Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

(Another) Kerberos / ActiveDirectory problem

donturner
Champ in-the-making
Champ in-the-making

‎10-14-2008 03:19 PM

Hi all,

It seems like a lot of people are having problems with Kerberos / AD integration, so at least I'm not alone! It's very frustrating as there just aren't any good howtos that I have found, it'd be great if we could get some decent documentation around this. I'll keep a track of all the errors I've been receiving and how I've solved them (if I manage to solve them!).

Problem is as follows:

Alfresco version: 3.0.0 (b 1164) schema 131
Machine running Alfresco: Windows XP SP3 (Name: neptune)
Primary Domain Controller: Windows Server 2003 SP2 (name: server2k3)

I have followed the instructions on: http://wiki.alfresco.com/wiki/Configuring_the_CIFS_and_web_servers_for_Kerberos/AD_integration to the letter (twice in fact). I have also switched on debug logging for smb.protocol by editing C:\Alfresco\tomcat\webapps\alfresco\WEB-INF\classes\log4j.properties and uncommenting the following lines: 


# CIFS server debugging
log4j.logger.org.alfresco.smb.protocol=debug
log4j.logger.org.alfresco.smb.protocol.auth=debug

The server starts with no errors. Upon attempting to connect to the network share \\neptunea\alfresco I am prompted for a username and password. When I enter my normal windows username and password the following errors appear in the tomcat console


INFO: Server startup in 24782 ms
19:44:19,964  DEBUG [smb.protocol.auth] NT Session setup NTLMSSP, MID=8, UID=0,PID=65279
19:44:19,980  DEBUG [smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=983,Authenticator=EncType=3,Kvno=-1,Len=176]
19:44:19,980  DEBUG [smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
19:44:19,980  ERROR [smb.protocol.auth] Kerberos logon error
19:44:19,980  ERROR [smb.protocol.auth] java.lang.NullPointerException
19:44:19,996  DEBUG [smb.protocol.auth] NT Session setup NTLMSSP, MID=16, UID=0, PID=65279
19:44:19,996  DEBUG [smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=1047,Authenticator=EncType=3,Kvno=-1,Len=176]
19:44:19,996  DEBUG [smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
19:44:19,996  ERROR [smb.protocol.auth] Kerberos logon error
19:44:19,996  ERROR [smb.protocol.auth] java.lang.NullPointerException

Hope someone can shed some light on this, it seems amazing that this is so difficult!

Does anyone actually have Kerberos / ActiveDirectory setup and working correctly? If so, would you mind letting me know what version / operating systems / configuration files are required.

Thanks,

Don
Labels:
0 Kudos
1 REPLY 1

subemontes
Champ in-the-making
Champ in-the-making

‎10-15-2008 11:57 AM

Well, I have get to run version 2.9 in W2003 Server after 2 days of fighting few minuts before ur post.

I have seen LOTS of errors, but not the one u reference, sorry.

My advice is that u put debug on kerberos autentification too. It may help u.
Second though: the users u use to get the tokens… are admins in the Alfresco Server ? Some Microsoft KB sais that.

I have get to work to the Web UI so he gets user from windows automaticallly, but fails on cifs server Smiley Sad
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC