Hyland Connect

lascaux · ‎12-11-2008

Hi,

I successfully setup an installation of Alfresco 3.0 with Kerberos authentication on a Windows 2003 Active Directory. HTTP and CIFS authentication are working perfectly in this environment.

I am trying to perform the same configuration on a Windows 2000 Active Directory, HTTP authentication is working perfectly, but CIFS is not starting at all.

For both of this configuration, I followed the wiki instruction found here : http://wiki.alfresco.com/wiki/Configuring_the_CIFS_and_web_servers_for_Kerberos/AD_integration

The only difference is in the use of ktpass on the windows 2000 AD; I had to use


ktpass -princ cifs/<cifs-server-name>.<domain>@<realm> -pass <password> -mapuser alfrescocifs -crypto DES-CBC-MD5 -ptype KRB5_NT_PRINCIPAL -mapop set +desonly -out c:\temp\alfrescocifs.keytab

ktpass -princ HTTP/<web-server-name>.<domain>@<realm> -pass <password> -mapuser alfrescohttp -crypto DES-CBC-MD5 -ptype KRB5_NT_PRINCIPAL -mapop set +desonly -out c:\temp\alfrescohttp.keytab
‍‍‍‍‍

rather than


ktpass -princ cifs/<cifs-server-name>.<domain>@<realm> -pass <password> -mapuser <domainnetbios>\alfrescocifs -crypto DES-CBC-MD5 -ptype KRB5_NT_PRINCIPAL -mapop set +desonly -out c:\temp\alfrescocifs.keytab

ktpass -princ HTTP/<web-server-name>.<domain>@<realm> -pass <password> -mapuser <domainnetbios>\alfrescohttp -crypto DES-CBC-MD5 -ptype KRB5_NT_PRINCIPAL -mapop set +desonly -out c:\temp\alfrescohttp.keytab
‍‍‍‍‍

in the alfresco.log, the following errors occured :


16:38:15,556 ERROR [org.alfresco.smb.protocol.auth] CIFS Kerberos authenticator error
javax.security.auth.login.LoginException: Client not found in Kerberos database (6)
        at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:696)
        at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:542)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
        at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
        at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
        at org.alfresco.filesys.auth.cifs.EnterpriseCifsAuthenticator.initialize(EnterpriseCifsAuthenticator.java:230)
        at org.alfresco.jlan.smb.server.CIFSConfigSection.setAuthenticator(CIFSConfigSection.java:607)
        at org.alfresco.filesys.ServerConfigurationBean.processCIFSServerConfig(ServerConfigurationBean.java:884)
        at org.alfresco.filesys.ServerConfigurationBean.init(ServerConfigurationBean.java:549)
        at org.alfresco.filesys.ServerConfigurationBean.onApplicationEvent(ServerConfigurationBean.java:3098)
        at org.springframework.context.event.SimpleApplicationEventMulticaster$1.run(SimpleApplicationEventMulticaster.java:77)
        at org.springframework.core.task.SyncTaskExecutor.execute(SyncTaskExecutor.java:49)
        at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:75)
        at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:246)
        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:355)
        at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:244)
        at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:187)
        at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:49)
        at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3764)
        at org.apache.catalina.core.StandardContext.start(StandardContext.java:4216)
        at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
        at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
        at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
        at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:831)
        at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:720)
        at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:490)
        at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1150)
        at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
        at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
        at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
        at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
        at org.apache.catalina.core.StandardService.start(StandardService.java:448)
        at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
        at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
Caused by: KrbException: Client not found in Kerberos database (6)
        at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:66)
        at sun.security.krb5.KrbAsReq.getReply(KrbAsReq.java:449)
        at sun.security.krb5.Credentials.sendASRequest(Credentials.java:406)
        at sun.security.krb5.Credentials.acquireTGT(Credentials.java:355)
        at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:672)
        … 48 more
Caused by: KrbException: Identifier doesn't match expected value (906)
        at sun.security.krb5.internal.KDCRep.init(KDCRep.java:133)
        at sun.security.krb5.internal.ASRep.init(ASRep.java:58)
        at sun.security.krb5.internal.ASRep.<init>(ASRep.java:53)
        at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:50)
        … 52 more
16:38:15,566 ERROR [org.alfresco.smb.protocol] CIFS server configuration error, Failed to login CIFS server service
org.alfresco.error.AlfrescoRuntimeException: Failed to login CIFS server service
        at org.alfresco.filesys.ServerConfigurationBean.processCIFSServerConfig(ServerConfigurationBean.java:1586)
        at org.alfresco.filesys.ServerConfigurationBean.init(ServerConfigurationBean.java:549)
        at org.alfresco.filesys.ServerConfigurationBean.onApplicationEvent(ServerConfigurationBean.java:3098)
        at org.springframework.context.event.SimpleApplicationEventMulticaster$1.run(SimpleApplicationEventMulticaster.java:77)
        at org.springframework.core.task.SyncTaskExecutor.execute(SyncTaskExecutor.java:49)
        at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:75)
        at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:246)
        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:355)
        at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:244)
        at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:187)
        at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:49)
        at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3764)
        at org.apache.catalina.core.StandardContext.start(StandardContext.java:4216)
        at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
        at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
        at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
        at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:831)
        at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:720)
        at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:490)
        at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1150)
        at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
        at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
        at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
        at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
        at org.apache.catalina.core.StandardService.start(StandardService.java:448)
        at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
        at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Does anybody has an idea of what is blocking CIFS to work in the W2K AD environment ???

Best regards

Sylvain

lascaux · ‎12-11-2008

more information from catalina.out


>>> KeyTabInputStream, readName(): DOMAIN.CH
>>> KeyTabInputStream, readName(): cifs
>>> KeyTabInputStream, readName(): alfrescodev.domain.ch
>>> KeyTab: load() entry length: 67; type: 3
Added key: 3version: 1
Ordering keys wrt default_tkt_enctypes list
Config name: /etc/krb5.conf
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
>>> KrbAsReq calling createMessage
>>> KrbAsReq in createMessage
>>> KrbKdcReq send: kdc=fire.domain.ch UDP:88, timeout=30000, number of retries =3, #bytes=161
>>> KDCCommunication: kdc=fire.domain.ch UDP:88, timeout=30000,Attempt =1, #bytes=161
>>> KrbKdcReq send: #bytes read=94
>>> KrbKdcReq send: #bytes read=94
>>> KDCRep: init() encoding tag is 126 req type is 11
>>>KRBError:
         sTime is Thu Dec 11 18:31:02 CET 2008 1229016662000
         suSec is 998681
         error code is 6
         error Message is Client not found in Kerberos database
         realm is DOMAIN.CH
         sname is krbtgt/DOMAIN.CH
         msgType is 30
18:31:03,574 User:System ERROR [smb.protocol.auth] CIFS Kerberos authenticator error
javax.security.auth.login.LoginException: Client not found in Kerberos database (6)
        at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:696)
        at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:542)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)

…

18:31:03,956 User:System INFO  [service.descriptor.DescriptorService] Alfresco started (Enterprise): Current version 3.0.0 (r11498) schema 501 - Installed ve
rsion 3.0.0 (r11498) schema 501
KeyTab instance already exists
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
>>> KrbAsReq calling createMessage
>>> KrbAsReq in createMessage
>>> KrbKdcReq send: kdc=fire.domain.ch UDP:88, timeout=30000, number of retries =3, #bytes=170
>>> KDCCommunication: kdc=fire.domain.ch UDP:88, timeout=30000,Attempt =1, #bytes=170
>>> KrbKdcReq send: #bytes read=651
>>> KrbKdcReq send: #bytes read=651
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> KrbAsRep cons in KrbAsReq.getReply HTTP/alfrescodev.domain.ch
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
KeyTab instance already exists
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
>>> KrbAsReq calling createMessage
>>> KrbAsReq in createMessage
>>> KrbKdcReq send: kdc=fire.domain.ch UDP:88, timeout=30000, number of retries =3, #bytes=170
>>> KDCCommunication: kdc=fire.domain.ch UDP:88, timeout=30000,Attempt =1, #bytes=170
>>> KrbKdcReq send: #bytes read=651
>>> KrbKdcReq send: #bytes read=651
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> KrbAsRep cons in KrbAsReq.getReply HTTP/alfrescodev.domain.ch
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
Dec 11, 2008 6:31:15 PM org.apache.coyote.http11.Http11BaseProtocol start
INFO: Starting Coyote HTTP/1.1 on http-8080
Dec 11, 2008 6:31:15 PM org.apache.jk.common.ChannelSocket init
INFO: JK: ajp13 listening on /0.0.0.0:8009
Dec 11, 2008 6:31:15 PM org.apache.jk.server.JkMain start
INFO: Jk running ID=0 time=0/37  config=null
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

when starting the CIFS server, it reads the config correctly

>>> KeyTabInputStream, readName(): DOMAIN.CH
>>> KeyTabInputStream, readName(): cifs
>>> KeyTabInputStream, readName(): alfrescodev.domain.ch

but finally,it fails …

>>>KRBError:
         sTime is Thu Dec 11 18:31:02 CET 2008 1229016662000
         suSec is 998681
         error code is 6
         error Message is Client not found in Kerberos database
         realm is DOMAIN.CH
         sname is krbtgt/DOMAIN.CH
         msgType is 30

lascaux · ‎12-15-2008

nobody has an idea ?

meansartin14 · ‎01-06-2009

It looks like we have similar environments (except we're using Windows Server 2003 Active Directory and Alfresco Labs 3c) and I am also having this problem.

However, my KrbExceptions look slightly different:

ERROR [org.alfresco.web.app.servlet.KerberosAuthenticationFilter] HTTP Kerberos web filter error
javax.security.auth.login.LoginException: Pre-authentication information was invalid (24)
        at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:696)
        at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:542)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
        at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
        at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
        at org.alfresco.web.app.servlet.KerberosAuthenticationFilter.init(KerberosAuthenticationFilter.java:366)
        at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:221)
        at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:302)
        at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:78)
        at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:3635)
        at org.apache.catalina.core.StandardContext.start(StandardContext.java:4222)
        at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
        at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
        at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
        at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:825)
        at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:714)
        at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:490)
        at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138)
        at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
        at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
        at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
        at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
        at org.apache.catalina.core.StandardService.start(StandardService.java:448)
        at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
        at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
Caused by: KrbException: Pre-authentication information was invalid (24)
        at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:66)
        at sun.security.krb5.KrbAsReq.getReply(KrbAsReq.java:449)
        at sun.security.krb5.Credentials.sendASRequest(Credentials.java:406)
        at sun.security.krb5.Credentials.acquireTGT(Credentials.java:378)
        at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:662)
        … 39 more
Caused by: KrbException: Identifier doesn't match expected value (906)
        at sun.security.krb5.internal.KDCRep.init(KDCRep.java:133)
        at sun.security.krb5.internal.ASRep.init(ASRep.java:58)
        at sun.security.krb5.internal.ASRep.<init>(ASRep.java:53)
        at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:50)
        … 43 more‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Have you resolved your issue?

There seem to be an AWFUL lot of issues with external authentication for CIFS. I hope Alfresco is taking note.

wuff · ‎01-13-2009

The only difference is in the use of ktpass on the windows 2000 AD; I had to use


ktpass -princ cifs/<cifs-server-name>.<domain>@<realm> -pass <password> -mapuser alfrescocifs -crypto DES-CBC-MD5 -ptype KRB5_NT_PRINCIPAL -mapop set +desonly -out c:\temp\alfrescocifs.keytab

ktpass -princ HTTP/<web-server-name>.<domain>@<realm> -pass <password> -mapuser alfrescohttp -crypto DES-CBC-MD5 -ptype KRB5_NT_PRINCIPAL -mapop set +desonly -out c:\temp\alfrescohttp.keytab
‍‍‍‍‍

Just an idea: try to user HOST/<cifs-server-name>…….. instead of cifs/…

meansartin14 · ‎01-13-2009

I have started a thread that I hope to eventually turn into a AlfrescoWiki page for how to configure Active Directory authentication for both CIFS and the Web Interface in Alfresco Labs 3c.

Please see my thread:
[ERROR]Alfresco Engineers: CIFS auth does not work. Sugg?

Please come join in the discussion, or at least subscribe to the thread. I want to try to get everyone having these types of issues into the thread so that we can get a large collection of experiences and configurations.

We WILL find the answer for how to enable Active Directory authentication with CIFS in Alfresco!!

esafonov · ‎09-28-2009

[img]http://imghost.urbantrip.net/pics2/cf2bb5d1a68ca2616789c6c476481ea3.jpg[/img]
Hi, friends. I have configured Alfresco 3.2 Community as written in http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems,
and first run I had the similar errors. As shown at Wireshark trace, Alfresco (or JAVA) tries to use incorrect Kerberos setup.
It help me to find that i need to edit a file /usr/java/jdk1.6.0_06/jre/java.login.config for correct values.

ssaravanan · ‎02-18-2010

Using Alfresco 3.0 d community edition, using passthru authentication against AD
keeps throwing the following error
11:16:57,789 User:xxxxx ERROR [smb.protocol.auth] Error during passthru authentication
java.lang.RuntimeException: Error during execution of transaction.
        at org.alfresco.filesys.auth.cifs.CifsAuthenticatorBase.getHomeFolderForUser(CifsAuthenticatorBase.java:208)
        at org.alfresco.filesys.auth.cifs.AlfrescoCifsAuthenticator.doPassthruUserAuthentication(AlfrescoCifsAuthenticator.java:517)
        at org.alfresco.filesys.auth.cifs.AlfrescoCifsAuthenticator.authenticateUser(AlfrescoCifsAuthenticator.java:185)
        at org.alfresco.jlan.server.auth.CifsAuthenticator.processSessionSetup(CifsAuthenticator.java:572)
        at org.alfresco.jlan.smb.server.NTProtocolHandler.procSessionSetup(NTProtocolHandler.java:396)
        at org.alfresco.jlan.smb.server.NTProtocolHandler.runProtocol(NTProtocolHandler.java:213)
        at org.alfresco.jlan.smb.server.SMBSrvSession.processPacket(SMBSrvSession.java:1427)
        at org.alfresco.jlan.smb.server.nio.NIOCIFSThreadRequest.runRequest(NIOCIFSThreadRequest.java:105)
        at org.alfresco.jlan.server.thread.ThreadRequestPool$ThreadWorker.run(ThreadRequestPool.java:141)
        at java.lang.Thread.run(Thread.java:619)
Caused by: javax.transaction.RollbackException: The transaction has already been marked for rollback
        at org.alfresco.util.transaction.SpringAwareUserTransaction.commit(SpringAwareUserTransaction.java:429)
        at org.alfresco.filesys.auth.cifs.CifsAuthenticatorBase.getHomeFolderForUser(CifsAuthenticatorBase.java:188)

ssaravanan · ‎02-23-2010

It kind of looks like, when users have CIFS mounted as network drive on their windows box,
even though they don't access the drive, windows tries to authenticate, which causes this
exception, but no idea whether thats the reason, as I'm not aware of CIFS protocol much

shelly_172 · ‎06-01-2012

I am trying to implement SSO using JAAS and GSS API with Apache DS and Kerberos. I did the following steps-

1. Setup the KDC using Apache DS 1.5.1 and Apache Directory Studio 1.5.3
2. Created a JAAS config file with below details-
GSSClient{
com.sun.security.auth.module.Krb5LoginModule required
useTicketCache=false;
};
GSSServer{
com.sun.security.auth.module.Krb5LoginModule required
storeKey=true;
};
3. Created Server and Client classes
4. Ran server using the main method
5. When I try to run the server code I get a timeout exception-
>>> KrbAsReq in createMessage
>>> KrbKdcReq send: kdc=localhost UDP:88, timeout=30000, number of retries =3, #bytes=238
>>> KDCCommunication: kdc=localhost UDP:88, timeout=30000,Attempt =1, #bytes=238
SocketTimeOutException with attempt: 1
>>> KDCCommunication: kdc=localhost UDP:88, timeout=30000,Attempt =2, #bytes=238
SocketTimeOutException with attempt: 2
>>> KDCCommunication: kdc=localhost UDP:88, timeout=30000,Attempt =3, #bytes=238

I need to urgently work on the SSO implementation and I am completely stuck and need advise. Please help.

Thanks.

Hyland Connect

Alfresco 3.0 Enterprise, CIFS & Kerberos