Hyland Connect

dataman · ‎06-19-2015

Trying to get CIFs working.
Version: 5.0.d

Note I did remove sections that contained passwords and other things we really don't want leaving here.

LDAP authentication seems to work just fine in the web portal. I have done the Local settings in windows change to allow NTLM following the guide here http://docs.alfresco.com/4.0/tasks/troubleshoot-ntlm.html

After I attempt the logon I recieve that my network password is incorrect (Same credentials I use to successfully log into the web portal with and without the domain prefix)

I turned on debugging logging by going to \tomcat\webapps\alfresco\web-inf\classes\log4j.properties and set the root logger to
log4j.rootLogger=debug, Console, File to allow extra logs

The only logs I recieve about SMB are here:
2015-06-19 15:47:05,757 ERROR [org.alfresco.filesys.auth.cifs.PassthruCifsAuthenticator] [AlfJLANWorker25] org.alfresco.jlan.smb.SMBException: Invalid parameter
2015-06-19 15:47:05,772 ERROR [org.alfresco.filesys.auth.cifs.PassthruCifsAuthenticator] [AlfJLANWorker2] org.alfresco.jlan.smb.SMBException: Invalid parameter

Am I missing something obvious?

Error Logs:


###############################
## Common Alfresco Properties #
###############################


# The server mode. Set value here
# UNKNOWN | TEST | BACKUP | PRODUCTION
system.serverMode=UNKNOWN




### E-mail site invitation setting ###
notification.email.siteinvite=false


### Solr indexing ###
index.subsystem.name=solr4
dir.keystore=${dir.root}/keystore
solr.port.ssl=8443

### BPM Engine ###
system.workflow.engine.jbpm.enabled=false

### Allow extended ResultSet processing
security.anyDenyDenies=false

mail.host=mailrelay
mail.port=25
mail.username=
mail.password=
mail.encoding=UTF-8
mail.from.default=noreply@noone.com
mail.smtp.auth=false

mail.testmessage.text=The Outbound SMTP email subsystem is working.

### CIFS/SMB Server Configuration ###
cifs.enabled=true
cifs.domain=ld.local
cifs.serverName=${localname}a
cifs.hostannounce=true

#CIFS with LDAP We have to use passthru for CIFS due to limitations in how cifs has to authenticate
ntlm.authentication.authenticateCIFS=false
ntlm.authentication.sso.enabled=false #Must be disabled to allow chained password-based login


#ntlm.authentication.mapUnknownUserToGuest=false

alfresco.authentication.authenticateCIFS=false
#alfresco.authentication.allowGuestLogin=false


passthru.authentication.useLocalServer=false
passthru.authentication.domain=
passthru.authentication.guestAccess=false
passthru.authentication.defaultAdministratorUserNames=supersecretusername
passthru.authentication.connectTimeout=5000
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=TCPIP,NETBIOS
passthru.authentication.servers=LD\\123.12.12.12
passthru.authentication.authenticateCIFS=true
passthru.authentication.offlineCheckInterval=300

#LDAP authentication
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=%s@ld.local
ldap.authentication.java.naming.provider.url=ldap://ld.local:389
ldap.authentication.defaultAdministratorUserNames=secretusername
ldap.authentication.active=false
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=CN\=alfresco,OU\=ServiceAccounts, (TRUNCATED)
ldap.synchronization.java.naming.security.credentials=superdupersecret
ldap.synchronization.groupSearchBase=OU\=Groups,(TRUNCATED)
ldap.synchronization.userSearchBase=OU\=Users,(TRUNCATED)


authentication.chain=alfrescoNtlm1:alfrescoNtlm,passthru1:passthru,ldap1:ldap
ntlm.authentication.sso.enabled=false
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

borisstankov · ‎06-22-2015

Everything looks good.

In my expiriance you need to put above all authentication properties those two:


authentication.chain=alfrescoNtlm1:alfrescoNtlm,passthru1:passthru,ldap1:ldap
ntlm.authentication.sso.enabled=false
‍‍‍‍

Just after the mail settings.
Also just after that you need to put this or as a first property when you specify all passthru properties:


passthru.authentication.authenticateCIFS=true
‍‍‍

Honestly I can't help you much (but it's better than nothing), because I now sure how exactly passthru works, but I did a reseach for your error and here is what I found. I believe that could help you resolve this problem:
https://forums.alfresco.com/forum/installation-upgrades-configuration-integration/authentication-lda...
https://forums.alfresco.com/forum/installation-upgrades-configuration-integration/configuration/cif-...

This is not that close to your problem, but could help you too:
https://forums.alfresco.com/forum/installation-upgrades-configuration-integration/authentication-lda...

Cheers!

dataman · ‎06-22-2015

Thank you very much Boris!

For everyone that searches for this type of error later, be sure to enable more verbose logging. I did this by going to Alfresco\tomcat\webapps\WEB-INF\classses\log4j.properties and changed the top line to log4j.rootLogger=debug, Console, File . You can then search your log file for CIFS or SMB normally this will help you track down the issue.

It seems that the configuration I sent over had the ntlm.authentication.sso.enabled=false set to true instead of false on my alfresco server.

This was the issue for me. I really appreciate the help thanks!

Hyland Connect

5.0.d - CIFS SMB Exception - passthru and ldap properties included