Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Enterprise Platforms
- Alfresco
- Alfresco Archive
- CIFS problem
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
CIFS problem
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-14-2007 11:24 PM
Hi, I am running Alfresco enterprise 2.0.1 deployed as a WAR within BEA WebLogic 9.2. I also connected up to the Novell eDirectory LDAP for authentication purposes. This is all running on RedHat Linux.
This all works and I can successfully authenticate into the web app, but I noticed some errors at start related to CIFS and then verified CIFS is not working. I have not done anything custom/configuration releated to CIFS yet so that is out of the box.
Here is the snippet from the log below. Any ideas?:
[size=75]14 May 2007 22:02:47,601 DEBUG BaseConfigService: Retrieving configuration for 'CIFS Server'
14 May 2007 22:02:47,601 DEBUG BaseConfigService: Created initial config results using global section
14 May 2007 22:02:47,601 DEBUG BaseConfigService: Restricting search within following areas: [file-servers]
14 May 2007 22:02:47,601 DEBUG DefaultLookupAlgorithm: org.alfresco.config.ConfigSectionImpl@23722a3 (evaluator=string-compare condition=CIFS Server replace=false) matches
14 May 2007 22:02:47,655 DEBUG protocol : Found browse master at 10.220.146.210
14 May 2007 22:02:47,660 ERROR protocol : Failed to get local domain/workgroup name, using default of WORKGROUP
14 May 2007 22:02:47,660 ERROR protocol : (This may be due to firewall settings or incorrect <broadcast> setting)
14 May 2007 22:02:47,680 DEBUG BaseConfigService: Retrieving configuration for 'Filesystem Security'
14 May 2007 22:02:47,680 DEBUG BaseConfigService: Created initial config results using global section
14 May 2007 22:02:47,680 DEBUG BaseConfigService: Restricting search within following areas: [file-servers]
14 May 2007 22:02:47,680 DEBUG DefaultLookupAlgorithm: org.alfresco.config.ConfigSectionImpl@2370bca (evaluator=string-compare condition=Filesystem Security replace=false) matches
14 May 2007 22:02:47,715 ERROR auth : No valid CIFS authentication combination available
14 May 2007 22:02:47,715 ERROR auth : Either enable Kerberos support or use an authentication component that supports MD4 hashed passwords
14 May 2007 22:02:47,727 ERROR protocol : CIFS server configuration error, Invalid CIFS authenticator configuration
org.alfresco.error.AlfrescoRuntimeException: Invalid CIFS authenticator configuration
at org.alfresco.filesys.server.auth.EnterpriseCifsAuthenticator.initialize(EnterpriseCifsAuthenticator.java:348)
at org.alfresco.filesys.server.config.ServerConfiguration.setAuthenticator(ServerConfiguration.java:3329)
at org.alfresco.filesys.server.config.ServerConfiguration.processSecurityConfig(ServerConfiguration.java:2329)
at org.alfresco.filesys.server.config.ServerConfiguration.init(ServerConfiguration.java:634)
at org.alfresco.filesys.server.config.ServerConfiguration.onBootstrap(ServerConfiguration.java:4026)
at org.alfresco.util.AbstractLifecycleBean.onApplicationEvent(AbstractLifecycleBean.java:62)
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:45)
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:225)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:323)
at org.springframework.web.context.support.AbstractRefreshableWebApplicationContext.refresh(AbstractRefreshableWebApplicationContext.java:134)
at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:246)
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:184)
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:49)
at weblogic.servlet.internal.EventsManager$FireContextListenerAction.run(EventsManager.java:375)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.EventsManager.notifyContextCreatedEvent(EventsManager.java:83)
at weblogic.servlet.internal.WebAppServletContext.preloadResources(WebAppServletContext.java:1591)
at weblogic.servlet.internal.WebAppServletContext.start(WebAppServletContext.java:2734)
at weblogic.servlet.internal.WebAppModule.startContexts(WebAppModule.java:892)
at weblogic.servlet.internal.WebAppModule.start(WebAppModule.java:336)
at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:204)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:26)
at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:60)
at weblogic.application.internal.flow.ScopedModuleDriver.start(ScopedModuleDriver.java:200)
at weblogic.application.internal.flow.ModuleListenerInvoker.start(ModuleListenerInvoker.java:117)
at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:204)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:26)
at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:60)
at weblogic.application.internal.flow.StartModulesFlow.activate(StartModulesFlow.java:26)
at weblogic.application.internal.BaseDeployment$2.next(BaseDeployment.java:641)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:26)[/size]
This all works and I can successfully authenticate into the web app, but I noticed some errors at start related to CIFS and then verified CIFS is not working. I have not done anything custom/configuration releated to CIFS yet so that is out of the box.
Here is the snippet from the log below. Any ideas?:
[size=75]14 May 2007 22:02:47,601 DEBUG BaseConfigService: Retrieving configuration for 'CIFS Server'
14 May 2007 22:02:47,601 DEBUG BaseConfigService: Created initial config results using global section
14 May 2007 22:02:47,601 DEBUG BaseConfigService: Restricting search within following areas: [file-servers]
14 May 2007 22:02:47,601 DEBUG DefaultLookupAlgorithm: org.alfresco.config.ConfigSectionImpl@23722a3 (evaluator=string-compare condition=CIFS Server replace=false) matches
14 May 2007 22:02:47,655 DEBUG protocol : Found browse master at 10.220.146.210
14 May 2007 22:02:47,660 ERROR protocol : Failed to get local domain/workgroup name, using default of WORKGROUP
14 May 2007 22:02:47,660 ERROR protocol : (This may be due to firewall settings or incorrect <broadcast> setting)
14 May 2007 22:02:47,680 DEBUG BaseConfigService: Retrieving configuration for 'Filesystem Security'
14 May 2007 22:02:47,680 DEBUG BaseConfigService: Created initial config results using global section
14 May 2007 22:02:47,680 DEBUG BaseConfigService: Restricting search within following areas: [file-servers]
14 May 2007 22:02:47,680 DEBUG DefaultLookupAlgorithm: org.alfresco.config.ConfigSectionImpl@2370bca (evaluator=string-compare condition=Filesystem Security replace=false) matches
14 May 2007 22:02:47,715 ERROR auth : No valid CIFS authentication combination available
14 May 2007 22:02:47,715 ERROR auth : Either enable Kerberos support or use an authentication component that supports MD4 hashed passwords
14 May 2007 22:02:47,727 ERROR protocol : CIFS server configuration error, Invalid CIFS authenticator configuration
org.alfresco.error.AlfrescoRuntimeException: Invalid CIFS authenticator configuration
at org.alfresco.filesys.server.auth.EnterpriseCifsAuthenticator.initialize(EnterpriseCifsAuthenticator.java:348)
at org.alfresco.filesys.server.config.ServerConfiguration.setAuthenticator(ServerConfiguration.java:3329)
at org.alfresco.filesys.server.config.ServerConfiguration.processSecurityConfig(ServerConfiguration.java:2329)
at org.alfresco.filesys.server.config.ServerConfiguration.init(ServerConfiguration.java:634)
at org.alfresco.filesys.server.config.ServerConfiguration.onBootstrap(ServerConfiguration.java:4026)
at org.alfresco.util.AbstractLifecycleBean.onApplicationEvent(AbstractLifecycleBean.java:62)
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:45)
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:225)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:323)
at org.springframework.web.context.support.AbstractRefreshableWebApplicationContext.refresh(AbstractRefreshableWebApplicationContext.java:134)
at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:246)
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:184)
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:49)
at weblogic.servlet.internal.EventsManager$FireContextListenerAction.run(EventsManager.java:375)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.EventsManager.notifyContextCreatedEvent(EventsManager.java:83)
at weblogic.servlet.internal.WebAppServletContext.preloadResources(WebAppServletContext.java:1591)
at weblogic.servlet.internal.WebAppServletContext.start(WebAppServletContext.java:2734)
at weblogic.servlet.internal.WebAppModule.startContexts(WebAppModule.java:892)
at weblogic.servlet.internal.WebAppModule.start(WebAppModule.java:336)
at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:204)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:26)
at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:60)
at weblogic.application.internal.flow.ScopedModuleDriver.start(ScopedModuleDriver.java:200)
at weblogic.application.internal.flow.ModuleListenerInvoker.start(ModuleListenerInvoker.java:117)
at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:204)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:26)
at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:60)
at weblogic.application.internal.flow.StartModulesFlow.activate(StartModulesFlow.java:26)
at weblogic.application.internal.BaseDeployment$2.next(BaseDeployment.java:641)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:26)[/size]
Labels:
- Labels:
-
Archive
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-15-2007 04:11 AM
Hi,
If you've configured the main Alfresco authentication component to use LDAP rather than the built-in user database then the standard CIFS authenticator does not have access to the required hashed passwords.
The usual solution to this is to configure the CIFS server to set the authenticator type to "passthru" and specify the address of a Samba or Windows server that the Alfresco CIFS server can use for passthru authentication.
Cheers
Gary
If you've configured the main Alfresco authentication component to use LDAP rather than the built-in user database then the standard CIFS authenticator does not have access to the required hashed passwords.
The usual solution to this is to configure the CIFS server to set the authenticator type to "passthru" and specify the address of a Samba or Windows server that the Alfresco CIFS server can use for passthru authentication.
Cheers
Gary
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-15-2007 10:12 AM
Does this mean I can't use that same LDAP for CIFS authentication? Or is it possible to passthru to that LDAP server?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-15-2007 10:33 AM
Hi,
The problem is that LDAP doesn't store the passwords in a format that is useable by CIFS. To get around this you configure the CIFS server to use passthru authentication to a Samba or Windows server that uses the same user account information.
We're looking into other solutions to this but it's likely to require a similar approach that Samba uses with LDAP by extending the schema to add the required format of hashed passwords.
Cheers
Gary
The problem is that LDAP doesn't store the passwords in a format that is useable by CIFS. To get around this you configure the CIFS server to use passthru authentication to a Samba or Windows server that uses the same user account information.
We're looking into other solutions to this but it's likely to require a similar approach that Samba uses with LDAP by extending the schema to add the required format of hashed passwords.
Cheers
Gary
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-15-2007 11:17 AM
So how would this work when the repository is an external NAS or SAN device? Where would the Samba server run?
As Samba may not be an option for the client, is it possible to still use LDAP for authentication for everything but CIFS and have CIFS use the internal alfresco system? If so, how is this done?
Thanks.
As Samba may not be an option for the client, is it possible to still use LDAP for authentication for everything but CIFS and have CIFS use the internal alfresco system? If so, how is this done?
Thanks.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-15-2007 11:46 AM
Hi everyone,
I am currently having the same issue …
I have understand that eDirectoy (and more than this: LDAP) doesn't store password using MD4, so using it to authenticate with CIFS is impossible…
But I also don't have a domain controler (Window or Samba) … So there is no way for me to use passthrough …
I am very interrested to use LDAP for everthing but CIFS, and to use users internal to alfresco fro CIFS…
Thanks guys.
I am currently having the same issue …
I have understand that eDirectoy (and more than this: LDAP) doesn't store password using MD4, so using it to authenticate with CIFS is impossible…
But I also don't have a domain controler (Window or Samba) … So there is no way for me to use passthrough …
I am very interrested to use LDAP for everthing but CIFS, and to use users internal to alfresco fro CIFS…
Thanks guys.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-15-2007 11:59 AM
Hi,
I don't think it's possible to use internal users for CIFS and LDAP for everything else as you need to change the authentication component, which is either internal user database or external via LDAP.
The neatest solution seems to use LDAP to store the MD4 version of the password that Alfresco CIFS requires, in a similar way to how Samba works with LDAP. This would save having two seperate user lists and the synchronization problems that brings, and would remove the requirement for a CIFS server for the Alfresco CIFS authentication.
This requirement is something that has only recently become hot, we're looking into it.
Cheers
Gary
I don't think it's possible to use internal users for CIFS and LDAP for everything else as you need to change the authentication component, which is either internal user database or external via LDAP.
The neatest solution seems to use LDAP to store the MD4 version of the password that Alfresco CIFS requires, in a similar way to how Samba works with LDAP. This would save having two seperate user lists and the synchronization problems that brings, and would remove the requirement for a CIFS server for the Alfresco CIFS authentication.
This requirement is something that has only recently become hot, we're looking into it.
Cheers
Gary
Related Content
- /alfresco endpoint shows an incorrect link to 'Alfresco Share' in Alfresco Forum
- Bucket limited to 100 elements in FacetField in Alfresco Forum
- Setting a DATE property in a custom type. in Alfresco Forum
- Problem with XML parsing in Alfresco Forum
- Using Bulk Import with Alfresco 23.x in Alfresco Forum
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
