Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AD Passthru Authentication - 3.4

wtrippler
Champ in-the-making
Champ in-the-making

‎10-27-2010 02:24 PM

I have installed version 3.4 and cannot get the AD authentication/passthru to work properly.

I continually receive the following error when launching Alfresco Explorer

net.sf.acegisecurity.AuthenticationServiceException: Failed to open passthru auth session
at org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.authenticatePassthru(NTLMAuthenticationComponentImpl.java:783)
at org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.authenticate(NTLMAuthenticationComponentImpl.java:554)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:107)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
at $Proxy227.authenticate(Unknown Source)
at org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter.processType1(BaseNTLMAuthenticationFilter.java:372)
at org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter.authenticateRequest(BaseNTLMAuthenticationFilter.java:278)
at org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter.doFilter(BaseSSOAuthenticationFilter.java:132)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:103)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
at $Proxy240.doFilter(Unknown Source)
at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:82)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:859)
at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:579)
at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1555)
at java.lang.Thread.run(Thread.java:619)
Labels:
0 Kudos
23 REPLIES 23

imad77
Champ in-the-making
Champ in-the-making

‎10-27-2010 03:28 PM

I have installed version 3.4 and cannot get the AD authentication/passthru to work properly.

I continually receive the following error when launching Alfresco Explorer

net.sf.acegisecurity.AuthenticationServiceException: Failed to open passthru auth session
at org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.authenticatePassthru(NTLMAuthenticationComponentImpl.java:783)
at org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.authenticate(NTLMAuthenticationComponentImpl.java:554)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:107)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
at $Proxy227.authenticate(Unknown Source)
at org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter.processType1(BaseNTLMAuthenticationFilter.java:372)
at org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter.authenticateRequest(BaseNTLMAuthenticationFilter.java:278)
at org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter.doFilter(BaseSSOAuthenticationFilter.java:132)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:103)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
at $Proxy240.doFilter(Unknown Source)
at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:82)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:859)
at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:579)
at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1555)
at java.lang.Thread.run(Thread.java:619)

Hi,

You should do 2 things:

vi /opt/alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/passthru/passthru-authentication-context.properties
passthru.authentication.useLocalServer=false
passthru.authentication.domain=tata
passthru.authentication.servers=tata\\192.168.1.13
passthru.authentication.guestAccess=false
passthru.authentication.defaultAdministratorUserNames=administrator
#Timeout value when opening a session to an authentication server, in milliseconds
passthru.authentication.connectTimeout=5000
#Offline server check interval in seconds
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=NetBIOS,TCPIP
passthru.authentication.authenticateCIFS=true
passthru.authentication.authenticateFTP=true


You should add this line in this file:
vi /opt/alfresco-3.3.3/tomcat/shared/classes/alfresco-global.properties

authentication.chain=alfrescoNtlm1:alfrescoNtlm,passthru1Smiley Tongueassthru

create the following folders tomcat/shared/classes/alfresco/extension/subsytems/Authenication/passthru/passthru1/
and copy the files tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/passthru/*.properties to the above folder.
Now edit the file tomcat/shared/classes/alfresco/extension/subsytems/Authenication/passthru/passthru1/passthru-authentication-context.properties

restart the Alfresco services.
0 Kudos

aman
Champ in-the-making
Champ in-the-making

‎11-02-2010 05:04 PM

BTW - you can put all of the above recommended settings in the alfresco-global.properties file - you don't need to create all those folders and go copying files around….  I've got 3.4b + AD + LDAP sync + Passthru + CIFS working on a W2K3 server, and the only file I've needed to edit is  alfresco-global.properties.   Good work team Alfresco!  Smiley Tongue
cheers,
Aman
0 Kudos

tgchen
Champ in-the-making
Champ in-the-making

‎11-04-2010 05:29 PM

Hi Can you post how you did it by just editting the global properties ?

THank you
0 Kudos

wtrippler
Champ in-the-making
Champ in-the-making

‎11-08-2010 11:07 AM

How can I download 3.4b, it seems like things work much better in b versus a
0 Kudos

misstina_sm
Champ in-the-making
Champ in-the-making

‎11-09-2010 08:07 AM

hi you can download it from here:

http://dev.alfresco.com/downloads/nightly/dist/
cheers,Tina
0 Kudos

imad77
Champ in-the-making
Champ in-the-making

‎11-09-2010 01:53 PM

BTW - you can put all of the above recommended settings in the alfresco-global.properties file - you don't need to create all those folders and go copying files around….  I've got 3.4b + AD + LDAP sync + Passthru + CIFS working on a W2K3 server, and the only file I've needed to edit is  alfresco-global.properties.   Good work team Alfresco!  Smiley Tongue
cheers,
Aman


Hi Aman,

Can you share your experience? can you give us an example about your modified files?

Thanks,

Imad
0 Kudos

imad77
Champ in-the-making
Champ in-the-making

‎11-09-2010 02:50 PM

BTW - you can put all of the above recommended settings in the alfresco-global.properties file - you don't need to create all those folders and go copying files around….  I've got 3.4b + AD + LDAP sync + Passthru + CIFS working on a W2K3 server, and the only file I've needed to edit is  alfresco-global.properties.   Good work team Alfresco!  Smiley Tongue
cheers,
Aman


Hi Aman,

It is not true, I installed 3.4b version and I have to configure files in this directory:

tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/ldap-ad/*
tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/passthru/*

If you have any other suggestion, can you share it please^

Thanks,

Imad
0 Kudos

aman
Champ in-the-making
Champ in-the-making

‎11-09-2010 03:50 PM

OK, here we have it.  Just add the following lines to the alfresco-global.properties file on a W2K3 server (domain member) fresh install of 3.4b, substituting the correct values for your environment, and you should get:
    - User/group syncing from AD
    - Passthru authentication against the domain - note not SSO - you are prompted for your password
    - Still able to login as alfresco admin with local password
    - CIFS (SSO) access for XP clients in the domain
    - Share and RM access and authentication passthru
    - FTP + IMAP
Other stuff I did:
    - added ${servername} and ${servername}A to DNS (provided by the AD domain controller)
    - Enabled Windows File and Print services (CIFS doesn't work if I turn this off! - very strange - I *had* to turn this off in 3.3 to get CIFS working!)
Other stuff I did while trying to get 3.4a working, that I found in the forums, but I don't think made any difference in the end to 3.4b (i.e. only do if you have problems)
    - In registry, set \\HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\NetBT\Parameters\SMBDeviceEnabled=0
    - In Local Security Policy:Network Security:LAN Manager Authentication Level - set to "Send LM & NTLM - use NTLMv2 session security if negotiated"
    - added (literally - yes, a bogus IP address!) "3.1.1.1 myserverA" to C:\WINDOWS\systems32\drivers\etc\hosts
I repeat - the only Alfresco properties or config file I've changed is alfresco-global.properties - here are the lines I added:

filesystem.name=Alfresco
cifs.enabled=true
cifs.serverName=DOCSERVER1A
cifs.domain=
cifs.broadcast=255.255.255.255
cifs.disableNativeCode=false
ftp.enable=true
imap.server.enable=true
authentication.chain=passthru1:passthru,alfrescoNtlm1:alfrescoNtlm,ldap1:ldap-ad
ntlm.authentication.sso.enabled=false
alfresco.authentication.allowGuestLogin=true
alfresco.authentication.authenticateCIFS=false
passthru.authentication.useLocalServer=false
passthru.authentication.domain=COMPANY
passthru.authentication.servers=COMPANY\\ad1,ad1
passthru.authentication.guestAccess=true
passthru.authentication.defaultAdministratorUserNames=aman
passthru.authentication.connectTimeout=5000
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=NetBIOS,TCPIP
passthru.authentication.authenticateCIFS=true
passthru.authentication.authenticateFTP=true
# If you set the following to true, accounts are only created when they login, rather than being imported
# from LDAP all at once.  The downside with having them be created at first login is that (for some
# reason) you can't subsequently modify the account in Alfresco.
synchronization.authCreatePeopleOnLogin=false
ldap.authentication.active=false
ldap.synchronization.active=true
ldap.authentication.java.naming.provider.url=ldap://ad1:389
ldap.synchronization.java.naming.security.principle=searchUser@COMPANY
ldap.synchronization.java.naming.security.credentials=secretPassword
ldap.synchronization.groupSearchBase=OU\=Groups,DC\=company,DC\=org,DC\=nz
ldap.synchronization.userSearchBase=OU\=People,DC\=company,DC\=org,DC\=nz

Good luck!
Aman
0 Kudos

aman
Champ in-the-making
Champ in-the-making

‎11-09-2010 03:53 PM

BTW - you can put all of the above recommended settings in the alfresco-global.properties file - you don't need to create all those folders and go copying files around….  I've got 3.4b + AD + LDAP sync + Passthru + CIFS working on a W2K3 server, and the only file I've needed to edit is  alfresco-global.properties.   Good work team Alfresco!  Smiley Tongue
cheers,
Aman


Hi Aman,

It is not true, I installed 3.4b version and I have to configure files in this directory:

tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/ldap-ad/*
tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/passthru/*

If you have any other suggestion, can you share it please^

Thanks,

Imad

It is true!  See above…
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC