Hyland Connect

claudio_martins · ‎01-17-2010

Hello there,

I've been during all last week trying to get Alfresco Community 3.2 to work with Kerberos based authentication for our company across all OS clients available, and as many other people here at the forums and at Alfresco's Jira, I wasn't successful from Windows 2003 Server and all other versions that came after that, like Vista and Windows 7.

Last Friday, I found a Jira ticket for the Enterprise 3.1 release, and it looks like the issue that we're having has been corrected and moved forward to the Enterprise 3.2 released last week. The Jira ticket is this one: https://issues.alfresco.com/jira/browse/ETHREEOH-3225

I have checked out the 3.3 version from HEAD, and the same problem happens. When I found that ticket dating back from last November, I thought that this code would be already committed. I'm not entirely sure about Alfresco's release procedures of code applied at Enterprise editions and propagation to public SVN, but I think it was about time that this correction would be made available.

Here are the setups:

AD Server: Windows 2008 + AD - RC4_HMAC

Alfresco Server 1
Community Edition 3.2 - Debian 5 - JDK 6_17 x64
Auth Subsystem: Kerberos 5
Client Windows XP: Works
Client Windows Vista/SP1/Windows 7: Doesn't work

Alfresco Server 2
Community Edition 3.2r2 - Debian 5 - JDK 6_17 x64
Auth Subsystem: Kerberos 5
Client Windows XP: Works
Client Windows Vista/SP1/Windows 7: Doesn't work

Alfresco Server 3
Community Edition 3.3 from HEAD - Debian 5 - JDK 6_17 x64
Auth Subsystem: Kerberos 5
Client Windows XP: Works
Client Windows Vista/SP1/Windows 7: Doesn't work

Alfresco Server 4
Enterprise Edition 3.2 - Debian 5 - JDK 6_17 x64
Auth Subsystem: Kerberos 5
Client Windows XP: Works
Client Windows Vista/SP1/Windows 7: Works!!!!

Any ideas on when such code would be made available to Community Edition users?

mikeh · ‎01-17-2010

There's been a longer than usual delay for code being merged from v3.2 Enterprise to HEAD because of the large changes on HEAD surrounding the Spring SURF migration.

Merging from V3.2 to HEAD has now started, so I would expect this issue to be fixed in the next few days/weeks - certainly by v3.3 final.

Thanks,
Mike

claudio_martins · ‎01-18-2010

Hi Mike, thanks a lot for your reply.

Is there any chance we can know exactly which changes to the code were made to make it work? Or was it too many things to list here?

Do you have any idea on when 3.3 Community will be released?

Cheers, CM.

mikeh · ‎01-18-2010

Here's the svn diff for the ticket:

Index: projects/repository/source/java/org/alfresco/filesys/auth/cifs/EnterpriseCifsAuthenticator.java
===================================================================
— projects/repository/source/java/org/alfresco/filesys/auth/cifs/EnterpriseCifsAuthenticator.java   (revision 17358)
+++ projects/repository/source/java/org/alfresco/filesys/auth/cifs/EnterpriseCifsAuthenticator.java   (revision 17359)
@@ -754,7 +754,7 @@
         
         boolean loggedOn = false;
         
-        if ( useRawNTLMSSP() || isNTLMSSP == true || sess.hasSetupObject( client.getProcessId()) || setupObj != null)
+        if ( respBlob != null || sess.hasSetupObject( client.getProcessId()) || setupObj != null)
         {
             //  NTLMSSP has two stages, if there is a stored setup object then indicate more processing
             //  required
‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Note: You're welcome to try with just this change; I've no idea if modifications elsewhere are also required.

Thanks,
Mike

claudio_martins · ‎01-19-2010

Hi Mike, that really worked! You rock!

I have successfully tested this correction for the following clients: XP, 2003, Vista, W7, Linux RedHat/Debian and MacOS X 10.6.

Cheers, CM.

Hyland Connect

CIFS + Kerberos working at Enterprise 3.2, but not at Comm