Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

cant login with samaccountname

ajaychd
Champ in-the-making
Champ in-the-making

‎02-20-2007 12:59 AM

Hi All,

I'm using simple authentication on windows server 2003 Active Directory,
I can login with either user principal name (i.e. someone@someone.com) or full name (i.e. firstname lastname), but i can't login through samaccountname.
And it creates two different users in alf_authority for above case(one with principal name & another with full name).

Do i need to go for MD5 authentication for login through samaccountname?

What may be problem please help!
Labels:
0 Kudos
3 REPLIES 3

andy
Champ on-the-rise
Champ on-the-rise

‎09-12-2007 08:00 AM

Hi

You could use LDAP and MD5 or JAAS and Kerberos.

Andy
0 Kudos

slickshow
Champ in-the-making
Champ in-the-making

‎09-19-2007 10:10 AM

Alfresco server and virtualization server on Solaris 10
AD on Win2003 server

I had issues authenticating against AD with samaccountname as well. I currently have it with simple authentication and login via web client using CN (firstname lastname). This is working and LDAP sync imports users with username as samaccountname. The problem with this is that when the user logs in through the web client, a duplicate user is created (with user name as firstname lastname). When this user is picked in WCM for a WebProject, the sandbox created has a space in it and that blows up previewing and browsing website features. I decided at that point to go the JAAS and Kerberos route so that the users could login via samaccountname and I can avoid the duplicate user entries and sandbox issues.

I was reading the WIKI and trying to enable Kerberos. I am new to this, so any assistance is appreciated. I need to know the following:

1. I know that Kerberos support is available in the AD box, so is the krb5.conf file on the AD Box or should I create one in /etc folder on the Solaris box?

2. What authentication mechanism should I specify in the ldap-authentication-context.xml file (DIGEST-MD5 or simple, or does it even matter)?

Thanks.
0 Kudos

andy
Champ on-the-rise
Champ on-the-rise

‎10-09-2007 06:35 AM

Hi

You need reversible encryption enabled on your AD server  to use LDAP + MD5 against AD. You could do this. Users would have to change their passwords to get the new encryption settings.

To use Kerberos you are not using LDAP for authentication. You are setting up JASS+Kerberos. The machine running alfresco needs the JAAS config for the JVM (hard coded in the JVM or set on the command line - see the JAAS docs) + Kerberos init file - again in a well known place or defined on the command line.

The wiki should have enough to get you through this.

1) You need the Kerberos config file on the solaris box and the JVM needs to find it in the standard place (or you tell it via the command line)

2) You do not use LDAP authentication (the principal and password in the config are then just used for LDAP sync using simepl auth). You use JAAS + Kerberos. The wiki goes through how to set this up. Remove the authentication component and DAO stuff from the LDAP config and rename the JAAS config sample so it is picked up.

Andy
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC