Hi folks,
may i join the club?
Im currently stuck with -perhaps- the same kind of problem: OpenLDAP (as part of Zimbra); Samba PDC, authenticating against LDAP (works fine); Alfreso authenticating against LDAP (worked for 3.0, now i am migrating to 3.2); and finally Alfresco CIFS (only works with Alfresco internal authentication so far).
Now i am quite confused what would be the best method to make ALfresco CIFS working? Anyone has done this successfully? Would Kerberos be helpful?
And, BTW: why cant Alfresco CIFS authenticate against my LDAP? Obviously Samba can do this, and i am not aware that the Samba folks have supernatural powers
Cheers
Gyro
may i join the club?
Im currently stuck with -perhaps- the same kind of problem: OpenLDAP (as part of Zimbra); Samba PDC, authenticating against LDAP (works fine); Alfreso authenticating against LDAP (worked for 3.0, now i am migrating to 3.2); and finally Alfresco CIFS (only works with Alfresco internal authentication so far).
Now i am quite confused what would be the best method to make ALfresco CIFS working? Anyone has done this successfully? Would Kerberos be helpful?
And, BTW: why cant Alfresco CIFS authenticate against my LDAP? Obviously Samba can do this, and i am not aware that the Samba folks have supernatural powers
Cheers
Gyro
Thanks for the responses. Here's my setup….
I'm using FreeIPA for openldap authentication. It doesn't kerberos too, but i'm not playing with that just yet. On my alfresco box, I have samba running on it and authenticating against the freeipa openldap server. In the smb.conf, I have passdb backend = ldapsam:ldap//freeipa.foo.org/.
I followed the instructions in a couple of places. Here is what I did to get it to work.
Running Alfresco-Community-3.2r2-Linux-x86.
# vi /opt/Alfresco/tomcat/shared/classes/alfresco-global.properties
– add the following –
authentication.chain=passthru1
assthru,ldap1:ldap
cifs.domain=<set to workgroup name in smb.conf>
# Configure NTLM passthru to SAMBA Server
ntlm.authentication.sso.enabled=false
ntlm.authentication.authenticateCIFS=false
passthru.authentication.sso.enabled=false
passthru.authentication.allowGuestLogin=true
passthru.authentication.servers=<ip address of samba server>
passthru.authentication.domain=<workgroup name in smb.conf>
passthru.authentication.useLocalServer=false
passthru.authentication.defaultAdministratorUserNames=adminusers
passthru.authentication.connectTimeout=5000
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=TCPIP,NETBIOS
passthru.authentication.authenticateCIFS=true
passthru.authentication.authenticateFTP=true
ldap.authentication.java.naming.provider.url=ldap://<freeipa.something.org>:389 (must mod to your own ldap)
ldap.synchronization.java.naming.security.principal=alfresco@<domain name> (must mod to your own ldap)
ldap.synchronization.java.naming.security.credentials=<ldap password> (must mod to your own ldap)
ldap.synchronization.groupSearchBase=cn=Groups,cn=accounts,dc=<domain> (must mod to your own ldap)
ldap.synchronization.userSearchBase=cn=Users,cn=accounts,dc=<domain> (must mod to your own ldap)
—-cut—-
# cd /opt/Alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/
# cp -R ldap ldap1
# vi ldap1/ldap-authentication.properties
change the information around in here for your ldap server. I had to make a number of changes, all variations to the groupsearchbase and usersearchbase above.
Now what happens is that it uses samba/windows domain authentication. It uses the local samba server as a proxy to the ldap server. It seems to work alright, but I have a feeling like I don't have samba setup correctly on my end. This is not an alfresco problem and just something I'm doing goofy.
I hope this can help some of you out!
I'm using FreeIPA for openldap authentication. It doesn't kerberos too, but i'm not playing with that just yet. On my alfresco box, I have samba running on it and authenticating against the freeipa openldap server. In the smb.conf, I have passdb backend = ldapsam:ldap//freeipa.foo.org/.
I followed the instructions in a couple of places. Here is what I did to get it to work.
Running Alfresco-Community-3.2r2-Linux-x86.
# vi /opt/Alfresco/tomcat/shared/classes/alfresco-global.properties
– add the following –
authentication.chain=passthru1
assthru,ldap1:ldapcifs.domain=<set to workgroup name in smb.conf>
# Configure NTLM passthru to SAMBA Server
ntlm.authentication.sso.enabled=false
ntlm.authentication.authenticateCIFS=false
passthru.authentication.sso.enabled=false
passthru.authentication.allowGuestLogin=true
passthru.authentication.servers=<ip address of samba server>
passthru.authentication.domain=<workgroup name in smb.conf>
passthru.authentication.useLocalServer=false
passthru.authentication.defaultAdministratorUserNames=adminusers
passthru.authentication.connectTimeout=5000
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=TCPIP,NETBIOS
passthru.authentication.authenticateCIFS=true
passthru.authentication.authenticateFTP=true
ldap.authentication.java.naming.provider.url=ldap://<freeipa.something.org>:389 (must mod to your own ldap)
ldap.synchronization.java.naming.security.principal=alfresco@<domain name> (must mod to your own ldap)
ldap.synchronization.java.naming.security.credentials=<ldap password> (must mod to your own ldap)
ldap.synchronization.groupSearchBase=cn=Groups,cn=accounts,dc=<domain> (must mod to your own ldap)
ldap.synchronization.userSearchBase=cn=Users,cn=accounts,dc=<domain> (must mod to your own ldap)
—-cut—-
# cd /opt/Alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/
# cp -R ldap ldap1
# vi ldap1/ldap-authentication.properties
change the information around in here for your ldap server. I had to make a number of changes, all variations to the groupsearchbase and usersearchbase above.
Now what happens is that it uses samba/windows domain authentication. It uses the local samba server as a proxy to the ldap server. It seems to work alright, but I have a feeling like I don't have samba setup correctly on my end. This is not an alfresco problem and just something I'm doing goofy.
I hope this can help some of you out!
