Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Enterprise Platforms
- Alfresco
- Alfresco Archive
- Re: Active Directory - Kerberos
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Active Directory - Kerberos
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-26-2009 12:15 PM
Hello all.
I've successfully setup 'Active Directory - Kerberos' to authenticate users. CIFS access / authenication works with the client computers are running Windows XP, but not Windows 2000. I get the following debug message when a Windows 2000 clients attempts access:
Sadly, I still have Windows 2000 clients and will until end-of-life support for that OS. Can anyone explain to me how to either setup MD4 password support in Alfresco or setup Windows 2000 to not default to using MD4? Seems if I use Internet Explorer on Windows 2000 machines to access Alfresco Explorer, all is good. Just when I'm using Windows Explorer it uses MD4 hashes.
Also experiencing issues where users can login once, and if they try to access Alfresco via CIFS later that same day, they can't. I captured the following stack trace. This is the first time I've seen this one, even though we experience this issue on an ongoing basis.
How do I fix or work-around this issue? I'm thinking I'm missing some configuration.
Best,
Ben
I've successfully setup 'Active Directory - Kerberos' to authenticate users. CIFS access / authenication works with the client computers are running Windows XP, but not Windows 2000. I get the following debug message when a Windows 2000 clients attempts access:
12:02:31,702 WARN [smb.protocol.auth] Authentication component does not support MD4 password hashesSadly, I still have Windows 2000 clients and will until end-of-life support for that OS. Can anyone explain to me how to either setup MD4 password support in Alfresco or setup Windows 2000 to not default to using MD4? Seems if I use Internet Explorer on Windows 2000 machines to access Alfresco Explorer, all is good. Just when I'm using Windows Explorer it uses MD4 hashes.
Also experiencing issues where users can login once, and if they try to access Alfresco via CIFS later that same day, they can't. I captured the following stack trace. This is the first time I've seen this one, even though we experience this issue on an ongoing basis.
10:32:54,115 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup SPNEGO, MID=31307, UID=0, PID=65279
10:32:54,117 DEBUG [org.alfresco.smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=950,Authenticator=EncType=3,Kvno=-1,Len=176]
10:32:54,117 DEBUG [org.alfresco.smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
10:32:54,123 DEBUG [org.alfresco.smb.protocol.auth] Using OID MS Kerberos5 for NegTokenTarg
10:32:54,124 DEBUG [org.alfresco.smb.protocol.auth] Created NegTokenTarg using updated AP-REP, added subkey
10:32:54,124 DEBUG [org.alfresco.smb.protocol.auth] Machine account logon, PRS-NDICKINSON$, as null logon
10:32:54,124 DEBUG [org.alfresco.smb.protocol.auth] Logged on using Kerberos, user PRS-NDICKINSON$
10:32:54,127 DEBUG [org.alfresco.smb.protocol.auth] User logged on (type Null)
10:32:54,127 DEBUG [org.alfresco.smb.protocol.auth] Allocated UID=2 for VC=[1:2,[:null,Windows 2002 Service Pack 3 2600,Windows 2002 5.1],Tree=0,Searches=0]
10:34:15,824 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup SPNEGO, MID=38064, UID=0, PID=65279
10:34:15,825 DEBUG [org.alfresco.smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=1006,Authenticator=EncType=3,Kvno=-1,Len=168]
10:34:15,825 DEBUG [org.alfresco.smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
10:34:15,831 DEBUG [org.alfresco.smb.protocol.auth] Using OID MS Kerberos5 for NegTokenTarg
10:34:15,832 DEBUG [org.alfresco.smb.protocol.auth] Created NegTokenTarg using updated AP-REP, added subkey
10:34:15,833 DEBUG [org.alfresco.smb.protocol.auth] Logged on using Kerberos, user ndickinson
10:34:15,837 DEBUG [org.alfresco.smb.protocol.auth] User ndickinson@MYDOMAIN.CA logged on (type Normal)
10:34:15,838 DEBUG [org.alfresco.smb.protocol.auth] Allocated UID=0 for VC=[0:0,[ndickinson@MYDOMAIN.CA:null,Windows 2002 Service Pack 3 2600,Windows 2002 5.1],Tree=0,Searches=0]
10:34:40,887 ERROR [org.alfresco.util.transaction.SpringAwareUserTransaction.trace] UserTransaction being garbage collected without a commit() or rollback().
Started at:
org.alfresco.util.transaction.SpringAwareUserTransaction.begin(SpringAwareUserTransaction.java:389)
org.alfresco.filesys.alfresco.AlfrescoDiskDriver.beginTransaction(AlfrescoDiskDriver.java:332)
org.alfresco.filesys.alfresco.AlfrescoDiskDriver.beginWriteTransaction(AlfrescoDiskDriver.java:180)
org.alfresco.filesys.repo.ContentDiskDriver.closeFile(ContentDiskDriver.java:1822)
org.alfresco.jlan.smb.server.VirtualCircuit.closeCircuit(VirtualCircuit.java:474)
org.alfresco.jlan.smb.server.SMBSrvSession.cleanupSession(SMBSrvSession.java:349)
org.alfresco.jlan.smb.server.SMBSrvSession.run(SMBSrvSession.java:1302)
java.lang.Thread.run(Thread.java:595)
How do I fix or work-around this issue? I'm thinking I'm missing some configuration.
Best,
Ben
Labels:
- Labels:
-
Archive
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-26-2009 03:49 PM
With Windows 2000 clients you can only use NTLM pass through authentication. That too is prone issues. Sorry.
Related Content
- ldapS configuration for samba-ad in Alfresco Forum
- Authentication and synchronisation of Alfresco 23 with Active Directory in Alfresco Forum
- Alfresco Community Edition 23.2 Release Notes in Alfresco Blog
- Active Directory LDAP being polled by Alfresco millions of times per day in Alfresco Forum
- How to Switch from LDAP to Active DIrectory for Authentication in Alfresco Forum
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
