Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Active directory users login on alfresco

carlosdms
Champ in-the-making
Champ in-the-making

‎03-31-2011 12:07 PM

Hello All,

I havent found information about this issue many times but I have never found nothing clear about this issue.

I have successfully integrate Alfresco with Active Directory using passthru and SSO, so I can login now on alfresco using my AD user with no issue. My AD user have administrator permissions and is able to "log in all workstations" within the domain. The problem comes when I restrict access to a user to log just to several workstations, then they can´t login in alfresco, they only can login on alfresco if I allow them to "login in all workstations" in AD. I have tried restricting access to the PDC, the SDC, the alfresco server and it´s own workstation but no luck neither.

Is it possible to restrict access in some way?

Any help will be much appreciated!

Carlos.
Labels:
0 Kudos
8 REPLIES 8

carlosdms
Champ in-the-making
Champ in-the-making

‎04-05-2011 06:34 AM

Researching I have noticed this is something related with netbios, but I´ll check for configuration available to make this to work.

Again, if you have any docs or any tip about how to configure this will be much appreciated.

Thanks,

Carlos.
0 Kudos

carlosdms
Champ in-the-making
Champ in-the-making

‎04-13-2011 10:59 AM

Ok, maybe I didnt explain myself too well…

In my company we restrict access to workstations changing properties in the user accounts, so basically each user can login to some authorized workstations. This feature requieres NetBIOS and when is not used, which means, I authorize a user to access all workstations in the domain, they can access alfresco as well. If I set, for example, the alfresco server, the user workstation and the domain controller, which are I guess the computers who exchange credentials, the user can´t access alfresco.

Im using ntlm as authentication method, so I dont know if this feature is enabled or if have to add an extra line and what is. Please let me know if Im totally wrong with the authentication method Im using.

This is my passthru-authentication-context file:

passthru.authentication.useLocalServer=false
passthru.authentication.domain=MYDOMAIN.COM
passthru.authentication.servers=MYDOMAIN\\pdc
passthru.authentication.guestAccess=true
#Timeout value when opening a session to an authentication server, in milliseconds
passthru.authentication.connectTimeout=5000
#Offline server check interval in seconds
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=NetBIOS,TCPIP
passthru.authentication.authenticateCIFS=true
passthru.authentication.authenticateFTP=false
passthru.authentication.defaultAdministratorUserNames=administrator

Thanks again,

Carlos.
0 Kudos

mshatski
Champ in-the-making
Champ in-the-making

‎04-19-2011 09:58 AM

I'm having the exact same problem as Carlos, can anybody shed a light on this?

Thanks
0 Kudos

alfrescolove
Champ in-the-making
Champ in-the-making

‎04-27-2011 11:37 AM

carlosdms and mshatski,

I have passthru/AD working but I can't get SSO to work. Question - To get SSO to work for passthru authentication did you have to make configurations to the client browser?  If yes, what did you do? I assumed that in Internet Explorer that I was supposed to insert the alfresco server address into the list of trusted sites.  

I do not have rights to change the list of trusted sites for my development machine.  I must put in a request.
0 Kudos

carlosdms
Champ in-the-making
Champ in-the-making

‎04-27-2011 11:56 AM

SSO works with no extra configuration using windows XP but it does not using vista/7. Im sorry I can´t help with that.

If you use XP an firefox this will help:
- Type
about:config
as URL.
- Seek for this line:
network.automatic-ntlm-auth.trusted-uris
and add your alfresco URL .
0 Kudos

mshatski
Champ in-the-making
Champ in-the-making

‎05-09-2011 11:58 AM

alfrescoLove,

yes, for SSO in our company, in IE, we had to add the alfresco URL to our list of trusted sites.


I really need an answer on Carlos original issue, that is happening also to me.
Giving all users access to all computers is not an option in my organization and this is a decisive issue that will turn the scale towards Sharepoint Server for my company's decision makers…
I don't really want to see that happen, so pls help!
0 Kudos

carlosdms
Champ in-the-making
Champ in-the-making

‎07-14-2011 10:19 AM

I still haven´t found a solution for this.

Any ideas?
0 Kudos

mrogers
Star Contributor
Star Contributor

‎07-14-2011 11:38 AM

carlosdms, If you can log on with XP but not Windows 7, then its probably due to trying to use NLTMv2.  
See this thread: http://forums.alfresco.com/en/viewtopic.php?f=9&t=34658
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC