Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Active Direcory & Alfresco

adnan_douglas
Champ in-the-making
Champ in-the-making

‎09-06-2009 08:52 AM

Dears,

Can anyone help me to configure Alfresco authentication to use Active Directory? I need the steps for the configuration.
Please Advice.

Regards,
Adnan Douglas
Labels:
0 Kudos
35 REPLIES 35

dward
Champ on-the-rise
Champ on-the-rise

‎09-07-2009 04:33 AM

I would suggest an authentication chain containing the passthru subsystem for authentication and the ldap-ad subsystem for synchronization. You will get NTLM SSO and CIFS authentication against the domain server by default.

Just set the following in alfresco-global.properties

authentication.chain=passthru1Smiley Tongueassthru,ldap1:ldap-ad
ldap.authentication.active=false
passthru.authentication.domain=# Intentionally left blank
passthru.authentication.servers=DOMAIN\\domaincontroller.com,domaincontroller.com
passthru.authentication.defaultAdministratorUserNames=Administrator
ldap.authentication.java.naming.provider.url=ldap://domaincontroller.com:389
ldap.synchronization.java.naming.security.principal=alfresco@domain
ldap.synchronization.java.naming.security.credentials=secret
ldap.synchronization.groupSearchBase=ou=Security Groups,ou=Alfresco,dc=domain
ldap.synchronization.userSearchBase=ou=User Accounts,ou=Alfresco,dc=domain

I would recommend taking a v3.3 nightly build or building from HEAD, as a number of improvements have been made since the v3.2 Community release.

See http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems for a guide to all these parameters and their meanings.
0 Kudos

luisg
Champ in-the-making
Champ in-the-making

‎09-07-2009 06:09 AM

Hi dward and thanks for your post.

I configured my alfresco with your tips and worked fine.
One more question, if I want to use CIFS I need to add alfrescoNTLM1:alfrescoNTLM to authentication.chain in alfresco-global.properties? I need to change anything in file-servers.properties? I'm asking this because I'm getting:


ERROR [org.alfresco.fileserver] Failed to get local domain/workgroup name, using default of WORKGROUP
ERROR [org.alfresco.fileserver] (This may be due to firewall settings or incorrect <broadcast> setting)

One more time, thanks. Waiting for an answer…

Luis
0 Kudos

dward
Champ on-the-rise
Champ on-the-rise

‎09-07-2009 06:24 AM

No. Like I said

You will get NTLM SSO and CIFS authentication against the domain server by default.

When running on Linux, or with the Windows native code disabled, you will need to tell the CIFS server your domain name. Try this in alfresco-global.properties

cifs.domain=YOURDOMAIN
0 Kudos

adnan_douglas
Champ in-the-making
Champ in-the-making

‎09-07-2009 06:32 AM

I did the below config but once i try to authenticate I received the following error:
"The remote server may be unavailable or your authentication details have not been recognized."

Please advice and help,
I need to see the authentication log to determine the problem.
0 Kudos

dward
Champ on-the-rise
Champ on-the-rise

‎09-07-2009 06:43 AM

What do you see in alfresco.log?
0 Kudos

luisg
Champ in-the-making
Champ in-the-making

‎09-07-2009 07:00 AM

ok

Now I dont have the erros. But I tried to test with:

smbclient \\\\localname\\alfresco -U user_from_ad

and get a 'session setup failed: NT_STATUS_LOGON_FAILURE'

I also tried smbclient \\\\localnameA\\alfresco -U user_from_ad and get Connection to localnameA failed (Error NT_STATUS_BAD_NETWORK_NAME)

What is missing?
0 Kudos

dward
Champ on-the-rise
Champ on-the-rise

‎09-07-2009 07:05 AM

The Alfresco share has a capital A.

Try with and without domain prefixes on the user name, e.g. -U 'DOMAIN\user'
0 Kudos

luisg
Champ in-the-making
Champ in-the-making

‎09-07-2009 07:27 AM

It's not workin  :shock:

my machine name is alfresco
my machine user is alfresco
the user in Active directory is alfresco
my domain is test.pt

So, to try the CIFS I did:
smbclient \\\\alfrescoA\\alfresco -U alfresco
and I get Connection to alfrescoA failed (Error NT_STATUS_BAD_NETWORK_NAME)

with:
smbclient \\\\alfrescoA\\alfresco -U test.pt\alfresco
I get: Connection to alfrescoA failed (Error NT_STATUS_BAD_NETWORK_NAME)

I think he cant find the server. If I do:
smbclient \\\\alfresco\\alfresco -U alfresco
he ask me for a password, but not the local machine pass or the AD pass works and I get allways:
session setup failed: NT_STATUS_LOGON_FAILURE

wtf?!
0 Kudos

dward
Champ on-the-rise
Champ on-the-rise

‎09-07-2009 07:29 AM

Please do not swear. I told you the share name has a capital A. And you need to escape or quote backslashes.

Try

smbclient \\\\alfrescoA\\Alfresco -U alfresco
smbclient \\\\alfrescoA\\Alfresco -U test.pt\\alfresco
smbclient \\\\alfresco\\Alfresco -U alfresco
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC