Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

CIFS Issues

durrell
Champ in-the-making
Champ in-the-making

‎07-30-2009 11:37 AM

This is my last remaining issue with my Alfresco implementation.

I can't map drives to Alfresco, nor can I authenticate by just trying to connect to \\alfresco.

Error log is telling me this:

11:32:23,721 DEBUG [org.alfresco.smb.protocol.auth] Passthru sessId=7, auth ctx=[NTLM,Challenge=299c1e9102a9485e]
11:32:23,725 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction
11:32:23,727 ERROR [org.alfresco.smb.protocol.auth] org.alfresco.jlan.smb.SMBException: Invalid parameter
11:32:23,734 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction
11:32:23,735 ERROR [org.alfresco.smb.protocol.auth] org.alfresco.jlan.smb.SMBException: Invalid parameter

I'm also having an issue from within the Alfresco site. It seems to want to append an "a" to the Alfresco hostname within all of the download links. That can't work, since obviously our Alfresco hostname is simple "alfresco".

Any ideas? I can get more log information if necessary. I'm running on an Ubuntu server and running Alfresco as root (for now, since I haven't changed the CIFS ports to non-privileged ports).
Labels:
0 Kudos
23 REPLIES 23

durrell
Champ in-the-making
Champ in-the-making

‎08-01-2009 01:56 AM

I'm assuming you mean ldap-authentication.properties.



# This properties file brings together the common options for LDAP authentication rather than editing the bean definitions
#

# How to map the user id entered by the user to taht passed through to LDAP^M
# - simple
#    - this must be a DN and would be something like
#      CN=%s,DC=company,DC=com
# - digest
#    - usually pass through what is entered
#      %s
ldap.authentication.userNameFormat=%s@domain.com

# The LDAP context factory to use
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory

# The URL to connect to the LDAP server
ldap.authentication.java.naming.provider.url=ldap://[server name]:389

# The authentication mechanism to use
#ldap.authentication.java.naming.security.authentication=DIGEST-MD5
ldap.authentication.java.naming.security.authentication=simple

# The default principal to use (only used for LDAP sync)
ldap.authentication.java.naming.security.principal=[username]

# The password for the default principal (only used for LDAP sync)
ldap.authentication.java.naming.security.credentials=[password]

# Escape commas entered by the user at bind time
# Useful when using simple authentication and the CN is part of the DN and contains commas
ldap.authentication.escapeCommasInBind=false

# Escape commas entered by the user when setting the authenticated user
# Useful when using simple authentication and the CN is part of the DN and contains commas, and the escaped \, is
# pulled in as part of an LDAP sync
# If this option is set to true it will break the default home folder provider as space names can not contain \
ldap.authentication.escapeCommasInUid=false
~
0 Kudos

ofrxnz
Champ in-the-making
Champ in-the-making

‎08-01-2009 08:52 AM

LDAP alone wont enable CIFS to work, you will need to configure NTLM using the ntlm-authentication-context.xml.samples file. 

take a look at this.
http://wiki.alfresco.com/wiki/Configuring_NTLM#NTLM_Passthru_Authentication

This page should work for any alfresco version prior to 3.2

you only need to the the "NTLM passthru authentication" section and below. 

Assuming you are running Active Directory 2k3 for authentication you dont need to use the "domain" configuration but just the server configuration and if you have two domain controllers 10.0.0.1 and 10.0.0.2 for the domain company.com

servers=COMPANY\10.0.0.1,COMPANY\10.0.0.2,10.0.0.1

on monday, i can get a copy of the working config i have used. 

NTLM will use ports TCP:445, TCP139, UDP138, UDP137 (if i remember correctly)
0 Kudos

durrell
Champ in-the-making
Champ in-the-making

‎08-01-2009 12:11 PM

Man, this is great. Thanks a ton for the guidance.

I'm actually using Windows Server 2008 with Active Directory. Does that make a difference?
0 Kudos

ofrxnz
Champ in-the-making
Champ in-the-making

‎08-01-2009 12:41 PM

If memory serves me, NTLM is being fazed out in 2008 so it is not enabled by default.  Though can be enabled. 

You may want to take a look at kerberos.  it seems to be replacing NTLM and uses ports tcp:88 and udp88 (i think)

I have set this up once….IT went a lot easier than it looked….The only querk was the application on AD that generates teh key literally crashed every time i ran it.  But, the key was still good. 

http://wiki.alfresco.com/wiki/Configuring_the_CIFS_and_web_servers_for_Kerberos/AD_integration
0 Kudos

ofrxnz
Champ in-the-making
Champ in-the-making

‎08-01-2009 12:43 PM

I forgot to mention you can combine NTLM+LDAP or Kerberos+LDAP. 

alfresco will use NTLM or Kerberos for authentication and LDAP to synchronize user accounts
0 Kudos

durrell
Champ in-the-making
Champ in-the-making

‎08-01-2009 12:51 PM

LDAP sync is working perfectly, as is authentication.

As long as I have a way for users to authenticate via Active Directory, I don't care how it happens.  Smiley Very Happy

Using the ntlm-authentication-context.xml file, I got this in the logs:



12:54:20,235 DEBUG [org.alfresco.smb.protocol.auth] Mapped client /10.0.7.201 to domain null
12:54:20,341 DEBUG [org.alfresco.smb.protocol.auth] Passthru sessId=4, auth ctx=[NTLM,Challenge=235f636b3e9c3ea9]
12:54:20,398 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction
12:54:20,401 ERROR [org.alfresco.smb.protocol.auth] org.alfresco.jlan.smb.SMBException: Invalid parameter
12:54:20,491 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction
12:54:20,491 ERROR [org.alfresco.smb.protocol.auth] org.alfresco.jlan.smb.SMBException: Invalid parameter
12:54:20,534 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction
12:54:20,535 ERROR [org.alfresco.smb.protocol.auth] org.alfresco.jlan.smb.SMBException: Invalid parameter
12:54:20,578 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction
12:54:20,579 ERROR [org.alfresco.smb.protocol.auth] org.alfresco.jlan.smb.SMBException: Invalid parameter
12:54:29,865 DEBUG [org.alfresco.smb.protocol.auth] Mapped client /10.0.7.201 to domain null
12:54:29,869 DEBUG [org.alfresco.smb.protocol.auth] Passthru sessId=5, auth ctx=[NTLM,Challenge=474b6022dbeb0c50]
12:54:44,913 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction
12:54:44,916 ERROR [org.alfresco.smb.protocol.auth] org.alfresco.jlan.smb.SMBException: Invalid parameter

Any ideas?
0 Kudos

ofrxnz
Champ in-the-making
Champ in-the-making

‎08-01-2009 12:59 PM

Mapped client /10.0.7.201 to domain null

looks like you need to manually map NTLM domains in alfresco….

basicaly they are rules that say, if the client doesn't specify their domain, assume this is their domain based on their ipaddress

you can enter multiple domain/subnets by simply repeating the Domain Name line for each one

<DomainMappings>
  <Domain name="ALFRESCO" subnet="192.168.1.0" mask="192.168.1.255"/>
</DomainMappings>
0 Kudos

durrell
Champ in-the-making
Champ in-the-making

‎08-02-2009 01:38 AM

Where does that need to be mapped? The same file?
0 Kudos

ofrxnz
Champ in-the-making
Champ in-the-making

‎08-02-2009 07:02 AM

yeah, I think it is nested in the same parent sections as the "server" "local", etc….Ill have to wait till tomorrow til i can get a config and double check
0 Kudos

durrell
Champ in-the-making
Champ in-the-making

‎08-02-2009 11:10 AM

I believe that is the only section in that file that houses any config, so I'll try that and if it doesn't work then tomorrow I'll get a working config from you to base mine off of.  :mrgreen:
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC