Hyland Connect

blentz · ‎09-23-2006

I've tried following the steps outlined in http://wiki.alfresco.com/wiki/Configuring_NTLM and no matter how hard I try to enter in my domain name and enter the IP addresses (or hostnames) of my Active Directory servers, it always throws an exception: "Failed to find domain controller or browse master for domainname"

A tcpdump on the system shows broadcasts being sent, and replies back, but the error never varies.

Trying a different approach, I've configured jaas-kerberos authentication according to http://wiki.alfresco.com/wiki/Enterprise_Security_and_Authentication_Configuration and each time I try /that/, I get a different exception: "File server configuration error, Wrong authentication setup for alfresco authenticator"

After searching for this error on the wiki, I find references to the LDAP synchronization stuff, and I'm assuming I'm not there yet. Shouldn't kerberos ticketing (e.g. kinit) stuff work independant of ldap? A tcpdump in this type of configuration shows no attempt to connect to any of my domain controllers via port 88.

I'm so horribly confused. Do I want JAAS, NTLM, LDAP, or PassThru? Or a combination of any two? Or three?

Does anyone have this working in the real world who can provide an example of what they've modified in thier configs to get it to work? The forums and the wiki are sending me in every direction, and each one is a dead end.

All my "normal" stuff like kinit, and ldapsearch with SASL GSSAPI (e.g. no password, authenticated connection to LDAP via kerberos ticket) all works perfectly from the shell against my Active Directory, so it can't be a system configuration or Active Directory problem.

blentz · ‎09-23-2006

The LDAP stuff works, but I still get the error "File server configuration error, Wrong authentication setup for alfresco authenticator". I'd love for someone to help me get this one resolved.

JAAS still broken.
NTLM still broken.

None of the LDAP synchronziation stuff works, either. When I modify scheduled-jobs-context.xml and add the triggers according to http://wiki.alfresco.com/wiki/Enterprise_Security_and_Authentication_Configuration#LDAP_People_synch..., things blow up. The file says "Triggers should not appear here" yet the Enterprise Security doc gives an example doing exactly that. I get errors like "Error creating bean with name 'ftsIndexerTrigger' defined in class path resource" when I try this.

andy · ‎09-26-2006

Hi

See

config\alfresco\extension\ldap-authentication-context.xml.sample

You should use this example to set up LDAP.
There are other examples for NTLM and JAAS.

The example includes registration with the scheduler - which you will have to uncomment. There is no reason to change scheduled-jobs-context.xml with 1.3 and above. However, your error suggests there is something wrong with the changes you have made to this file.

"File server configuration error, Wrong authentication setup for alfresco authenticator". This is not terminal - this means the authentication system will not support CIFS. Not all do. Only Alfresco and PassThru do unless CIFS is configured to use Kerberos on Windows.

What you need to configure for authentication depends on what you want to do.

The wiki docs are due for updating in the next few weeks foe 1.4. JAAS, NTLM, LDAP, or PassThru all work when configured correctly.

Regards

Andy

blentz · ‎10-03-2006

What about kerberos on linux? Why doesn't that work?

andy · ‎10-10-2006

Hi

You can use JAAS/Kerberos authentication on linux and against a linux Kerberos server. The default kerberos/JAAS implementation should be fine. If not, you can use any other Kerberos JAAS provider. The question is "Does you client support Kerberos tickets?". Which it will, if it is IE.

You need to set Kerberos up and configure it. Single sign on against a non active directory/windows configuration is another issue. I believe it is possible but I (personally not we Alfresco) have not set it up and tested it. The client application is import.

If you are still having trouble I suggest you get in touch with Support
http://www.alfresco.com/services/support

There are many people authenticating against AD and extacting users and groups from AD using LDAP.

Regards

Andy

prajjwal · ‎07-02-2007

Hi,

I noticed that this post is quite old. Still, as I was getting the same kind of problem, and had to troubleshoot the issue for some time to get the 'domain controller not found' error gone, I am posting here, hoping it might be useful. (I am still troubleshooting– I am getting a 'Passthru server list already configured' error now on Alfresco 2.0, but I am still trying to fix that one).

When I got the domain controller not found error, I did a tcpdump on my interfaces and noticed that netbios broadcasts were being sent to the loopback interface. Changing the /etc/hosts to map the public ip address of the server to the hostname (alfresco.mytestdomain.com), I was able to get rid of the first error. Previously, alfresco.mytestdomain.com was mapped to 127.0.0.1 in /etc/hosts, which is why broadcasts were being sent to the loopback interface only, and I was getting the domain controller not found issue.

meansartin14 · ‎01-13-2009

I have started a thread that I hope to eventually turn into a AlfrescoWiki page for how to configure Active Directory authentication for both CIFS and the Web Interface in Alfresco Labs 3c.

Please see my thread:
[ERROR]Alfresco Engineers: CIFS auth does not work. Sugg?

Please come join in the discussion, or at least subscribe to the thread. I want to try to get everyone having these types of issues into the thread so that we can get a large collection of experiences and configurations.

We WILL find the answer for how to enable Active Directory authentication with CIFS in Alfresco!!

Hyland Connect

Active Directory Integration: Seriously very broken