https://connect.hyland.com/t5/alfresco-archive/active-directory-integration-seriously-very-broken/m-p/53886#M32007 <HTML><HEAD></HEAD><BODY><SPAN>I've tried following the steps outlined in </SPAN><A href="http://wiki.alfresco.com/wiki/Configuring_NTLM" rel="nofollow noopener noreferrer">http://wiki.alfresco.com/wiki/Configuring_NTLM</A><SPAN> and no matter how hard I try to enter in my domain name and enter the IP addresses (or hostnames) of my Active Directory servers, it always throws an exception: "Failed to find domain controller or browse master for domainname"</SPAN><BR /><BR /><SPAN>A tcpdump on the system shows broadcasts being sent, and replies back, but the error never varies.</SPAN><BR /><BR /><SPAN>Trying a different approach, I've configured jaas-kerberos authentication according to </SPAN><A href="http://wiki.alfresco.com/wiki/Enterprise_Security_and_Authentication_Configuration" rel="nofollow noopener noreferrer">http://wiki.alfresco.com/wiki/Enterprise_Security_and_Authentication_Configuration</A><SPAN> and each time I try /that/, I get a different exception: "File server configuration error, Wrong authentication setup for alfresco authenticator"</SPAN><BR /><BR /><SPAN>After searching for this error on the wiki, I find references to the LDAP synchronization stuff, and I'm assuming I'm not there yet. Shouldn't kerberos ticketing (e.g. kinit) stuff work independant of ldap? A tcpdump in this type of configuration shows no attempt to connect to any of my domain controllers via port 88.</SPAN><BR /><BR /><SPAN>I'm so horribly confused. Do I want JAAS, NTLM, LDAP, or PassThru? Or a combination of any two? Or three?</SPAN><BR /><BR /><SPAN>Does anyone have this working in the real world who can provide an example of what they've modified in thier configs to get it to work? The forums and the wiki are sending me in every direction, and each one is a dead end.</SPAN><BR /><BR /><SPAN>All my "normal" stuff like kinit, and ldapsearch with SASL GSSAPI (e.g. no password, authenticated connection to LDAP via kerberos ticket) all works perfectly from the shell against my Active Directory, so it can't be a system configuration or Active Directory problem.</SPAN></BODY></HTML> Sat, 23 Sep 2006 04:52:39 GMT blentz 2006-09-23T04:52:39Z https://connect.hyland.com/t5/alfresco-archive/active-directory-integration-seriously-very-broken/m-p/53886#M32007 I've tried following the steps outlined in http://wiki.alfresco.com/wiki/Configuring_NTLM and no matter how hard I try to enter in my domain name and enter the IP addresses (or hostnames) of my Active Directory servers, it always throws an exception: "Failed to find domain controller or browse maste Sat, 23 Sep 2006 04:52:39 GMT https://connect.hyland.com/t5/alfresco-archive/active-directory-integration-seriously-very-broken/m-p/53886#M32007 blentz 2006-09-23T04:52:39Z https://connect.hyland.com/t5/alfresco-archive/active-directory-integration-seriously-very-broken/m-p/53887#M32008 <HTML><HEAD></HEAD><BODY><SPAN>The LDAP stuff works, but I still get the error "File server configuration error, Wrong authentication setup for alfresco authenticator". I'd love for someone to help me get this one resolved.</SPAN><BR /><BR /><SPAN>JAAS still broken.</SPAN><BR /><SPAN>NTLM still broken.</SPAN><BR /><BR /><SPAN>None of the LDAP synchronziation stuff works, either. When I modify scheduled-jobs-context.xml and add the triggers according to </SPAN><A href="http://wiki.alfresco.com/wiki/Enterprise_Security_and_Authentication_Configuration#LDAP_People_synchronisation" rel="nofollow noopener noreferrer">http://wiki.alfresco.com/wiki/Enterprise_Security_and_Authentication_Configuration#LDAP_People_synchronisation</A><SPAN>, things blow up. The file says "Triggers should not appear here" yet the Enterprise Security doc gives an example doing exactly that. I get errors like "Error creating bean with name 'ftsIndexerTrigger' defined in class path resource" when I try this.</SPAN></BODY></HTML> Sat, 23 Sep 2006 06:06:38 GMT https://connect.hyland.com/t5/alfresco-archive/active-directory-integration-seriously-very-broken/m-p/53887#M32008 blentz 2006-09-23T06:06:38Z https://connect.hyland.com/t5/alfresco-archive/active-directory-integration-seriously-very-broken/m-p/53888#M32009 <HTML><HEAD></HEAD><BODY><SPAN>Hi</SPAN><BR /><BR /><SPAN>See</SPAN><BR /><BR /><SPAN>config\alfresco\extension\ldap-authentication-context.xml.sample</SPAN><BR /><BR /><SPAN>You should use this example to set up LDAP.</SPAN><BR /><SPAN>There are other examples for NTLM and JAAS.</SPAN><BR /><BR /><SPAN>The example includes registration with the scheduler - which you will have to uncomment. There is no reason to change scheduled-jobs-context.xml with 1.3 and above. However, your error suggests there is something wrong with the changes you have made to this file.</SPAN><BR /><BR /><SPAN>"File server configuration error, Wrong authentication setup for alfresco authenticator". This is not terminal - this means the authentication system will not support CIFS. Not all do. Only Alfresco and PassThru do unless CIFS is configured to use Kerberos on Windows.</SPAN><BR /><BR /><SPAN>What you need to configure for authentication depends on what you want to do. </SPAN><BR /><BR /><SPAN>The wiki docs are due for updating in the next few weeks foe 1.4. JAAS, NTLM, LDAP, or PassThru all work when configured correctly. </SPAN><BR /><BR /><SPAN>Regards</SPAN><BR /><BR /><SPAN>Andy</SPAN></BODY></HTML> Tue, 26 Sep 2006 08:40:44 GMT https://connect.hyland.com/t5/alfresco-archive/active-directory-integration-seriously-very-broken/m-p/53888#M32009 andy 2006-09-26T08:40:44Z https://connect.hyland.com/t5/alfresco-archive/active-directory-integration-seriously-very-broken/m-p/53889#M32010 <HTML><HEAD></HEAD><BODY><SPAN>What about kerberos on linux? Why doesn't that work?</SPAN></BODY></HTML> Tue, 03 Oct 2006 14:11:23 GMT https://connect.hyland.com/t5/alfresco-archive/active-directory-integration-seriously-very-broken/m-p/53889#M32010 blentz 2006-10-03T14:11:23Z https://connect.hyland.com/t5/alfresco-archive/active-directory-integration-seriously-very-broken/m-p/53890#M32011 <HTML><HEAD></HEAD><BODY><SPAN>Hi</SPAN><BR /><BR /><SPAN>You can use JAAS/Kerberos authentication on linux and against a linux Kerberos server. The default kerberos/JAAS implementation should be fine. If not, you can use any other Kerberos JAAS provider. The question is "Does you client support Kerberos tickets?". Which it will, if it is IE.</SPAN><BR /><BR /><SPAN>You need to set Kerberos up and configure it. Single sign on against a non active directory/windows configuration is another issue. I believe it is possible but I (personally not we Alfresco) have not set it up and tested it. The client application is import.</SPAN><BR /><BR /><SPAN>If you are still having trouble I suggest you get in touch with Support </SPAN><BR /><A href="http://www.alfresco.com/services/support" rel="nofollow noopener noreferrer">http://www.alfresco.com/services/support</A><BR /><BR /><SPAN>There are many people authenticating against AD and extacting users and groups from AD using LDAP.</SPAN><BR /><BR /><SPAN>Regards</SPAN><BR /><BR /><SPAN>Andy</SPAN></BODY></HTML> Tue, 10 Oct 2006 08:14:02 GMT https://connect.hyland.com/t5/alfresco-archive/active-directory-integration-seriously-very-broken/m-p/53890#M32011 andy 2006-10-10T08:14:02Z https://connect.hyland.com/t5/alfresco-archive/active-directory-integration-seriously-very-broken/m-p/53891#M32012 <HTML><HEAD></HEAD><BODY><SPAN>Hi,</SPAN><BR /><BR /><SPAN>I noticed that this post is quite old.&nbsp; Still, as I was getting the same kind of problem, and had to troubleshoot the issue for some time to get the 'domain controller not found' error gone, I am posting here, hoping it might be useful.&nbsp; (I am still troubleshooting– I am getting a 'Passthru server list already configured' error now on Alfresco 2.0, but I am still trying to fix that one).</SPAN><BR /><BR /><SPAN>When I got the domain controller not found error, I did a tcpdump on my interfaces and noticed that netbios broadcasts were being sent to the loopback interface.&nbsp; Changing the /etc/hosts to map the public ip address of the server to the hostname (alfresco.mytestdomain.com), I was able to get rid of the first error.&nbsp; Previously, alfresco.mytestdomain.com was mapped to 127.0.0.1 in /etc/hosts, which is why broadcasts were being sent to the loopback interface only, and I was getting the domain controller not found issue.</SPAN></BODY></HTML> Mon, 02 Jul 2007 08:23:37 GMT https://connect.hyland.com/t5/alfresco-archive/active-directory-integration-seriously-very-broken/m-p/53891#M32012 prajjwal 2007-07-02T08:23:37Z https://connect.hyland.com/t5/alfresco-archive/active-directory-integration-seriously-very-broken/m-p/53892#M32013 <HTML><HEAD></HEAD><BODY><SPAN>I have started a thread that I hope to eventually turn into a AlfrescoWiki page for how to configure Active Directory authentication for both CIFS and the Web Interface in Alfresco Labs 3c.</SPAN><BR /><BR /><SPAN>Please see my thread:</SPAN><BR /><STRONG><A href="http://forums.alfresco.com/en/viewtopic.php?f=9&amp;t=16242" rel="nofollow noopener noreferrer">[ERROR]Alfresco Engineers: CIFS auth does not work. Sugg?</A></STRONG><BR /><BR /><SPAN>Please come join in the discussion, or at least subscribe to the thread. I want to try to get everyone having these types of issues into the thread so that we can get a large collection of experiences and configurations.</SPAN><BR /><BR /><SPAN>We </SPAN><STRONG>WILL</STRONG><SPAN> find the answer for how to enable Active Directory authentication with CIFS in Alfresco!!</SPAN></BODY></HTML> Tue, 13 Jan 2009 20:39:11 GMT https://connect.hyland.com/t5/alfresco-archive/active-directory-integration-seriously-very-broken/m-p/53892#M32013 meansartin14 2009-01-13T20:39:11Z