Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

CIFS from windows share won't work

gmccullough
Champ on-the-rise
Champ on-the-rise

‎12-29-2010 03:02 PM

Have been at this for several weeks, even upgraded from 3.4b to 3.4c (clean install, no upgrade).  I have been able to successfully integrate my Alfresco install on a Fedora 14 x64 KVM machine to my Windows 2008 R2 AD (I THINK) with Kerberos for Auth and ldap-ad for sync. (I THINK)

I can log in to explorer as my windows user, gmccullough, have added that account to be an alfresco administrator, and can add content to my new spaces I've created from within explorer.

But, when I try to copy a new file into the Mapped Drive I've mapped to \\alfrescoserver\alfresco\Public (space I created mentioned above)  I get a timeout and no success.  catalina.out (I don't get an alfresco.log file) has the following:

13:52:43,951 User:gmccullough ERROR [org.alfresco.fileserver] org.alfresco.repo.security.permissions.AccessDeniedException: 11290426 Access Denied.  You do not have the appropriate permissions to perform this operation.
org.alfresco.repo.security.permissions.AccessDeniedException: 11290426 Access Denied.  You do not have the appropriate permissions to perform this operation.
        at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:48)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
        at org.alfresco.repo.audit.AuditMethodInterceptor.proceed(AuditMethodInterceptor.java:167)
        at org.alfresco.repo.audit.AuditMethodInterceptor.invoke(AuditMethodInterceptor.java:137)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
        at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:107)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
        at $Proxy45.getStoreFreeSpace(Unknown Source)
        at org.alfresco.filesys.repo.ContentDiskDriver.getDiskInformation(ContentDiskDriver.java:3972)
        at org.alfresco.jlan.smb.server.ProtocolHandler.getDiskInformation(ProtocolHandler.java:157)
        at org.alfresco.jlan.smb.server.NTProtocolHandler.procTrans2QueryFileSys(NTProtocolHandler.java:4036)
        at org.alfresco.jlan.smb.server.NTProtocolHandler.processTransactionBuffer(NTProtocolHandler.java:1779)
        at org.alfresco.jlan.smb.server.NTProtocolHandler.procTransact2(NTProtocolHandler.java:1606)
        at org.alfresco.jlan.smb.server.NTProtocolHandler.runProtocol(NTProtocolHandler.java:232)
        at org.alfresco.jlan.smb.server.SMBSrvSession.runHandler(SMBSrvSession.java:1366)
        at org.alfresco.jlan.smb.server.SMBSrvSession.processPacket(SMBSrvSession.java:1458)
        at org.alfresco.jlan.smb.server.nio.NIOCIFSThreadRequest.runRequest(NIOCIFSThreadRequest.java:105)
        at org.alfresco.jlan.server.thread.ThreadRequestPool$ThreadWorker.run(ThreadRequestPool.java:153)
        at java.lang.Thread.run(Thread.java:619)
Caused by: net.sf.acegisecurity.AccessDeniedException: Access is denied.
        at net.sf.acegisecurity.vote.AffirmativeBased.decide(AffirmativeBased.java:86)
        at net.sf.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:394)
        at net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:77)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
        at org.alfresco.repo.model.ml.MLContentInterceptor.invoke(MLContentInterceptor.java:125)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
        at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:44)
        … 19 more

My guess is that my kerberos is not actually working, but I get no errors for it in the log file…
however, I get this from my alfresco linux machine:
[root@YavinIV extension]# kinit -V -k -t /etc/alfrescocifs.keytab "cifs/yaviniv.my.dom"
Authenticated to Kerberos v5

Any help appreciated, thanks
Labels:
0 Kudos
4 REPLIES 4

gmccullough
Champ on-the-rise
Champ on-the-rise

‎12-30-2010 10:05 AM

I have modified my auth chain:

#authentication.chain=alfrescoNtlm1:alfrescoNtlm,kerberos1:kerberos,ldap-ad1:ldap-ad
authentication.chain=alfrescoNtlm1:alfrescoNtlm,kerberos1:kerberos

and can still login with my AD credentials, so I have to assume that kerb is working.

this is frustrating….
0 Kudos

gmccullough
Champ on-the-rise
Champ on-the-rise

‎01-03-2011 06:00 PM

Sorry to keep posting to my same reply, but can someone help me turn on some logging to see what is going on here?  I can post any of my config files if necessary.  Like i said though, auth works from the web interface, not from windows explorer.  thanks in advance
0 Kudos

gmccullough
Champ on-the-rise
Champ on-the-rise

‎01-04-2011 11:50 AM

https://issues.alfresco.com/jira/browse/ALF-5576 solved the problem

added this to rm-public-services-security-context.xml:

 <bean id="ContentService_security" class="org.alfresco.repo.security.permissions.impl.acegi.MethodSecurityInterceptor">
        <property name="authenticationManager">
            <ref bean="authenticationManager"/>
        </property>
        <property name="accessDecisionManager">
            <ref local="accessDecisionManager"/>
        </property>
        <property name="afterInvocationManager">
            <ref local="afterInvocationManager"/>
        </property>
        <property name="objectDefinitionSource">
            <value>
                <![CDATA[
                org.alfresco.service.cmr.repository.ContentService.getRawReader=ACL_METHOD.ROLE_ADMINISTRATOR,RM_ABSTAIN
                org.alfresco.service.cmr.repository.ContentService.getReader=ACL_NODE.0.sys:base.ReadContent,RM.Read.0
                org.alfresco.service.cmr.repository.ContentService.getWriter=ACL_NODE.0.sys:base.WriteContent,RM.WriteContent.0
                org.alfresco.service.cmr.repository.ContentService.isTransformable=ACL_ALLOW,RM_ALLOW
                org.alfresco.service.cmr.repository.ContentService.getTransformer=ACL_ALLOW,RM_ALLOW
                org.alfresco.service.cmr.repository.ContentService.getImageTransformer=ACL_ALLOW,RM_ALLOW
                org.alfresco.service.cmr.repository.ContentService.transform=ACL_ALLOW,RM_ALLOW
                org.alfresco.service.cmr.repository.ContentService.getTempWriter=ACL_ALLOW,RM_ALLOW
(added these two lines)
                org.alfresco.service.cmr.repository.ContentService.getStoreFreeSpace=ACL_ALLOW
                org.alfresco.service.cmr.repository.ContentService.getStoreTotalSpace=ACL_ALLOW

                org.alfresco.service.cmr.repository.ContentService.*=ACL_DENY,RM_DENY
                ]]>
            </value>
        </property>
    </bean>

CIFS now works as expected, so far.
0 Kudos

miudon
Champ in-the-making
Champ in-the-making

‎02-03-2011 06:32 AM

Thanks gmccullough
Your tip was very useful and now i get CIFS work without problems.

Ubuntu server
VM ESXi
Alfresco 3.4.b
alf_data on Windows 2008
Clients with Windows XP,Vista,7,2003
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC