Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Enterprise Platforms
- Alfresco
- Alfresco Archive
- Re: Alfresco user/pw must match AD user/pw for Map...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Alfresco user/pw must match AD user/pw for Map Network Drive
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-16-2008 06:00 AM
My end-users are using Windows XP Professional PCs and the Alfresco Community Labs 3c application is hosted on a RHEL 5.2 server. Each of the end-user Windows XP PCs are tied to Microsoft's Active Directory for user authentication during login.
Alfresco is not tied to our Active Directory setup in any way (that I am aware of). Yet, when I attempt to use the 'Map Network Drive…' function from any of the Windows XP Professional PCs, the only way this action will succeed is if the Alfresco username/password exactly matches the user's Active Directory username/password.
I don't even know where to begin diagnosing this issue. I have no idea why the Alfresco username/password would need to be identical to the Active Directory username/password. No attempt has been made to do any sort of synchronized user authentication between the two areas (Active Directory and Alfresco).
Does anyone have ANY idea why this would be? I would greatly appreciate any helpful advice or suggestions you may have. Thanks in advance!!
Alfresco is not tied to our Active Directory setup in any way (that I am aware of). Yet, when I attempt to use the 'Map Network Drive…' function from any of the Windows XP Professional PCs, the only way this action will succeed is if the Alfresco username/password exactly matches the user's Active Directory username/password.
I don't even know where to begin diagnosing this issue. I have no idea why the Alfresco username/password would need to be identical to the Active Directory username/password. No attempt has been made to do any sort of synchronized user authentication between the two areas (Active Directory and Alfresco).
Does anyone have ANY idea why this would be? I would greatly appreciate any helpful advice or suggestions you may have. Thanks in advance!!
Labels:
- Labels:
-
Archive
28 REPLIES 28
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-05-2009 02:04 PM
Hi,
I think you may have to review your config once more, there is a null pointer exception in your log.
Pay particular attention to your realms being in uppercase.
This is what it would look like (or similar) if your authentication works
https://svn.alfresco.com/repos/alfresco-open-mirror/alfresco/HEAD/root/projects/repository/source/ja...
I would also research if windows is at fault here, try googling "windows null sessions", gives some interesting stuff that may take you closer to solving this.
I think you may have to review your config once more, there is a null pointer exception in your log.
Pay particular attention to your realms being in uppercase.
This is what it would look like (or similar) if your authentication works
14:25:48,221 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup SPNEGO,MID=24, UID=0, PID=65279
14:25:48,221 DEBUG [org.alfresco.smb.protocol.auth] Kerberos AP-REQ -[AP-REQ:APOptions=MutualAuth ,Ticket=Len=1423,Authenticator=EncType=3,Kvno=-1,Len=168]
14:25:48,221 DEBUG [org.alfresco.smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
14:25:48,226 DEBUG [org.alfresco.smb.protocol.auth] Using OID MS Kerberos5 for NegTokenTarg
14:25:48,227 DEBUG [org.alfresco.smb.protocol.auth] Created NegTokenTarg using updated AP-REP, added subkey
14:25:48,243 DEBUG [org.alfresco.smb.protocol.auth] Logged on using Kerberos,user xyz
14:25:48,245 DEBUG [org.alfresco.smb.protocol.auth] User xyz@SAMPLE.SE logged on (type Normal)
14:25:48,245 DEBUG [org.alfresco.smb.protocol.auth] Allocated UID=1 for VC=[1:1,[xyz@SAMPLE.SE:null,Windows 2002 Service Pack 2 2600,Windows 2002 5.1,192.160.100.100],Tree=0,Searches=0]
https://svn.alfresco.com/repos/alfresco-open-mirror/alfresco/HEAD/root/projects/repository/source/ja...
I would also research if windows is at fault here, try googling "windows null sessions", gives some interesting stuff that may take you closer to solving this.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-05-2009 04:56 PM
I think you may have to review your config once more, there is a null pointer exception in your log.
Pay particular attention to your realms being in uppercase.
… SNIP …
I would also research if windows is at fault here, try googling "windows null sessions", gives some interesting stuff that may take you closer to solving this.
To be absolutely sure, I completely uninstalled, removed and re-installed ALL of Alfresco. After doing so, I am still experiencing the same issue.
Could you go into further detail on what you mean by "Pay particular attention to your realms being in uppercase"? Does this mean all realms need to be in uppercase, or in lowercase??
I will try Google for some more answers on the Windows side.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-06-2009 04:15 AM
Could you go into further detail on what you mean by "Pay particular attention to your realms being in uppercase"? Does this mean all realms need to be in uppercase, or in lowercase??
I mean that they should be in uppercase, this is also noted in the wiki instructions. Not saying that this is the error, just something that i thought of as an easy mistake to make.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-06-2009 09:00 AM
I mean that they should be in uppercase, this is also noted in the wiki instructions.
Can you confirm which files in particular the realm (in uppercase) appears in?
Here are the one's I've gotten so far:
- <alfresco install root>/tomcat/webapps/alfresco/WEB-INF/web.xml
- <alfresco install root>/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/file-servers.xml
Any others?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-06-2009 09:40 AM
Instead of changing the file-servers-xml, make your changes in tomcat/shared/classes/alfresco/extension/file-servers-custom.xml, else they may get lost if the alfresco.war is redeployed. If you are missing a section, just copy from file-servers.xml and paste into file-servers-custom.xml.
Step 9 in the instructions actually refers to config before 3.0, so this should now be placed in the CIFS server config section
You probably need to make more changes to this section, make sure you understand it fully.
You also have to specify realms in krb5.ini/krb5.conf, see step 6.
Step 9 in the instructions actually refers to config before 3.0, so this should now be placed in the CIFS server config section
<config evaluator="string-compare" condition="CIFS Server" replace="true">
<serverEnable enabled="true"/>
<host name="${cifs.localname}A" domain="${cifs.domain}"/>
<comment>Alfresco CIFS Server</comment>
<!– Set to the broadcast mask for the subnet –>
<broadcast>${cifs.broadcast}</broadcast>
<!– Use Java socket based NetBIOS over TCP/IP and native SMB on linux –>
<tcpipSMB platforms="linux,solaris,macosx"/>
<netBIOSSMB platforms="linux,solaris,macosx"/>
<!– Can be mapped to non-privileged ports, then use firewall rules to forward
requests from the standard ports –>
<!–
<tcpipSMB port="1445" platforms="linux,solaris,macosx"/>
<netBIOSSMB sessionPort="1139" namePort="1137" datagramPort="1138" platforms="linux,solaris,macosx"/>
–>
<hostAnnounce interval="5"/>
<!– Use Win32 NetBIOS interface on Windows –>
<Win32NetBIOS/>
<Win32Announce interval="5"/>
<!– CIFS authentication –>
<authenticator type="enterprise">
<KDC>adsrv.alfresco.org</KDC>
<Realm>ALFRESCO.ORG</Realm>
<Password>…</Password>
</authenticator>
<sessionDebug flags="Negotiate,Socket"/>
</config>You probably need to make more changes to this section, make sure you understand it fully.
You also have to specify realms in krb5.ini/krb5.conf, see step 6.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-06-2009 11:13 AM
Instead of changing the file-servers-xml, make your changes in tomcat/shared/classes/alfresco/extension/file-servers-custom.xml, else they may get lost if the alfresco.war is redeployed. If you are missing a section, just copy from file-servers.xml and paste into file-servers-custom.xml.
Step 9 in the instructions actually refers to config before 3.0, so this should now be placed in the CIFS server config section
…SNIP…
Note the replace="true", this makes your config override the default config.
You probably need to make more changes to this section, make sure you understand it fully.
Thanks to your help, I think we're getting much much closer to unraveling this issue. Here's what I just did:
1) Modified file-servers-custom.xml replace= attribute to false
2) Added the <authenticator> section to the CIFS Server <config> section in file-servers.xml (it was only in Filesystem Security <config> section previously; now it is in both)
I now see the following debug statements in alfresco.log that look promising and I have NEVER seen then before when starting Alfresco:
DEBUG [org.alfresco.smb.protocol.auth] Logged on using principal cifs/<server>.<domain>@<realm>
DEBUG [org.alfresco.smb.protocol.auth] Enabling mechTypes :-
DEBUG [org.alfresco.smb.protocol.auth] Kerberos5
DEBUG [org.alfresco.smb.protocol.auth] MS-Kerberos5
DEBUG [org.alfresco.smb.protocol.auth] NTLMSSP
Unfortunately, the Map Network Drive… Windows capability still does not work to the Alfresco CIFS server, AND NOW the Web Interface does not function at all either. The following is a snippet of output from alfresco.log that did not occur prior to this change. It appears that both the Web Interface and WebDAV authentication failed:
DEBUG [org.alfresco.web.app.servlet.KerberosAuthenticationFilter] HTTP Kerberos login using account HTTP/<server>.<domain>@<realm>
ERROR [org.alfresco.web.app.servlet.KerberosAuthenticationFilter] HTTP Kerberos web filter error
javax.security.auth.login.LoginException: Clients credentials have been revoked (18)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:696)
…
Caused by: KrbException: Clients credentials have been revoked (18)
at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:66)
…
Caused by: KrbException: Identifier doesn't match expected value (906)
at sun.security.krb5.internal.KDCRep.init(KDCRep.java:133)
…
ERROR [org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/alfresco]] Exception starting filter Authentication Filter
javax.servlet.ServletException: Failed to login HTTP server service
at org.alfresco.web.app.servlet.KerberosAuthenticationFilter.init(KerberosAuthenticationFilter.java:380)
…
DEBUG [org.alfresco.repo.webdav.auth.KerberosAuthenticationFilter] HTTP Kerberos login using account HTTP/<server>.<domain>@<realm>
ERROR [org.alfresco.repo.webdav.auth.KerberosAuthenticationFilter] HTTP Kerberos web filter error
javax.security.auth.login.LoginException: Clients credentials have been revoked (18)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:696)
…
Caused by: KrbException: Clients credentials have been revoked (18)
at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:66)
…
Caused by: KrbException: Identifier doesn't match expected value (906)
at sun.security.krb5.internal.KDCRep.init(KDCRep.java:133)
…
ERROR [org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/alfresco]] Exception starting filter WebDAV Authentication Filter
javax.servlet.ServletException: Failed to login HTTP server service
at org.alfresco.repo.webdav.auth.KerberosAuthenticationFilter.init(KerberosAuthenticationFilter.java:354)
…
So here are both of these two files IN FULL (NOTE: Some names have been changed to protect the innocent):
<Alfresco install root>/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/tomcat/file-servers.xml
<alfresco-config area="file-servers">
<config evaluator="string-compare" condition="CIFS Server">
<serverEnable enabled="true"/>
<host name="${cifs.localname}" domain="${cifs.domain}"/>
<comment>Alfresco CIFS Server</comment>
<!– Set to the broadcast mask for the subnet –>
<broadcast>${cifs.broadcast}</broadcast>
<!– Use Java socket based NetBIOS over TCP/IP and native SMB on linux –>
<!–
<tcpipSMB platforms="linux,solaris,macosx"/>
<netBIOSSMB platforms="linux,solaris,macosx"/>
–>
<!– Can be mapped to non-privileged ports, then use firewall rules to forward
requests from the standard ports –>
<tcpipSMB port="1445" platforms="linux,solaris,macosx"/>
<netBIOSSMB sessionPort="1139" namePort="1137" datagramPort="1138" platforms="linux,solaris,macosx"/>
<hostAnnounce interval="5"/>
<!– Use Win32 NetBIOS interface on Windows –>
<Win32NetBIOS/>
<Win32Announce interval="5"/>
<!– CIFS authentication –>
<authenticator type="enterprise">
<KDC><AD server>.<domain></KDC>
<Realm><realm></Realm>
<Password><…></Password>
<Principal>cifs/<server>.<domain></Principal>
</authenticator>
<!–
<WINS>
<primary>1.2.3.4</primary>
<secondary>5.6.7.8</secondary>
</WINS>
–>
<sessionDebug flags="Negotiate,Socket"/>
</config>
<config evaluator="string-compare" condition="FTP Server">
<serverEnable enabled="true"/>
<!– Run on a non-privileged port –>
<!–
<port>1121</port>
–>
<!– FTP authentication –>
<authenticator type="alfresco"/>
<!– <debug flags="File,Search,Error,Directory,Info,DataPort"/> –>
</config>
<config evaluator="string-compare" condition="NFS Server">
<serverEnable enabled="false"/>
</config>
<config evaluator="string-compare" condition="Filesystems">
<filesystems>
<!– Alfresco repository access shared filesystem –>
<filesystem name="Alfresco">
<store>workspace://SpacesStore</store>
<rootPath>/app:company_home</rootPath>
<!– Add a URL file to each folder that links back to the web client –>
<urlFile>
<filename>__AlfrescoClient.url</filename>
<webpath>http://${localname}:8080/alfresco/</webpath>
</urlFile>
<!– Mark locked files as offline –>
<offlineFiles/>
<!– Desktop actions –>
<!– Uses a client-side application to trigger a server-side action –>
<!– Echo - displays a message echoed from the server –>
<!– URL - launches a URL via the Windows shell –>
<!– CmdLine - launches the Notepad application –>
<!– CheckInOut - checks files in/out, drag and drop files onto the application –>
<!– JavaScript - run a server-side script –>
<!– JavaScriptURL - server-side script that generates a URL to the folder using a ticket –>
<!– to avoid having to logon –>
<!–
<desktopActions>
<global>
<path>alfresco/desktop/Alfresco.exe</path>
<webpath>http://${localname}:8080/alfresco/</webpath>
</global>
<action>
<class>org.alfresco.filesys.repo.desk.EchoDesktopAction</class>
<name>Echo</name>
<filename>__AlfrescoEcho.exe</filename>
</action>
<action>
<class>org.alfresco.filesys.repo.desk.URLDesktopAction</class>
<name>URL</name>
<filename>__AlfrescoURL.exe</filename>
</action>
<action>
<class>org.alfresco.filesys.repo.desk.CmdLineDesktopAction</class>
<name>CmdLine</name>
<filename>__AlfrescoCmd.exe</filename>
</action>
<action>
<class>org.alfresco.filesys.repo.desk.CheckInOutDesktopAction</class>
<name>CheckInOut</name>
<filename>__AlfrescoCheckInOut.exe</filename>
</action>
<action>
<class>org.alfresco.filesys.repo.desk.JavaScriptDesktopAction</class>
<name>JavaScript</name>
<filename>__AlfrescoScript.exe</filename>
<script>alfresco/desktop/dumpRequest.js</script>
<attributes>anyFiles, multiplePaths , allowNoParams</attributes>
<preprocess>confirm, copyToTarget</preprocess>
</action>
<action>
<class>org.alfresco.filesys.repo.desk.JavaScriptDesktopAction</class>
<name>JavaScriptURL</name>
<filename>__AlfrescoDetails.exe</filename>
<script>alfresco/desktop/showDetails.js</script>
<attributes>anyFiles</attributes>
<preprocess>copyToTarget</preprocess>
</action>
</desktopActions>
–>
<!–
<accessControl default="Write">
<user name="admin" access="Write"/>
<address subnet="90.1.0.0" mask="255.255.0.0" access="Write"/>
</accessControl>
–>
</filesystem>
<!– AVM virtualization view of all stores/versions for WCM –>
<!– virtual view can be any of the following: normal, site, staging, author, preview –>
<avmfilesystem name="AVM">
<virtualView stores="site,staging,author" />
</avmfilesystem>
</filesystems>
</config>
<config evaluator="string-compare" condition="Filesystem Security">
<!– The following section will allow Alfresco CIFS to –>
<!– authenticate via AD w/ the appropriate AD configurations –>
<!– See wiki.alfresco.com/wiki/Configuring_the_CIFS_and_web_servers_for_Kerberos/AD_integration –>
<authenticator type="enterprise">
<KDC><AD server>.<domain></KDC>
<Realm><realm></Realm>
<Password><…></Password>
<!– <Principal>cifs/<server>.<domain></Principal> –>
</authenticator>
<!– Domain mappings used for passthri authentication routing –>
<!–
<DomainMappings>
<Domain name="ALFRESCO" subnet="192.168.1.0" mask="192.168.1.255"/>
</DomainMappings>
–>
<!– Custom share mapper when multi-tenancy is enabled –>
<!–
<shareMapper type="multi-tenant">
<debug/>
</shareMapper>
–>
<!–
<globalAccessControl default="None">
<user name="admin" access="Write"/>
<address ip="90.1.0.90" access="Write"/>
</globalAccessControl>
–>
</config>
</alfresco-config>
<Alfresco install root>/tomcat/shared/classes/alfresco/extension/file-servers-custom.xml
<alfresco-config area="file-servers">
<!– To override the default Alfresco filesystem use replace="true", to –>
<!– add additional filesystems remove the replace="true" attribute –>
<config evaluator="string-compare" condition="Filesystems" replace="false">
<filesystems>
<filesystem name="Alfresco">
<store>workspace://SpacesStore</store>
<rootPath>/app:company_home</rootPath>
<!– Add a URL file to each folder that links back to the web client –>
<urlFile>
<filename>__Alfresco.url</filename>
<webpath>http://${localname}:8080/alfresco/</webpath>
</urlFile>
<!– Mark locked files as offline –>
<offlineFiles/>
<!– Desktop actions –>
<desktopActions>
<global>
<path>alfresco/desktop/Alfresco.exe</path>
<webpath>http://${localname}:8080/alfresco/</webpath>
</global>
<action>
<class>org.alfresco.filesys.repo.desk.CheckInOutDesktopAction</class>
<name>CheckInOut</name>
<filename>__CheckInOut.exe</filename>
</action>
<action>
<class>org.alfresco.filesys.repo.desk.JavaScriptDesktopAction</class>
<name>JavaScriptURL</name>
<filename>__ShowDetails.exe</filename>
<script>alfresco/desktop/showDetails.js</script>
<attributes>anyFiles</attributes>
<preprocess>copyToTarget</preprocess>
</action>
</desktopActions>
<!–
<accessControl default="Write">
<user name="admin" access="Write"/>
<address subnet="90.1.0.0" mask="255.255.0.0" access="Write"/>
</accessControl>
–>
</filesystem>
<!– AVM virtualization view of all stores/versions for WCM –>
<avmfilesystem name="AVM">
<virtualView/>
</avmfilesystem>
</filesystems>
</config>
</alfresco-config>
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-06-2009 12:15 PM
Copy the entire section
<config evaluator="string-compare" condition="CIFS Server" replace="true">
and put it into file-servers-custom.xml. And there is where the replace directive makes sense, file-servers.xml is read first and thus will never be replaced.
This will not solve your problem, but is good practice to only make config changes in the extension directory.
Now for your actual problem, I think you have it correct in you alfresco config (although not in the recommended location). The errors are now when the authentication takes place, so try searching internet on the KrbException.
If that doesn't help, next step is to use something like wireshark to dump tcp traffic to see what communication actually takes place, I don't think the logs will tell more.
<config evaluator="string-compare" condition="CIFS Server" replace="true">
and put it into file-servers-custom.xml. And there is where the replace directive makes sense, file-servers.xml is read first and thus will never be replaced.
This will not solve your problem, but is good practice to only make config changes in the extension directory.
Now for your actual problem, I think you have it correct in you alfresco config (although not in the recommended location). The errors are now when the authentication takes place, so try searching internet on the KrbException.
If that doesn't help, next step is to use something like wireshark to dump tcp traffic to see what communication actually takes place, I don't think the logs will tell more.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-06-2009 01:39 PM
Now for your actual problem, I think you have it correct in you alfresco config (although not in the recommended location). The errors are now when the authentication takes place, so try searching internet on the KrbException.
If that doesn't help, next step is to use something like wireshark to dump tcp traffic to see what communication actually takes place, I don't think the logs will tell more.
Perhaps the contents of alfresco.log at startup in two different situations may be helpful.
First, here is the output to alfresco.log with the CIFS Server <authenticator> tag commented out:
13:16:19,100 INFO [org.alfresco.config.xml.XMLConfigService$PropertyConfigurer] Loading properties file from class path resource [alfresco/file-servers.properties]
13:16:19,753 DEBUG [org.alfresco.repo.webdav.auth.KerberosAuthenticationFilter] preRegister called. Server=com.sun.jmx.mbeanserver.JmxMBeanServer@5b5034e0, name=log4j:logger=org.alfresco.repo.webdav.auth.KerberosAuthenticationFilter
13:16:19,754 DEBUG [org.alfresco.smb.protocol.auth] preRegister called. Server=com.sun.jmx.mbeanserver.JmxMBeanServer@5b5034e0, name=log4j:logger=org.alfresco.smb.protocol.auth
13:16:19,758 DEBUG [org.alfresco.web.app.servlet.KerberosAuthenticationFilter] preRegister called. Server=com.sun.jmx.mbeanserver.JmxMBeanServer@5b5034e0, name=log4j:logger=org.alfresco.web.app.servlet.KerberosAuthenticationFilter
13:16:23,559 INFO [org.alfresco.repo.domain.schema.SchemaBootstrap] Schema managed by database dialect org.hibernate.dialect.MySQLInnoDBDialect.
13:16:23,860 INFO [org.alfresco.repo.domain.schema.SchemaBootstrap] No changes were made to the schema.
13:16:24,892 INFO [org.alfresco.repo.admin.ConfigurationChecker] The Alfresco root data directory ('dir.root') is: /opt/alfresco/alf_data
13:16:24,918 INFO [org.alfresco.repo.admin.patch.PatchExecuter] Checking for patches to apply …
13:16:25,060 INFO [org.alfresco.repo.admin.patch.PatchExecuter] No patches were required.
13:16:25,062 INFO [org.alfresco.repo.module.ModuleServiceImpl] Found 0 module(s).
13:16:25,158 ERROR [org.alfresco.smb.protocol] CIFS server configuration error, CIFS authenticator not specified
org.alfresco.error.AlfrescoRuntimeException: CIFS authenticator not specified
at org.alfresco.filesys.ServerConfigurationBean.processCIFSServerConfig(ServerConfigurationBean.java:887)
at org.alfresco.filesys.ServerConfigurationBean.init(ServerConfigurationBean.java:549)
at org.alfresco.filesys.ServerConfigurationBean.onApplicationEvent(ServerConfigurationBean.java:3098)
at org.springframework.context.event.SimpleApplicationEventMulticaster$1.run(SimpleApplicationEventMulticaster.java:77)
at org.springframework.core.task.SyncTaskExecutor.execute(SyncTaskExecutor.java:49)
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:75)
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:246)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:355)
at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:244)
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:187)
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:49)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3764)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4216)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:825)
at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:714)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:490)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:448)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
13:16:25,412 INFO [org.alfresco.service.descriptor.DescriptorService] Alfresco JVM - v1.6.0_11-b03; maximum heap size 910.250MB
13:16:25,412 INFO [org.alfresco.service.descriptor.DescriptorService] Alfresco started (Labs): Current version 3.0.0 (c 1342) schema 1000 - Installed version 3.0.0 (c 1342) schema 1000
13:16:25,509 WARN [org.alfresco.linkvalidation.LinkValidationServiceImpl] LinkValidationService Update is not running (virtualization server not registered or started)
13:16:32,650 DEBUG [org.alfresco.web.app.servlet.KerberosAuthenticationFilter] HTTP Kerberos login using account HTTP/<server>.<domain>@<realm>
13:16:32,772 DEBUG [org.alfresco.web.app.servlet.KerberosAuthenticationFilter] HTTP Kerberos login successful
13:16:32,783 DEBUG [org.alfresco.repo.webdav.auth.KerberosAuthenticationFilter] HTTP Kerberos login using account HTTP/<server>.<domain>@<realm>
13:16:32,794 DEBUG [org.alfresco.repo.webdav.auth.KerberosAuthenticationFilter] HTTP Kerberos login successful
13:16:34,344 INFO [org.alfresco.web.scripts.DeclarativeRegistry] Registered 21 Web Scripts (+0 failed), 23 URLs
13:16:34,345 INFO [org.alfresco.web.scripts.AbstractRuntimeContainer] Initialised Presentation Web Script Container (in 63.326ms)
13:16:34,516 INFO [org.alfresco.web.scripts.DeclarativeRegistry] Registered 134 Web Scripts (+0 failed), 136 URLs
13:16:34,516 INFO [org.alfresco.web.scripts.AbstractRuntimeContainer] Initialised WebFramework Web Script Container (in 168.85101ms)
13:16:34,536 INFO [org.alfresco.web.site.FrameworkHelper] Successfully Initialized Web Framework
13:17:05,785 INFO [org.alfresco.web.site.FrameworkHelper] Successfully Initialized Web Framework
Second, here is the output to alfresco.log with the CIFS Server <authenticator> tag enabled:
13:27:14,595 INFO [org.alfresco.config.xml.XMLConfigService$PropertyConfigurer] Loading properties file from class path resource [alfresco/file-servers.properties]
13:27:15,262 DEBUG [org.alfresco.repo.webdav.auth.KerberosAuthenticationFilter] preRegister called. Server=com.sun.jmx.mbeanserver.JmxMBeanServer@634c0cb0, name=log4j:logger=org.alfresco.repo.webdav.auth.KerberosAuthenticationFilter
13:27:15,262 DEBUG [org.alfresco.smb.protocol.auth] preRegister called. Server=com.sun.jmx.mbeanserver.JmxMBeanServer@634c0cb0, name=log4j:logger=org.alfresco.smb.protocol.auth
13:27:15,265 DEBUG [org.alfresco.web.app.servlet.KerberosAuthenticationFilter] preRegister called. Server=com.sun.jmx.mbeanserver.JmxMBeanServer@634c0cb0, name=log4j:logger=org.alfresco.web.app.servlet.KerberosAuthenticationFilter
13:27:18,949 INFO [org.alfresco.repo.domain.schema.SchemaBootstrap] Schema managed by database dialect org.hibernate.dialect.MySQLInnoDBDialect.
13:27:19,314 INFO [org.alfresco.repo.domain.schema.SchemaBootstrap] No changes were made to the schema.
13:27:20,401 INFO [org.alfresco.repo.admin.ConfigurationChecker] The Alfresco root data directory ('dir.root') is: /opt/alfresco/alf_data
13:27:20,436 INFO [org.alfresco.repo.admin.patch.PatchExecuter] Checking for patches to apply …
13:27:20,595 INFO [org.alfresco.repo.admin.patch.PatchExecuter] No patches were required.
13:27:20,598 INFO [org.alfresco.repo.module.ModuleServiceImpl] Found 0 module(s).
13:27:20,893 DEBUG [org.alfresco.smb.protocol.auth] Logged on using principal cifs/<server>.<domain>@<realm>
13:27:20,893 DEBUG [org.alfresco.smb.protocol.auth] Enabling mechTypes :-
13:27:20,893 DEBUG [org.alfresco.smb.protocol.auth] Kerberos5
13:27:20,893 DEBUG [org.alfresco.smb.protocol.auth] MS-Kerberos5
13:27:21,151 INFO [org.alfresco.service.descriptor.DescriptorService] Alfresco JVM - v1.6.0_11-b03; maximum heap size 910.250MB
13:27:21,152 INFO [org.alfresco.service.descriptor.DescriptorService] Alfresco started (Labs): Current version 3.0.0 (c 1342) schema 1000 - Installed version 3.0.0 (c 1342) schema 1000
13:27:21,233 WARN [org.alfresco.linkvalidation.LinkValidationServiceImpl] LinkValidationService Update is not running (virtualization server not registered or started)
13:27:28,037 DEBUG [org.alfresco.web.app.servlet.KerberosAuthenticationFilter] HTTP Kerberos login using account HTTP/<server>.<domain>@<realm>
13:27:28,197 ERROR [org.alfresco.web.app.servlet.KerberosAuthenticationFilter] HTTP Kerberos web filter error
javax.security.auth.login.LoginException: Pre-authentication information was invalid (24)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:696)
at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:542)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at org.alfresco.web.app.servlet.KerberosAuthenticationFilter.init(KerberosAuthenticationFilter.java:366)
at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:221)
at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:302)
at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:78)
at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:3635)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4222)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:825)
at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:714)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:490)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:448)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
Caused by: KrbException: Pre-authentication information was invalid (24)
at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:66)
at sun.security.krb5.KrbAsReq.getReply(KrbAsReq.java:449)
at sun.security.krb5.Credentials.sendASRequest(Credentials.java:406)
at sun.security.krb5.Credentials.acquireTGT(Credentials.java:378)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:662)
… 39 more
Caused by: KrbException: Identifier doesn't match expected value (906)
at sun.security.krb5.internal.KDCRep.init(KDCRep.java:133)
at sun.security.krb5.internal.ASRep.init(ASRep.java:58)
at sun.security.krb5.internal.ASRep.<init>(ASRep.java:53)
at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:50)
… 43 more
13:27:28,199 ERROR [org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/alfresco]] Exception starting filter Authentication Filter
javax.servlet.ServletException: Failed to login HTTP server service
at org.alfresco.web.app.servlet.KerberosAuthenticationFilter.init(KerberosAuthenticationFilter.java:380)
at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:221)
at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:302)
at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:78)
at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:3635)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4222)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:825)
at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:714)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:490)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:448)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
13:27:28,204 DEBUG [org.alfresco.repo.webdav.auth.KerberosAuthenticationFilter] HTTP Kerberos login using account HTTP/<server>.<domain>@<realm>
13:27:28,273 ERROR [org.alfresco.repo.webdav.auth.KerberosAuthenticationFilter] HTTP Kerberos web filter error
javax.security.auth.login.LoginException: Pre-authentication information was invalid (24)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:696)
at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:542)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at org.alfresco.repo.webdav.auth.KerberosAuthenticationFilter.init(KerberosAuthenticationFilter.java:340)
at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:221)
at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:302)
at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:78)
at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:3635)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4222)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:825)
at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:714)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:490)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:448)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
Caused by: KrbException: Pre-authentication information was invalid (24)
at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:66)
at sun.security.krb5.KrbAsReq.getReply(KrbAsReq.java:449)
at sun.security.krb5.Credentials.sendASRequest(Credentials.java:406)
at sun.security.krb5.Credentials.acquireTGT(Credentials.java:378)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:662)
… 39 more
Caused by: KrbException: Identifier doesn't match expected value (906)
at sun.security.krb5.internal.KDCRep.init(KDCRep.java:133)
at sun.security.krb5.internal.ASRep.init(ASRep.java:58)
at sun.security.krb5.internal.ASRep.<init>(ASRep.java:53)
at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:50)
… 43 more
13:27:28,274 ERROR [org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/alfresco]] Exception starting filter WebDAV Authentication Filter
javax.servlet.ServletException: Failed to login HTTP server service
at org.alfresco.repo.webdav.auth.KerberosAuthenticationFilter.init(KerberosAuthenticationFilter.java:354)
at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:221)
at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:302)
at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:78)
at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:3635)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4222)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:825)
at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:714)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:490)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:448)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
13:27:30,232 INFO [org.alfresco.web.scripts.DeclarativeRegistry] Registered 21 Web Scripts (+0 failed), 23 URLs
13:27:30,233 INFO [org.alfresco.web.scripts.AbstractRuntimeContainer] Initialised Presentation Web Script Container (in 73.53ms)
13:27:30,499 INFO [org.alfresco.web.scripts.DeclarativeRegistry] Registered 134 Web Scripts (+0 failed), 136 URLs
13:27:30,500 INFO [org.alfresco.web.scripts.AbstractRuntimeContainer] Initialised WebFramework Web Script Container (in 263.1ms)
13:27:30,530 INFO [org.alfresco.web.site.FrameworkHelper] Successfully Initialized Web Framework
13:28:02,030 INFO [org.alfresco.web.site.FrameworkHelper] Successfully Initialized Web Framework
Does that provide any insight into my problem?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-06-2009 01:54 PM
I see you are very active in lots of threads trying to solve this 
Have a look at this for KrbException: Pre-authentication information was invalid (24), maybe just clocks out of sync?
http://java.sun.com/j2se/1.4.2/docs/guide/security/jgss/tutorials/Troubleshooting.html
This also give some info on KrbException: Identifier doesn't match expected value (906)
http://blogs.sun.com/enterprisetechtips/entry/building_kerberos_based_secure_services
Add -Dsun.security.krb5.debug=true to your JAVA_OPTS and you may get more debug info in catalina.out
Have a look at this for KrbException: Pre-authentication information was invalid (24), maybe just clocks out of sync?
http://java.sun.com/j2se/1.4.2/docs/guide/security/jgss/tutorials/Troubleshooting.html
This also give some info on KrbException: Identifier doesn't match expected value (906)
http://blogs.sun.com/enterprisetechtips/entry/building_kerberos_based_secure_services
Add -Dsun.security.krb5.debug=true to your JAVA_OPTS and you may get more debug info in catalina.out
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-06-2009 02:45 PM
I see you are very active in lots of threads trying to solve this
Have a look at this for KrbException: Pre-authentication information was invalid (24), maybe just clocks out of sync?
http://java.sun.com/j2se/1.4.2/docs/guide/security/jgss/tutorials/Troubleshooting.html
This also give some info on KrbException: Identifier doesn't match expected value (906)
http://blogs.sun.com/enterprisetechtips/entry/building_kerberos_based_secure_services
Add -Dsun.security.krb5.debug=true to your JAVA_OPTS and you may get more debug info in catalina.out
I will read both of those links, but any idea why the AD authentication for the Alfresco Web Interface works ONLY when the CIFS Server <authenticator> tag is commented out?
And yes, I am VERY actively seeking a remedy to my problems. All I want is an Alfresco application that authenticates via an external Active Directory server, to allow single sign-on for the Web Interface AND the CIFS server. I was previously under the impression that this is relatively simple to do.
Related Content
- How to authenticate at API in Alfresco 23.2.0 Comminity addition in Alfresco Forum
- Alfresco, Docker, MS SQL, Data Store DFS, on docker swarm replicated. YML in Alfresco Forum
- org.alfresco.error.AlfrescoRuntimeException: 07270038 Connection refused in Alfresco Forum
- One month until Hyland's Alfresco TechQuest and Hack-a-thon in Lisbon in Alfresco Blog
- ACS 23.1 : Share QuickLink redirect for authentication when using Keycloak in Alfresco Forum
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
