></BODY></HTML> Sun, 13 Oct 2013 20:31:08 GMT https://connect.hyland.com/t5/alfresco-archive/alfresco-authentication-using-kerberos/m-p/289218#M242348 mrogers 2013-10-13T20:31:08Z