Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Alfresco user/pw must match AD user/pw for Map Network Drive

meansartin14
Champ in-the-making
Champ in-the-making

‎12-16-2008 06:00 AM

My end-users are using Windows XP Professional PCs and the Alfresco Community Labs 3c application is hosted on a RHEL 5.2 server. Each of the end-user Windows XP PCs are tied to Microsoft's Active Directory for user authentication during login.

Alfresco is not tied to our Active Directory setup in any way (that I am aware of). Yet, when I attempt to use the 'Map Network Drive…' function from any of the Windows XP Professional PCs, the only way this action will succeed is if the Alfresco username/password exactly matches the user's Active Directory username/password.

I don't even know where to begin diagnosing this issue. I have no idea why the Alfresco username/password would need to be identical to the Active Directory username/password. No attempt has been made to do any sort of synchronized user authentication between the two areas (Active Directory and Alfresco).

Does anyone have ANY idea why this would be? I would greatly appreciate any helpful advice or suggestions you may have. Thanks in advance!!
Labels:
0 Kudos
28 REPLIES 28

ajmillar
Champ in-the-making
Champ in-the-making

‎01-12-2009 07:59 AM

I have tried without success to get Alfresco CIFS working with our ldap since version 3 first came out. Able to auth successfully for the web client, but the CIFS is just a no go. There seems to be very little communication from Alfresco about this matter. From reading all the other threads I would guess that this is(should be) a major issue for Alfresco and will possibly put off a lot of potential customers.

Shame, good system otherwise…
0 Kudos

pmonks
Star Contributor
Star Contributor

‎01-12-2009 10:35 AM

Unless your LDAP server supports MD4 encrypted passwords, CIFS won't work (the CIFS protocol uses MD4 for encrypting passwords).  The reason for this is that MD4 is no longer considered secure (see http://en.wikipedia.org/wiki/MD4 for an overview of the problem), so most LDAP administrators are unwilling to use it for encrypting user passwords.

Unfortunately Alfresco is caught in the middle of this - Microsoft controls the (proprietary) CIFS protocol (not to mention providing ~80% of the install base of CIFS clients ie. Windows), and we completely understand the reluctance of LDAP administrators to configure their LDAP servers to use an insecure encryption method (MD4) for passwords.

Perhaps lobbying Microsoft would help?  :wink:

Cheers,
Peter
0 Kudos

ajmillar
Champ in-the-making
Champ in-the-making

‎01-12-2009 10:39 AM

Sorry, I didn't phrase that post terribly well.

Trying to get the CIFS server to do passthru authentication with another server so that we can have all our usernames/passwords located in the ldap rather than having to use two different authentication systems within the complex (i.e. Alfresco and LDAP). I'm aware that doing it against ldap isn't secure.
0 Kudos

pmonks
Star Contributor
Star Contributor

‎01-12-2009 11:05 AM

Configuring Alfresco (both the Alfresco Explorer and the virtual file servers) to use external systems of authentication is described at http://wiki.alfresco.com/wiki/Enterprise_Security_and_Authentication_Configuration.

However, for CIFS specifically to work your LDAP server must support MD4 encrypted passwords, and that's unlikely to be the case for the reason described in my previous post (ie. MD4 is insecure so LDAP administrators tend to avoid it).

Cheers,
Peter
0 Kudos

ajmillar
Champ in-the-making
Champ in-the-making

‎01-12-2009 12:07 PM

So has this changed since 2.1? I have a working install of 2.1 with CIFS working.
0 Kudos

pmonks
Star Contributor
Star Contributor

‎01-12-2009 12:34 PM

In terms of the fundamental incompatibility between CIFS and LDAP best practices, no, nothing has changed (and Alfresco is unable to influence either of those things - one is controlled by Microsoft, the other by LDAP administrators the world over).

However if you already have CIFS working with LDAP then it means your LDAP server already supports MD4 encrypted passwords (so the above conversation is somewhat moot  :winkSmiley Happy.  I asked around and it turns out there was a bug in this area that was addressed in Enterprise 3.0SP1 - that bug fix should appear in the next Labs release (3.0d).  I don't yet have a reference to the issue in JIRA, but will post it if/when I get it.

Cheers,
Peter
0 Kudos

meansartin14
Champ in-the-making
Champ in-the-making

‎01-13-2009 03:33 PM

I have started a thread that I hope to eventually turn into a AlfrescoWiki page for how to configure Active Directory authentication for both CIFS and the Web Interface in Alfresco Labs 3c.

Please see my thread:
[ERROR]Alfresco Engineers: CIFS auth does not work. Sugg?

Please come join in the discussion, or at least subscribe to the thread. I want to try to get everyone having these types of issues into the thread so that we can get a large collection of experiences and configurations.

We WILL find the answer for how to enable Active Directory authentication with CIFS in Alfresco!!
0 Kudos

rampy_s
Champ in-the-making
Champ in-the-making

‎08-04-2010 10:33 AM

Hi Meansartin,

Did you ever find a solution to your problem?

I am on Win 7 and have run through all combination of userid/password, but am unable to map the damn drive..

Let me know if you got anywhere?

Thanks
Ram
0 Kudos

mrogers
Star Contributor
Star Contributor

‎08-04-2010 12:47 PM

Windows 7 brings its own set of issues with regards to CIFS.

Are you trying to use Windows 7 as a server or as a client or both?
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC