Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

CIFS & Kerberos Configuration

lux209
Champ in-the-making
Champ in-the-making

‎06-01-2012 03:51 AM

Hi,

I'm have trouble to configure Kerberos for CIFS with my alfresco 4. The Active Directory authentication is working for all http connection, but I'm using ldap-ad instead of kerberos. CIFS is also working but only with Alfresco accounts not with AD.

I followed this guide to setup kerberos: http://docs.alfresco.com/4.0/index.jsp?topic=%2Fcom.alfresco.enterprise.doc%2Ftasks%2Fauth-kerberos-...

Kerberos seems ok for the system as I can use the "kinit <MyUserName>" command to create a ticket.

Then I modified the alfresco-global.properties to add the following:

### CIFS ###
cifs.enabled=true
cifs.domain=MYADDOMAIN.LOCAL
cifs.serverName=srvfcch-cms01
cifs.hostannounce=true


### Kerberos ###
kerberos.authentication.authenticateCIFS=true
kerberos.authentication.realm=MYADDOMAIN.LOCAL
kerberos.authentication.user.configEntryName=Alfresco
kerberos.authentication.cifs.configEntryName=AlfrescoCIFS
kerberos.authentication.http.configEntryName=AlfrescoHTTP
kerberos.authentication.cifs.password=Secret
kerberos.authentication.http.password=Secret
kerberos.authentication.defaultAdministratorUserNames=administrator

I did not changed the autehtication chain to add kerberos, but as I understood the chain is only for the web auth right ?

When I tried to reach the CIFS server from my WinXP I can see the following in the catalina.out:
 2012-06-01 09:24:19,705  ERROR [smb.protocol.auth] [AlfJLANWorker10] Kerberos logon error
 2012-06-01 09:24:19,706  ERROR [smb.protocol.auth] [AlfJLANWorker10] java.lang.NullPointerException
 2012-06-01 09:24:19,712  ERROR [smb.protocol.auth] [AlfJLANWorker11] Kerberos logon error
 2012-06-01 09:24:19,727  ERROR [smb.protocol.auth] [AlfJLANWorker11] java.lang.NullPointerException
 2012-06-01 09:24:29,486  ERROR [smb.protocol.auth] [AlfJLANWorker14] Kerberos logon error

I have to say that I'm a bit lost, and I don't where to start to debug the problem. Most of the doc I found on the net are for older version od Alfresco, and the config seems to be quite different..

Any help is warmly welcome !
Lucas
Labels:
0 Kudos
5 REPLIES 5

mrogers
Star Contributor
Star Contributor

‎06-01-2012 04:27 AM

A Null pointer exception is always a bug that needs to be raised in JIRA with as much information as possible.
If you can get a stack trace it will help very much.
0 Kudos

lux209
Champ in-the-making
Champ in-the-making

‎06-01-2012 04:40 AM

Thanks, but my config is standard and I've installed Alfresco with the all in one package. So I don't understand why it is not woking, does it work for other people ? Or is it a bug ?

I will raised it with Jira, how can I get a stack trace ?
0 Kudos

lux209
Champ in-the-making
Champ in-the-making

‎06-01-2012 07:47 AM

Ok it is working now !

I changed the authentication chain, removed my ldap-ad and added kerberos and now it is working quite well ! I don't know why I thought the auth chain was only for the web access.
0 Kudos

pac22
Champ in-the-making
Champ in-the-making

‎07-02-2012 02:16 PM

Hi lux209, you can post how are now you chain string in alfresco-global.properties, and if you have no problem you could stick your whole alfresco.global.properties to learn.
We are making our first pilot tested with Alfresco and I see that you have yours working very well, if you can do would be helpful to us and we can take some SETTINGS reference.

Thanks, Cristian.
UTN Facultad Regional Delta
Campana, Buenos Aires
Argentina.
0 Kudos

lux209
Champ in-the-making
Champ in-the-making

‎07-03-2012 04:40 AM

Hi here is my auth chain:

authentication.chain=kerberos1:kerberos,alfrescoNtlm1:alfrescoNtlm

I also had to change the /etc/krb5.conf file, the information I found in this setup guide (http://docs.alfresco.com/4.0/index.jsp?topic=%2Fcom.alfresco.enterprise.doc%2Ftasks%2Fauth-kerberos-...) was not complete. Here is my krb5.conf file:

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = MYDOMAIN.LOCAL
 default_tkt_enctypes = rc4-hmac
 default_tgs_enctypes = rc4-hmac

[realms]
 FISCHERCONNECTORS.LOC = {
  kdc = myDC.mydomain.local
  kpasswd_server = myDC.mydomain.local
  admin_server = myDC.mydomain.local
 }

[domain_realm]
 myDC.mydomain.local = MYDOMAIN.LOCAL
 .myDC.mydomain.local = MYDOMAIN.LOCAL

Hope it helped.
Lucas
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2026 Khoros, LLC