Hyland Community
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

CAS and CIFS/FTP

alarocca
Champ in-the-making
Champ in-the-making

‎02-05-2007 11:40 AM

Hi,

I have Alfresco authenticating smoothly against CAS (and this on behalf of LDAP). By means of a synchronization tool, for each LDAP user an account is created into Alfresco. With CAS up, passwords stored within alfresco are useless. CAS rules, and users authenticate successfully even if they change their LDAP password. This because password synchronization is not required. 

Unfortunately, this works just for the web interface. CIFS and FTP still check the user credentials against the internal accounts requiring the stored password.

Any suggestion?
Labels:
0 Kudos
5 REPLIES 5

andy
Champ on-the-rise
Champ on-the-rise

‎02-06-2007 03:52 AM

Hi

CIFS can authenticate against:

1) kerberos + ActiveDirectory
2) an authentication component that knows the MD4 password hash
3) the NTLM authentication component


FTP should work if you have a suitable authentication component impl.

What is your LDAP server?

CIFS and FTP are just using the default authentication component implementation, this can be changed or configured. You could authenticate against LDAP - but this will not give you CIFS.

Regards

Andy
0 Kudos

alarocca
Champ in-the-making
Champ in-the-making

‎02-07-2007 06:54 AM

Thanks Andy.

My LDAP server is Active Directory. I will search more about CIFS authentication against kerberos + AD, as you suggested.

According your reply even FTP authentication seems to be accomplished. Could you point me to what class should be implemented and where would be configured.

Regards, Alessandro
0 Kudos

andy
Champ on-the-rise
Champ on-the-rise

‎02-07-2007 09:43 AM

Hi

I am not sure why you need to use CAS at all here??
Is it portal SSO or IE SSO you want?


You could use configurations that go against active directory/LDAP.
See the wiki for NTLM/CIFS, LDAP and JAAS/Kerberos.

We can use acegi authentication via Spring config but the acegi version we use (0.8.2) may be too old for LDAP.

Regards

Andy
0 Kudos

alarocca
Champ in-the-making
Champ in-the-making

‎02-07-2007 10:33 AM

Hi Andy,

CAS is mainly for web SSO. One great benefit is that each web application requiring user authentication can count on it. And only CAS knows the authentication resource (LDAP, database, multiple sources, …) used. This allows me even to change it without any impact on the web apps.


For CIFS and FTP, I don't need SSO but just to use the same authentication resource (LDAP) pointed by CAS. So I have configured LDAP for the authenticationComponentImpl bean.

FTP works!

CIFS prints the following error: CIFS server configuration error, Wrong authentication setup for alfresco authenticator.

Alessandro
0 Kudos

andy
Champ on-the-rise
Champ on-the-rise

‎02-13-2007 04:54 AM

Hi

You are nearly done  - you just need to configure CIFS to go direct to your AD server.

See
http://wiki.alfresco.com/wiki/Configuring_the_CIFS_server_for_Kerberos/Active_Directory_integration
http://wiki.alfresco.com/wiki/CIFS_Server_Authentication
http://wiki.alfresco.com/wiki/Configuring_NTLM

If you do not want to set up CIFS and Kerberos you will have to configure in NTLM authentication instead of the LDAP authentication.

Regards

Andy
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC
Top