Hyland Connect

clynham · ‎09-03-2009

Hi,

I'm trying to setup an authentication chain in Alfreso 3.2.

I successfully managed to get LDAP working using:

authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap ‍

and confiduring the LDAP properties file. I now need to move this a step further by enabling CIFS authentication using Passthru. I've amended the chain to read:

authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap,passthru1:passthru‍

and configured the passthru properties file as follows:

passthru.authentication.useLocalServer=false
passthru.authentication.domain=DOMAINNAME
passthru.authentication.servers=NAMEOFDOMAINCONTROLLER
passthru.authentication.guestAccess=false
passthru.authentication.defaultAdministratorUserNames=administrator,admin
#Timeout value when opening a session to an authentication server, in milliseconds
passthru.authentication.connectTimeout=5000
#Offline server check interval in seconds
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=NetBIOS,TCPIP
passthru.authentication.authenticateCIFS=true
passthru.authentication.authenticateFTP=false‍‍‍‍‍‍‍‍‍‍‍‍

However when calling up the Alfresco login page I get the following error:

net.sf.acegisecurity.AuthenticationServiceException: Failed to open passthru auth session 
at org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.authenticatePassthru(NTLMAuthenticationComponentImpl.java:789) 
at org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.authenticate(NTLMAuthenticationComponentImpl.java:560) 
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) 
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) 
at java.lang.reflect.Method.invoke(Method.java:597) 
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:304) 
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182) 
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149) 
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:106) 
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171) 
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204) 
at $Proxy190.authenticate(Unknown Source) 
at org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter.processType1(BaseNTLMAuthenticationFilter.java:423) 
at org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter.doFilter(BaseNTLMAuthenticationFilter.java:332) 
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) 
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) 
at java.lang.reflect.Method.invoke(Method.java:597) 
at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:109) 
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171) 
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204) 
at $Proxy194.doFilter(Unknown Source) 
at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:88) 
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) 
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) 
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) 
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) 
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) 
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) 
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) 
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) 
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845) 
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) 
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) 
at java.lang.Thread.run(Thread.java:619) ‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Can anyone help?

Many thanks!

dward · ‎09-16-2009

In that case it's much simpler. You just need:

authentication.chain=ldap1:ldap,passthru1

assthru

ntlm.authentication.sso.enabled=false # Chained authentication, so we can't use NTLM
passthru.authentication.domain=# Leave blank
passthru.authentication.servers=YOURDOMAIN\adserver.com,adserver.com
passthru.authentication.authenticateFTP=false # If you want chained FTP authentication

and you can put all the ldap properties in alfresco-global.properties too

If the LDAP server is AD, you should use

authentication.chain=ldap1:ldap-ad,passthru1

assthru

instead.

jc09 · ‎09-16-2009

That's what I thought.

As a result, if I don't make a mistake, when a user will come to connect via the Web interface, it is the LDAP authenticator (based on OVD) that will be used and when that a user will come to connect via the CIFS, it is the authenticator passthru (based on AD) which will be used, isn't it?

dward · ‎09-16-2009

Almost. passthru will also authenticate web users by username and password if it contains any users that the LDAP directories do not contain. That's because it's at the end of the chain.

jc09 · ‎09-16-2009

OK it's marvellous, perfect, thank you very much for the time spent to help me

Hyland Connect

Authentication Chains