Alfresco user/pw must match AD user/pw for Map Network Drive
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-16-2008 06:00 AM
My end-users are using Windows XP Professional PCs and the Alfresco Community Labs 3c application is hosted on a RHEL 5.2 server. Each of the end-user Windows XP PCs are tied to Microsoft's Active Directory for user authentication during login.
Alfresco is not tied to our Active Directory setup in any way (that I am aware of). Yet, when I attempt to use the 'Map Network Drive…' function from any of the Windows XP Professional PCs, the only way this action will succeed is if the Alfresco username/password exactly matches the user's Active Directory username/password.
I don't even know where to begin diagnosing this issue. I have no idea why the Alfresco username/password would need to be identical to the Active Directory username/password. No attempt has been made to do any sort of synchronized user authentication between the two areas (Active Directory and Alfresco).
Does anyone have ANY idea why this would be? I would greatly appreciate any helpful advice or suggestions you may have. Thanks in advance!!
Alfresco is not tied to our Active Directory setup in any way (that I am aware of). Yet, when I attempt to use the 'Map Network Drive…' function from any of the Windows XP Professional PCs, the only way this action will succeed is if the Alfresco username/password exactly matches the user's Active Directory username/password.
I don't even know where to begin diagnosing this issue. I have no idea why the Alfresco username/password would need to be identical to the Active Directory username/password. No attempt has been made to do any sort of synchronized user authentication between the two areas (Active Directory and Alfresco).
Does anyone have ANY idea why this would be? I would greatly appreciate any helpful advice or suggestions you may have. Thanks in advance!!
Labels:
- Labels:
-
Archive
28 REPLIES 28
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-16-2008 02:29 PM
Anyone ever experienced this before?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-16-2008 03:19 PM
Most likely it is not a requirement, what you are authenticating against is the username and password stored in Alfresco.
Have a look at these pages (and look at the categories in the bottom if each page, will take you further)
http://wiki.alfresco.com/wiki/Security_and_Authentication
http://wiki.alfresco.com/wiki/Enterprise_Security_and_Authentication_Configuration
http://wiki.alfresco.com/wiki/CIFS_Server_Authentication
It may seem complex to understand, but so is every enterprise authentication out there, you can do this in so many ways.
Have a look at these pages (and look at the categories in the bottom if each page, will take you further)
http://wiki.alfresco.com/wiki/Security_and_Authentication
http://wiki.alfresco.com/wiki/Enterprise_Security_and_Authentication_Configuration
http://wiki.alfresco.com/wiki/CIFS_Server_Authentication
It may seem complex to understand, but so is every enterprise authentication out there, you can do this in so many ways.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-17-2008 10:29 AM
Most likely it is not a requirement, what you are authenticating against is the username and password stored in Alfresco.
Have a look at these pages (and look at the categories in the bottom if each page, will take you further)
http://wiki.alfresco.com/wiki/Security_and_Authentication
http://wiki.alfresco.com/wiki/Enterprise_Security_and_Authentication_Configuration
http://wiki.alfresco.com/wiki/CIFS_Server_Authentication
It may seem complex to understand, but so is every enterprise authentication out there, you can do this in so many ways.
I agree that I *SHOULD* only need to enter the Alfresco username/password when attempting to Map Network Drive… to the Alfresco CIFS server. However, I have tried numerous times with a username/password different from my ActiveDirectory username/password without success.
The *ONLY* time I am able to successfully complete the Map Network Drive… function to the Alfresco CIFS server is when my Alfresco username/password matches my ActiveDirectory username/password (used to login to my PC) exactly.
I'm still very confused as to what the problem might be. It does not seem logical to me that the Alfresco username/password would have to be identical to the ActiveDirectory username/password, yet that is the case.
I would greatly appreciate any help. I am at a total loss.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-18-2008 08:20 AM
Is there any configuration I should check? I haven't attempted to configure Alfresco to use any sort of external authentication. Yet, for some reason, our Windows XP PCs (which use ActiveDirectory for user authentication) will not allow us to successfully complete the Map Network Drive… function successfully unless the Alfresco username/password is IDENTICAL to the ActiveDirectory username/password.
Again, I am at a complete loss. I have taken no steps to force Alfresco to do this.
Again, I am at a complete loss. I have taken no steps to force Alfresco to do this.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-18-2008 08:42 AM
The links posted are links to the security and authentication configuration setup howto and files. In case of cifs, it is file-servers-custom.xml you should look at. Also have a look at ntlm-authentication-context.xml if that is in use.
More links for you
http://wiki.alfresco.com/wiki/3.0_Configuring_NTLM
Now have a look at these links, make any modifications you find suitable, tell us what you did (and why you changed it so and what you expected it to do), include any config changes in you post. Turn on logging in log4j.properties, in that file search for cifs, there are 3 entries there, 2 needs to be uncommented, set to debug. Restart Alfresco and post you log file.
Peter Löfgren
More links for you
http://wiki.alfresco.com/wiki/3.0_Configuring_NTLM
Now have a look at these links, make any modifications you find suitable, tell us what you did (and why you changed it so and what you expected it to do), include any config changes in you post. Turn on logging in log4j.properties, in that file search for cifs, there are 3 entries there, 2 needs to be uncommented, set to debug. Restart Alfresco and post you log file.
Peter Löfgren
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-02-2009 03:54 PM
Turn on logging in log4j.properties, in that file search for cifs, there are 3 entries there, 2 needs to be uncommented, set to debug. Restart Alfresco and post you log file.
The following is alfresco.log output upon startup of the Alfresco application:
INFO [org.alfresco.config.xml.XMLConfigService$PropertyConfigurer] Loading properties file from class path resource [alfresco/file-servers.properties]DEBUG [org.alfresco.smb.protocol.auth] preRegister called. Server=com.sun.jmx.mbeanserver.JmxMBeanServer@5a6b54ef, name=log4j:logger=org.alfresco.smb.protocol.authINFO [org.alfresco.repo.domain.schema.SchemaBootstrap] Schema managed by database dialect org.hibernate.dialect.MySQLInnoDBDialect.INFO [org.alfresco.repo.domain.schema.SchemaBootstrap] No changes were made to the schema.INFO [org.alfresco.repo.admin.ConfigurationChecker] The Alfresco root data directory ('dir.root') is: /opt/alfresco/alf_dataINFO [org.alfresco.repo.admin.patch.PatchExecuter] Checking for patches to apply …INFO [org.alfresco.repo.admin.patch.PatchExecuter] No patches were required.INFO [org.alfresco.repo.module.ModuleServiceImpl] Found 0 module(s).INFO [org.alfresco.service.descriptor.DescriptorService] Alfresco JVM - v1.6.0_11-b03; maximum heap size 910.250MBINFO [org.alfresco.service.descriptor.DescriptorService] Alfresco started (Labs): Current version 3.0.0 (c 1342) schema 1000 - Installed version 3.0.0 (c 1342) schema 1000WARN [org.alfresco.linkvalidation.LinkValidationServiceImpl] LinkValidationService Update is not running (virtualization server not registered or started)INFO [org.alfresco.web.scripts.DeclarativeRegistry] Registered 21 Web Scripts (+0 failed), 23 URLsINFO [org.alfresco.web.scripts.AbstractRuntimeContainer] Initialised Presentation Web Script Container (in 64.423ms)INFO [org.alfresco.web.scripts.DeclarativeRegistry] Registered 134 Web Scripts (+0 failed), 136 URLsINFO [org.alfresco.web.scripts.AbstractRuntimeContainer] Initialised WebFramework Web Script Container (in 201.72899ms)INFO [org.alfresco.web.site.FrameworkHelper] Successfully Initialized Web FrameworkINFO [org.alfresco.web.site.FrameworkHelper] Successfully Initialized Web FrameworkThe following is alfresco.log output when attempting to Map Network Drive… to \\<server>\alfresco:
(NOTE: The names have been changed to protect the innocent.)
DEBUG [org.alfresco.smb.protocol.auth] NT Session setup NTLMSSP, MID=8, UID=0, PID=65279DEBUG [org.alfresco.smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=985,Authenticator=EncType=23,Kvno=-1,Len=180]DEBUG [org.alfresco.smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQERROR [org.alfresco.smb.protocol.auth] Kerberos logon errorERROR [org.alfresco.smb.protocol.auth] java.lang.NullPointerExceptionDEBUG [org.alfresco.smb.protocol.auth] NT Session setup NTLMSSP, MID=16, UID=0, PID=65279DEBUG [org.alfresco.smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=1020,Authenticator=EncType=23,Kvno=-1,Len=175]DEBUG [org.alfresco.smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQERROR [org.alfresco.smb.protocol.auth] Kerberos logon errorERROR [org.alfresco.smb.protocol.auth] java.lang.NullPointerExceptionDEBUG [org.alfresco.smb.protocol.auth] NT Session setup NTLMSSP, MID=8, UID=0, PID=65279DEBUG [org.alfresco.smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=985,Authenticator=EncType=23,Kvno=-1,Len=180]DEBUG [org.alfresco.smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQERROR [org.alfresco.smb.protocol.auth] Kerberos logon errorERROR [org.alfresco.smb.protocol.auth] java.lang.NullPointerExceptionDEBUG [org.alfresco.smb.protocol.auth] NT Session setup NTLMSSP, MID=16, UID=0, PID=65279DEBUG [org.alfresco.smb.protocol.auth] User logged on (type Normal)DEBUG [org.alfresco.smb.protocol.auth] NT Session setup NTLMSSP, MID=24, UID=0, PID=65279DEBUG [org.alfresco.smb.protocol.auth] Logged on using NTLMSSP/NTLMv2DEBUG [org.alfresco.smb.protocol.auth] User <username> logged on (type Normal)DEBUG [org.alfresco.smb.protocol.auth] Allocated UID=0 for VC=[0:0,[<username>:null,Windows XP 3790 Service Pack 2,,<ip address>],Tree=0,Searches=0]I'm really at a loss because I was able to Map Network Drive… to the Alfresco CIFS server successfully before I took leave for the holidays. Now, I can not.
It is worth noting that I have created my Alfresco user to have the same username and password that I use to login to my PC.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-05-2009 09:25 AM
I could really use some assistance on this one.
Aside from the "null" where I believe the password should be, nothing really stands out to me.
Aside from the "null" where I believe the password should be, nothing really stands out to me.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-05-2009 09:52 AM
From what I can see it tries to logon using Kerberos first, the it logs on using NTLMv2.
What is it that you want to use, and what files have you (or someone else at you place) changed?
It might be that some files in tomcat/shared/classes/alfresco/extension has been changed from having the sample extension to .xml (and thus is read as part of the config), but no further changes to them have been made.
Try sorting them on "changed date" to see what files have been updated from the default config, then post your config.
I would start with file-servers-custom.xml, ntlm-authentication-context.xml(.sample), chaining-authentication-context.xml(.sample), jaas-authentication-context.xml(.sample)
sample in the above meaning that is their default extension, if .xml only they are read as part of the config for Alfresco.
What is it that you want to use, and what files have you (or someone else at you place) changed?
It might be that some files in tomcat/shared/classes/alfresco/extension has been changed from having the sample extension to .xml (and thus is read as part of the config), but no further changes to them have been made.
Try sorting them on "changed date" to see what files have been updated from the default config, then post your config.
I would start with file-servers-custom.xml, ntlm-authentication-context.xml(.sample), chaining-authentication-context.xml(.sample), jaas-authentication-context.xml(.sample)
sample in the above meaning that is their default extension, if .xml only they are read as part of the config for Alfresco.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-05-2009 12:52 PM
From what I can see it tries to logon using Kerberos first, the it logs on using NTLMv2.
What is it that you want to use, and what files have you (or someone else at you place) changed?
It might be that some files in tomcat/shared/classes/alfresco/extension has been changed from having the sample extension to .xml (and thus is read as part of the config), but no further changes to them have been made.
Try sorting them on "changed date" to see what files have been updated from the default config, then post your config.
I would start with file-servers-custom.xml, ntlm-authentication-context.xml(.sample), chaining-authentication-context.xml(.sample), jaas-authentication-context.xml(.sample)
sample in the above meaning that is their default extension, if .xml only they are read as part of the config for Alfresco.
Well, originally, I just wanted to use Alfresco's standard authentication (itself). That worked, then, all of a sudden, stopped working with seemingly no action on my part. Now that I have external authentication (to a remote Active Directory server) working for the Web Interface, I would it to function for CIFS as well. I followed the procedure in http://wiki.alfresco.com/wiki/Configuring_the_CIFS_and_web_servers_for_Kerberos/AD_integration exactly and the Web Interface is now authenticating to the AD server (see this thread: http://forums.alfresco.com/en/viewtopic.php?f=9&t=15967). However, the CIFS server appears to have the same issue as first mentioned in this post when I WASN'T using external authentication.
None of the files you mention (or any seemingly-related files in those areas) have been modified in any way that would seem to effect authentication. I'm starting to think this is an issue with Windows, rather than Alfresco. Any way I can confirm this?
