Hyland Connect

lgr · ‎06-07-2006

Hi,

My Alfresco (under linux debian) is configured for using ntlm. Webclient authentication works well.

The CIFS server is defined and worked well before ntlm configuration (using local alfresco user database) :

<host name="${localname}_A" domain="MYDOMAIN"/>
      <comment>Alfresco CIFS Server</comment>

      <!– Set to the broadcast mask for the subnet –>
      <broadcast>10.0.255.255</broadcast>

Then ntlm passthru is defined for ntlm authentication in CIFS (classic authenticator desactived):

<authenticator type="passthru">
        <Server>10.0.0.1</Server>
      </authenticator>
<!–
      <authenticator type="alfresco">
      </authenticator>
–>

Then the alfresco startup launches some errors, and the CIFS server does not start properly :

14:11:10,757 ERROR [alfresco.smb.protocol] File server configuration error, Wrong authentication setup for passthru authenticator
org.alfresco.error.AlfrescoRuntimeException: Wrong authentication setup for passthru authenticator
at org.alfresco.filesys.server.config.ServerConfiguration.processSecurityConfig(ServerConfiguration.java:1593)

I've read some posts inthe forum, and the wiki documentation, and nothing helped me out.

Configuring debug in log4j :

log4j.logger.org.alfresco.smb.protocol=debug
log4j.logger.org.alfresco.smb.protocol.auth=debug
(this line below does not output anything, only the two lines above do)
log4j.logger.org.alfresco.passthru.auth=debug

give me some more output before the exception :

14:10:53,135 DEBUG [org.alfresco.smb.protocol.auth] Added passthru server [ad.mydomain.com:10.0.0.1ffline:0,0]
14:10:53,135 DEBUG [smb.protocol.auth] Added passthru server [ad.mydomain.com:10.0.0.1ffline:0,0]
14:10:53,171 DEBUG [org.alfresco.smb.protocol.auth] New auth session from ged_1 to \\10.0.0.1\IPC$\
14:10:53,199 DEBUG [org.alfresco.smb.protocol.auth] Trying address 10.0.0.1
14:10:53,204 DEBUG [org.alfresco.smb.protocol.auth] Connected to address 10.0.0.1
14:10:53,204 DEBUG [org.alfresco.smb.protocol.auth] Connected session, protocol : TCP/IP NetBIOS
14:10:53,221 DEBUG [org.alfresco.smb.protocol.auth] SessionFactory: Negotiated SMB dialect NT LM 0.12
14:10:53,247 DEBUG [org.alfresco.smb.protocol.auth] Passthru server online, [ad.mydomain.com:10.0.0.1nline:0,0]
14:10:53,171 DEBUG [smb.protocol.auth] New auth session from ged_1 to \\10.0.0.1\IPC$\
14:10:53,199 DEBUG [smb.protocol.auth] Trying address 10.0.0.1
14:10:53,204 DEBUG [smb.protocol.auth] Connected to address 10.0.0.1
14:10:53,204 DEBUG [smb.protocol.auth] Connected session, protocol : TCP/IP NetBIOS
14:10:53,221 DEBUG [smb.protocol.auth] SessionFactory: Negotiated SMB dialect NT LM 0.12
14:10:53,247 DEBUG [smb.protocol.auth] Passthru server online, [ad.mydomain.com:10.0.0.1nline:0,0]

Another information :
When re-enabling alfresco authenticator in file-servers.xml, startup goes well without errors :

<authenticator type="alfresco">
</authenticator>

But my user is disallowed to login via passthru :

14:45:11,249 DEBUG [alfresco.smb.protocol] Server session started
14:45:11,254 DEBUG [alfresco.smb.protocol] Negotiated SMB dialect - NT LM 0.12
14:45:11,257 DEBUG [alfresco.smb.protocol] Assigned protocol handler - org.alfresco.filesys.smb.server.NTProtocolHandler
14:45:11,269 DEBUG [smb.protocol.auth] NT Session setup from user=, password=none, ANSIpwd=00, domain=, os=Windows 2002 Service Pack 2 2600, VC=0, maxBuf=61440, maxMpx=4, authCtx=[NTLM,Challenge=4c0c262fa5a71008]
14:45:11,269 DEBUG [smb.protocol.auth] MID=8, UID=0, PID=65279
14:45:11,270 DEBUG [smb.protocol.auth] Null CIFS logon allowed
14:45:11,271 DEBUG [smb.protocol.auth] User logged on (type Null)
14:45:11,285 DEBUG [smb.protocol.auth] NT Session setup from user=lgr, password=5c84eabe5448c24cfb44bfff3f57690d57826d1b34dd9c8c, ANSIpwd=7aaa1b5945540fcfdb498558da0f7eacba95e19ce7a95d54, domain=MYDOMAIN, os=Windows 2002 Service Pack 2 2600, VC=1, maxBuf=61440, maxMpx=4, authCtx=[NTLM,Challenge=4c0c262fa6a71008]
14:45:11,285 DEBUG [smb.protocol.auth] MID=16, UID=0, PID=65279
14:45:11,311 DEBUG [smb.protocol.auth] Authenticated user lgr sts=Disallow via Passthru
14:45:11,312 DEBUG [smb.protocol.auth] User lgr, access denied

Looking into the source, it looks like doMD4UserAuthentication fails, but i don't understand why.

Does anyone know what's wrong with this configuration ?

Laurent.

Note1 : a fresh rebooted windows station made the same behaviour.
Note2 : a connection on the ftp server works well

dschmalz · ‎06-14-2006

Same configuration, different OS (Windows 2003 Server) but same error here. Tried with the various parameters but it doesn't work. Did you get any chance to solve this issue?

David

hfrank · ‎06-15-2006

Did anyone succeed to resolve this problem?

idahodeq · ‎06-26-2006

Has anyone figured this out yet? I'm having a heck of a time with NTLM + CIFS

steve · ‎06-27-2006

Hello,

There was an issue with NTLM and CIFS that crept in during the 1.3 timeframe.
This has been resolved for the 1.3 final.

Steve

hfrank · ‎06-28-2006

Hi, Steve,

Could you tell us when 1.3 final will be released?
Is it possible for us to correct it now?

Thanks for you reply.

Best Regards
Frank

lc · ‎06-28-2006

Hello,

For hFrank : the final version was released this morning !

But I already have the problem with CIFS and NTLM in the final version

.


15:22:47,750 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup from user=XXXXXX, password=d19c5ed3a1d421fc1aa8071cdde94e6a36ae6222a4c02389, ANSIpwd=08ab54cff8771fcd7f3ec1cf2fcc74575e55e2f14a159f21, domain=XXXX, os=Windows 2002 Service Pack 2 2600, VC=0, maxBuf=61440, maxMpx=4, authCtx=[NTLM,Challenge=c89999b8659088c2]
15:22:47,750 DEBUG [org.alfresco.smb.protocol.auth]   MID=16, UID=0, PID=65279
15:22:47,750 DEBUG [org.alfresco.smb.protocol.auth] Authenticated user XXXXXX sts=Disallow via Passthru
15:22:47,750 DEBUG [org.alfresco.smb.protocol.auth] User XXXXXX, access denied‍‍‍‍‍

What to do ?
Thanks

.

hfrank · ‎06-29-2006

Hi,
I tested the final version also. Unfortunately it does not work as you tried.
In order to make sure <authenticator> in the file-servers.xml corrrect , I changed the <authenticator> from <authenticator type="alfresco"> to :


 <authenticator type="paththru"><Server>Domain controller ip</Server></authenticator>
‍‍‍

But when restarting alfresco, the following error occurred:


12:52:48,319 ERROR [org.alfresco.smb.protocol] File server configuration error, Wrong authentication setup for passthru authenticator
org.alfresco.error.AlfrescoRuntimeException: Wrong authentication setup for passthru authenticator
   at org.alfresco.filesys.server.config.ServerConfiguration.processSecurityConfig(ServerConfiguration.java:1594)
   at org.alfresco.filesys.server.config.ServerConfiguration.init(ServerConfiguration.java:489)
   at org.alfresco.filesys.server.config.ServerConfiguration.onApplicationEvent(ServerConfiguration.java:420)
‍‍‍‍‍‍‍

Any ideas?

Thanks
Frank

lc · ‎06-29-2006

It's "passthru" not "paththru"

.

Edit : Even with "passthru" I can't open the folder…

"Access denied", "sts disallow via passthru"

.

Nobody has a solution ?

hfrank · ‎06-29-2006

Sure, it is passthru.
And also, i added the following lines:


<accessControl default="None">
  <protocol type="CIFS" access="Write"/>
  <user name="me" access="Write"/>
</accessControl>
‍‍‍‍‍‍

The world keeps unchanged.

Hyland Connect

CIFS and NTLM configuration