Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Enterprise Platforms
- Alfresco
- Alfresco Archive
- Re: CIFS Kerberos issue
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
CIFS Kerberos issue
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-22-2014 02:47 PM
I'm getting the following error in the logs when trying to connect to the cifs server from windows:
2014-04-22 12:55:49,696 ERROR [auth.cifs.EnterpriseCifsAuthenticator] [AlfJLANWorker10] No authentication mechanism for SPNEGO found
Kerberos login from Share interface works fine.
Have the following config:
2014-04-22 12:55:49,696 ERROR [auth.cifs.EnterpriseCifsAuthenticator] [AlfJLANWorker10] No authentication mechanism for SPNEGO found
Kerberos login from Share interface works fine.
Have the following config:
### CIFS Server Configuration ###
cifs.enabled=true
cifs.serverName=${localname}A
cifs.domain=internal.domain.gov
cifs.broadcast=255.255.255.255
# An empty value indicates bind to all available network adapters
cifs.bindto=
cifs.ipv6.enabled=false
cifs.hostannounce=true
# Enable the use of asynchronous sockets/NIO code
cifs.disableNIO=false
# Disable the use of JNI code. Only currently affects Windows
cifs.disableNativeCode=false
# Session timeout, in seconds. Defaults to 15 minutes, to match the default Windows client setting.
# If no I/O is received within that time the session is closed by the server
cifs.sessionTimeout=900
# Maximum virtual circuits per session
# Should only be changed when using Terminal Server clients
cifs.maximumVirtualCircuitsPerSession=16
# Can be mapped to non-privileged ports, then use firewall rules to forward requests from the standard ports
cifs.tcpipSMB.port=445
cifs.netBIOSSMB.sessionPort=139
cifs.netBIOSSMB.namePort=137
cifs.netBIOSSMB.datagramPort=138
# Optional WINS server primary and secondary IP addresses. Ignored if autoDetectEnabled=true
cifs.WINS.autoDetectEnabled=true
cifs.WINS.primary=172.16.100.200
cifs.WINS.secondary=172.16.101.200
# CIFS session debug flags (also enable org.alfresco.fileserver=debug logging level)
# Comma delimeted list of levels :-
# NETBIOS, STATE, RXDATA, TXDATA, DUMPDATA, NEGOTIATE, TREE, SEARCH, INFO, FILE, FILEIO, TRANSACT
# ECHO, ERROR, IPC, LOCK, PKTTYPE, DCERPC, STATECACHE, TIMING, NOTIFY, STREAMS, SOCKET, PKTPOOL
# PKTSTATS, THREADPOOL, BENCHMARK
cifs.sessionDebug=
# Big Switch, are the Desktop Actions and URL shortcuts shown for CIFS ?
cifs.pseudoFiles.enabled=true
# CIFS URL for alfresco explorer
cifs.pseudoFiles.explorerURL.enabled=true
cifs.pseudoFiles.explorerURL.fileName=__Alfresco.url
# Cifs URL for alfresco share
cifs.pseudoFiles.shareURL.enabled=false
cifs.pseudoFiles.shareURL.fileName=__Share.url
ntlm.authentication.sso.enabled=false
ntlm.authentication.authenticateCIFS=false
##alfresco.authentication.allowGuestLogin=true
##alfresco.authentication.authenticateCIFS=true
authentication.chain=alfrescoNtlm1:alfrescoNtlm,kerberos1:kerberos,ldap1:ldap-ad
kerberos.authentication.realm=AD.DOMAIN.GOV
kerberos.authentication.sso.enabled=true
kerberos.authentication.authenticateCIFS=true
kerberos.authentication.user.configEntryName=Alfresco
kerberos.authentication.cifs.configEntryName=AlfrescoCIFS
kerberos.authentication.http.configEntryName=AlfrescoHTTP
kerberos.authentication.cifs.password=changed
kerberos.authentication.http.password=changed
kerberos.authentication.defaultAdministratorUserNames=gmccullough
Labels:
- Labels:
-
Archive
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-23-2014 10:28 AM
Like I said, logging in from Share app with my AD creds works fine. I noticed in the logs that it successfully logs into the HTTP principal twice, don't know if that is normal or not…
Also tried installing samba and joining the machine to the AD, but still have same results.
2014-04-23 09:23:08,055 DEBUG [app.servlet.KerberosAuthenticationFilter] [localhost-startStop-1] Processing the JAAS callback list of 1 items.
2014-04-23 09:23:08,056 DEBUG [app.servlet.KerberosAuthenticationFilter] [localhost-startStop-1] Request for password.
2014-04-23 09:23:08,065 DEBUG [app.servlet.KerberosAuthenticationFilter] [localhost-startStop-1] HTTP Kerberos login successful
2014-04-23 09:23:08,065 DEBUG [app.servlet.KerberosAuthenticationFilter] [localhost-startStop-1] Logged on using principal HTTP/yeti.ad.clintonok.gov@AD.CLINTONOK.GOV
2014-04-23 09:23:08,133 INFO [management.subsystems.ChildApplicationContextFactory] [asynchronouslyRefreshedCacheThreadPool1] Starting 'Search' subsystem, ID: [Search, managed, solr]
2014-04-23 09:23:08,532 INFO [management.subsystems.ChildApplicationContextFactory] [asynchronouslyRefreshedCacheThreadPool1] Startup of 'Search' subsystem, ID: [Search, managed, solr] complete
2014-04-23 09:23:09,091 DEBUG [webdav.auth.KerberosAuthenticationFilter] [localhost-startStop-1] Processing the JAAS callback list of 1 items.
2014-04-23 09:23:09,091 DEBUG [webdav.auth.KerberosAuthenticationFilter] [localhost-startStop-1] Request for password.
2014-04-23 09:23:09,097 DEBUG [webdav.auth.KerberosAuthenticationFilter] [localhost-startStop-1] HTTP Kerberos login successful
2014-04-23 09:23:09,098 DEBUG [webdav.auth.KerberosAuthenticationFilter] [localhost-startStop-1] Logged on using principal HTTP/yeti.ad.clintonok.gov@AD.CLINTONOK.GOV
2014-04-23 09:23:09,114 INFO [management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Startup of 'Authentication' subsystem, ID: [Authentication, managed, kerberos1] complete
Also tried installing samba and joining the machine to the AD, but still have same results.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-08-2014 09:12 AM
I guess I'll just revert back to passthru, which I've been able to make work in the past. Nobody has any clue?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-20-2014 10:24 AM
OK, couldn't give up, finally was able to make it work. Removed samba from the machine, just to be sure. Had to adjust the krb5.conf to add rc4-hmac enctypes, and lastly, removed the "A" from the cifs name property. I guess that's there for windows installs, by default, but is working for me on a linux install without the A.
I probably just had a typo somewhere.
If this might help someone, I'll gladly post the relevant configs.
I probably just had a typo somewhere.
If this might help someone, I'll gladly post the relevant configs.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-23-2015 08:11 AM
I have followed the documentation to set up kerberos for AD authentication .There are no errors found in the log file during startup of alfresco services.The web application is working fine.However when i access from windows 7 machine connected to AD(Microsoft 2008 R2 server)the CIFS shared folders i get an error as shown in the image.I have implemented Alfresco on Ubuntu server.
Any suggestions on this issue,and also please post your config files.
Thank You,
Sudheer
Any suggestions on this issue,and also please post your config files.
Thank You,
Sudheer
Related Content
- AOS + Kerberos SSO: Login popup appears in Alfresco Forum
- ACS 7.3 + Kerberos. SSO Authentication for Share stops working every night in Alfresco Forum
- Setup ACS-7.x, ASS-2.x, Local Transformation Service using distribution package step by step Part 2 in Alfresco Blog
- ACS and Kerberos SSO to Alfresco Share - Do I need CIFS? in Alfresco Forum
- Kerberos SSO configuration in Alfresco Forum
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
