cancel
Showing results for 
Search instead for 
Did you mean: 

CIFS and NTLM configuration

lgr
Champ in-the-making
Champ in-the-making
Hi,

My Alfresco (under linux debian) is configured for using ntlm. Webclient authentication works well.

The CIFS server is defined and worked well before ntlm configuration (using local alfresco user database) :
<host name="${localname}_A" domain="MYDOMAIN"/>
      <comment>Alfresco CIFS Server</comment>

      <!– Set to the broadcast mask for the subnet –>
      <broadcast>10.0.255.255</broadcast>

Then ntlm passthru is defined for ntlm authentication in CIFS (classic authenticator desactived):
<authenticator type="passthru">
        <Server>10.0.0.1</Server>
      </authenticator>
<!–
      <authenticator type="alfresco">
      </authenticator>
–>

Then the alfresco startup launches some errors, and the CIFS server does not start properly :
14:11:10,757 ERROR [alfresco.smb.protocol] File server configuration error, Wrong authentication setup for passthru authenticator
org.alfresco.error.AlfrescoRuntimeException: Wrong authentication setup for passthru authenticator
        at org.alfresco.filesys.server.config.ServerConfiguration.processSecurityConfig(ServerConfiguration.java:1593)
I've read some posts inthe forum, and the wiki documentation, and nothing helped me out.

Configuring debug in log4j :
log4j.logger.org.alfresco.smb.protocol=debug
log4j.logger.org.alfresco.smb.protocol.auth=debug
(this line below does not output anything, only the two lines above do)
log4j.logger.org.alfresco.passthru.auth=debug

give me some more output before the exception :
14:10:53,135 DEBUG [org.alfresco.smb.protocol.auth] Added passthru server [ad.mydomain.com:10.0.0.1Smiley Surprisedffline:0,0]
14:10:53,135 DEBUG [smb.protocol.auth] Added passthru server [ad.mydomain.com:10.0.0.1Smiley Surprisedffline:0,0]
14:10:53,171 DEBUG [org.alfresco.smb.protocol.auth] New auth session from ged_1 to \\10.0.0.1\IPC$\
14:10:53,199 DEBUG [org.alfresco.smb.protocol.auth] Trying address 10.0.0.1
14:10:53,204 DEBUG [org.alfresco.smb.protocol.auth] Connected to address 10.0.0.1
14:10:53,204 DEBUG [org.alfresco.smb.protocol.auth] Connected session, protocol : TCP/IP NetBIOS
14:10:53,221 DEBUG [org.alfresco.smb.protocol.auth] SessionFactory: Negotiated SMB dialect NT LM 0.12
14:10:53,247 DEBUG [org.alfresco.smb.protocol.auth] Passthru server online, [ad.mydomain.com:10.0.0.1Smiley Surprisednline:0,0]
14:10:53,171 DEBUG [smb.protocol.auth] New auth session from ged_1 to \\10.0.0.1\IPC$\
14:10:53,199 DEBUG [smb.protocol.auth] Trying address 10.0.0.1
14:10:53,204 DEBUG [smb.protocol.auth] Connected to address 10.0.0.1
14:10:53,204 DEBUG [smb.protocol.auth] Connected session, protocol : TCP/IP NetBIOS
14:10:53,221 DEBUG [smb.protocol.auth] SessionFactory: Negotiated SMB dialect NT LM 0.12
14:10:53,247 DEBUG [smb.protocol.auth] Passthru server online, [ad.mydomain.com:10.0.0.1Smiley Surprisednline:0,0]

Another information :
When re-enabling alfresco authenticator in file-servers.xml, startup goes well without errors :
<authenticator type="alfresco">
      </authenticator>

But my user is disallowed to login via passthru :
14:45:11,249 DEBUG [alfresco.smb.protocol] Server session started
14:45:11,254 DEBUG [alfresco.smb.protocol] Negotiated SMB dialect - NT LM 0.12
14:45:11,257 DEBUG [alfresco.smb.protocol] Assigned protocol handler - org.alfresco.filesys.smb.server.NTProtocolHandler
14:45:11,269 DEBUG [smb.protocol.auth] NT Session setup from user=, password=none, ANSIpwd=00, domain=, os=Windows 2002 Service Pack 2 2600, VC=0, maxBuf=61440, maxMpx=4, authCtx=[NTLM,Challenge=4c0c262fa5a71008]
14:45:11,269 DEBUG [smb.protocol.auth]   MID=8, UID=0, PID=65279
14:45:11,270 DEBUG [smb.protocol.auth] Null CIFS logon allowed
14:45:11,271 DEBUG [smb.protocol.auth] User  logged on  (type Null)
14:45:11,285 DEBUG [smb.protocol.auth] NT Session setup from user=lgr, password=5c84eabe5448c24cfb44bfff3f57690d57826d1b34dd9c8c, ANSIpwd=7aaa1b5945540fcfdb498558da0f7eacba95e19ce7a95d54, domain=MYDOMAIN, os=Windows 2002 Service Pack 2 2600, VC=1, maxBuf=61440, maxMpx=4, authCtx=[NTLM,Challenge=4c0c262fa6a71008]
14:45:11,285 DEBUG [smb.protocol.auth]   MID=16, UID=0, PID=65279
14:45:11,311 DEBUG [smb.protocol.auth] Authenticated user lgr sts=Disallow via Passthru
14:45:11,312 DEBUG [smb.protocol.auth] User lgr, access denied

Looking into the source, it looks like doMD4UserAuthentication fails, but i don't understand why.

Does anyone know what's wrong with this configuration ?

Laurent.

Note1 : a fresh rebooted windows station made the same behaviour.
Note2 : a connection on the ftp server works well
43 REPLIES 43

lc
Champ in-the-making
Champ in-the-making
Someone from developpers can help us ?

I'd like to install Alfreco 1.3.0 on a server next week, but if CIFS doesn't work, I'll have to install the 1.2.1 version.

Thanks Smiley Happy.

hfrank
Champ in-the-making
Champ in-the-making
hi, LC
Do you mean you can configure CIFS+NTLM under 1.2.1 but not under 1.3 ?

steve
Champ in-the-making
Champ in-the-making
Hello,

This issue has been fixed for 1.3E

http://www.alfresco.com/jira/browse/AR-691

Steve

lc
Champ in-the-making
Champ in-the-making
Thanks, but I have the final release 1.3.0.

Will the problem be corrected in the community release ?

lc
Champ in-the-making
Champ in-the-making
Thanks, but I have the final release 1.3.0.

Will the problem be corrected in the community release ?

Please ? Smiley Sad

hfrank
Champ in-the-making
Champ in-the-making
It seems the bug fix pace of community Edition  is slower than the Enterprise Edition. So we decided to pay for the Enterprise Network edition.  Smiley Happy

bhavin_t
Champ in-the-making
Champ in-the-making
or is there a patch available in the source tree that can be downloaded?

thanks
bhavin

kevinr
Star Contributor
Star Contributor
We have merged multiple bug fixes from Enterprise to Community with the latest Alfresco release:

http://sourceforge.net/project/showfiles.php?group_id=143373&package_id=157460&release_id=434594

Thanks.

Kevin

davin_c
Champ in-the-making
Champ in-the-making
Hi,

I've been following this post to see if I could resolve the same issue. I'm currently using the latest Alfresco release for Tomcat (alfresco-community-tomcat-1.4.ODF-Build54.tar.gz) and am still having the same issues with CIFS passthru authentication.

Davin

kevinr
Star Contributor
Star Contributor
Appologies, I have been informed that the bug fix was merged into the HEAD codeline after the latest ODF release. I can confirm that the fix is definitely in the SVN HEAD today.

The file you are interesting in is:
org.alfresco.filesys.server.auth.ntlm.AlfrescoAuthenticator

It can be obtained and built from SVN.

Thanks,

Kevin