Hyland Connect

wtrippler · ‎10-27-2010

I have installed version 3.4 and cannot get the AD authentication/passthru to work properly.

I continually receive the following error when launching Alfresco Explorer

net.sf.acegisecurity.AuthenticationServiceException: Failed to open passthru auth session
at org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.authenticatePassthru(NTLMAuthenticationComponentImpl.java:783)
at org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.authenticate(NTLMAuthenticationComponentImpl.java:554)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:107)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
at $Proxy227.authenticate(Unknown Source)
at org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter.processType1(BaseNTLMAuthenticationFilter.java:372)
at org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter.authenticateRequest(BaseNTLMAuthenticationFilter.java:278)
at org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter.doFilter(BaseSSOAuthenticationFilter.java:132)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:103)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
at $Proxy240.doFilter(Unknown Source)
at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:82)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:859)
at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:579)
at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1555)
at java.lang.Thread.run(Thread.java:619)

imad77 · ‎11-11-2010

BTW - you can put all of the above recommended settings in the alfresco-global.properties file - you don't need to create all those folders and go copying files around…. I've got 3.4b + AD + LDAP sync + Passthru + CIFS working on a W2K3 server, and the only file I've needed to edit is alfresco-global.properties. Good work team Alfresco!
cheers,
Aman

Hi Aman,

It is not true, I installed 3.4b version and I have to configure files in this directory:

tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/ldap-ad/*
tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/passthru/*

If you have any other suggestion, can you share it please^

Thanks,

Imad

It is true! See above…

Hi Aman,

I use a RedhAt server for Alfresco server and not W2k3. I tried to edit only alfresco-global.properties and put the required information. But it does not work.

Imad

angra · ‎11-11-2010

I'm also having problem with this configuration.

It would be nice if you explain some of the key lines to us so we can figure out what is wrong with our server.

Thank you in advance.

baltun · ‎11-11-2010

At last! It starts to authorise by AD LDAP! Thank you very much!

But in the alfresco web-client user management panel I don't see any AD users. How can I know does synchronization works and when it should begins to import users and groups from AD?

Second question: It will import all users and groups or I can manage what groups and users to import? How?

Is it possible to set SSO same way?

angra · ‎11-11-2010

baltum, please share what you did with us.

I changes some lines from aman´s code:

cifs.serverName = REC-SAD02 (MY DOMAIN CONTROLER)
passthru.authentication.domain=EBBA (MY DOMAIN)
passthru.authentication.servers=EBBA\\REC-SAD02,RECSAD02 (twice to look exatcly aman´s code)
passthru.authentication.defaultAdministratorUserNames=cpd-rafael (my domain logon)

based on my informations, what else should i change to get my ad authentication working?

Thank you in advance.

angra · ‎11-12-2010

Ok, my AD Authentication is working. Alfresco now reconizes both local and remote users. But:

I still got this error in my sdtout logs:

09:25:14,063 User

ystem INFO [security.sync.ChainingUserRegistrySynchronizer] Retrieving all groups from user registry 'ldap1'
09:25:14,095 User

ystem ERROR [security.sync.ChainingUserRegistrySynchronizer] Synchronization aborted due to error
org.alfresco.repo.security.authentication.AuthenticationException: 10120000 LDAP authentication failed.

And i cant list my users and groups inside alfresco.

Any tip??

Thanks

angra · ‎11-12-2010

At last! It starts to authorise by AD LDAP! Thank you very much!

But in the alfresco web-client user management panel I don't see any AD users. How can I know does synchronization works and when it should begins to import users and groups from AD?

Second question: It will import all users and groups or I can manage what groups and users to import? How?

Is it possible to set SSO same way?

If you got the same errors that i do, i think we have the same problems too

angra · ‎11-12-2010

Ok, i just found that im missing something in these 4 lines:


ldap.synchronization.java.naming.security.principle=cpd-rafael,dc=ebba
ldap.synchronization.java.naming.security.credentials=********
ldap.synchronization.groupSearchBase=OU\=Groups,DC\=ebba,DC\=org,DC\=nz
ldap.synchronization.userSearchBase=OU\=Users,DC\=ebba,DC\=org,DC\=nz
‍‍‍‍‍‍

I know that i could use this one too:


ldap.authentication.java.naming.security.authentication=SIMPLE
‍‍‍

Let me share my informations:

Admin: cpd-rafael
Domain: EBBA
Domain Controler: REC-SAD02

Please, im just missing this configuration to get my alfresco on the run

Thank you in advance.

angra · ‎11-16-2010

After spending my weekend and the holyday with the problem, i really dont know what to do anymore.

Everything seems to fit, but i just keep getting this error in my logs:

[LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db0 ]

I checked the internet for informations about it, and all i could find was here:

http://primalcortex.wordpress.com/2007/11/28/active-directory-ldap-errors/

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 52e, v893
HEX: 0x52e – invalid credentials
DEC: 1326 – ERROR_LOGON_FAILURE (Logon failure: unknown user name or bad password.)
NOTE: Returns when username is valid but password/credential is invalid. Will prevent most other errors from being displayed as noted.

The thing is that i changed my principal to a wrong username and it still gives the same error.

I Have tried a lot of examples from the forum but none of them worked.

Can some good soul please enlight me about this issue?

Thanks,

imad77 · ‎11-17-2010

After spending my weekend and the holyday with the problem, i really dont know what to do anymore.

Everything seems to fit, but i just keep getting this error in my logs:

[LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db0 ]

I checked the internet for informations about it, and all i could find was here:

http://primalcortex.wordpress.com/2007/11/28/active-directory-ldap-errors/

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 52e, v893
HEX: 0x52e – invalid credentials
DEC: 1326 – ERROR_LOGON_FAILURE (Logon failure: unknown user name or bad password.)
NOTE: Returns when username is valid but password/credential is invalid. Will prevent most other errors from being displayed as noted.

The thing is that i changed my principal to a wrong username and it still gives the same error.

I Have tried a lot of examples from the forum but none of them worked.

Can some good soul please enlight me about this issue?

Thanks,

Hi Angra,

Can you give your configuration files and their path? and their content?

we can check what is wrong with your config.

Imad

angra · ‎11-18-2010

Sure,

I have an out-of-the-box community instalation, in a Windows XP machine.

The Alfresco is instaled with default setting and files, including the instalation directory (C:\Alfresco).

I did nothing but what i wrote in the messages above. I can reinstal Alfresco if it is needed.

Thanks.

Hyland Connect

AD Passthru Authentication - 3.4