cancel
Showing results for 
Search instead for 
Did you mean: 

Client using NTLMv2 logon, not valid with passthru authentication

badim
Champ on-the-rise
Champ on-the-rise

authentication.chain=ldap1:ldap-ad,passthru1Smiley Tongueassthru

ntlm.authentication.sso.enabled = true
ntlm.authentication.browser.ticketLogons=true

ldap.authentication.active=false
ldap.authentication.userNameFormat=%s@domen.local
ldap.authentication.allowGuestLogin=false
ldap.authentication.java.naming.provider.url=ldap://dc01.domen.local:389
ldap.authentication.defaultAdministratorUserNames=Administrator,alfresco,admin

ldap.synchronization.active=true     
ldap.synchronization.java.naming.security.principal=user_alfresco@domen.local
ldap.synchronization.java.naming.security.credentials=12345678

ldap.synchronization.groupSearchBase=ou=Group,ou=user,dc=domen,dc=local
ldap.synchronization.userSearchBase=ou=user,dc=domen,dc=local

filesystem.domainMappings=DOMEN
filesystem.domainMappings.value.DOMEN.subnet=192.168.0.0
filesystem.domainMappings.value.DOMEN.mask=255.255.255.0

alfresco.authentication.authenticateCIFS=false

passthru.authentication.authenticateCIFS=false
passthru.authentication.useLocalServer=false
passthru.authentication.domain=
passthru.authentication.servers = DOMEN\\dc01.domen.local,dc01.domen.local,dc01
passthru.authentication.guestAccess=false
passthru.authentication.protocolOrder=TCPIP,NETBIOS

DEBUG [org.alfresco.repo.webdav.auth.NTLMAuthenticationFilter] [http-apr-8080-exec-4] Fallback authentication failed. Restarting login...
DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] [http-apr-8080-exec-5] Authentication not required (filter), chaining ...
 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] [http-apr-8080-exec-6] New NTLM auth request from 192.168.0.16 (192.168.0.16:36339) SID:903B3C4ABEBC886A04AAFCA78CEA
DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] [http-apr-8080-exec-6] restartLoginChallenge...
DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] [http-apr-8080-exec-8] Received type1 [Type1:0xa20807,Domain:<NotSet>,Wks:<NotSet>]
DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] [http-apr-8080-exec-8] Mapped client IP 192.168.0.16 to domain DOMAIN
DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] [http-apr-8080-exec-8] Client domain DOMAIN
DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] [http-apr-8080-exec-8] Searching for local server name.
DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] [http-apr-8080-exec-8] Found server name in the file server configuration: null
INFO [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] [http-apr-8080-exec-8] NTLM filter using server name fs02
DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] [http-apr-8080-exec-8] Sending NTLM type2 to client - [Type2:0x80000203,Target:fs02,Ch:a7216475770cd8af]
DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] [http-apr-8080-exec-10] Received type3 [Type3:,LM:000000000000000000000000000000000000000000000000,NTLM:231592438a0ef5cbe44987408d9501010000000000006ee76e090644d201fb6346620237539d000200080066007300300032000000000000000000,DomSmiley Very HappyOMAIN,User:sh-g,Wks:IT-01]
ERROR [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] [http-apr-8080-exec-10] Client IT-01 using NTLMv2 logon, not valid with passthru authentication
 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] [http-apr-8080-exec-10] restartLoginChallenge...
DEBUG [org.alfresco.repo.webdav.auth.NTLMAuthenticationFilter] [http-apr-8080-exec-3] Performing fallback authentication...

help me

1 ACCEPTED ANSWER

afaust
Legendary Innovator
Legendary Innovator

Please refer to the documentation about troubleshooting NTLM issues. Specifically for passthru you have to configure clients NOT to use NTLMv2 via registry settings. Generally I'd recommend not to use passthru anymore (insecure) and instead utilize Kerberos.

View answer in original post

2 REPLIES 2

afaust
Legendary Innovator
Legendary Innovator

Please refer to the documentation about troubleshooting NTLM issues. Specifically for passthru you have to configure clients NOT to use NTLMv2 via registry settings. Generally I'd recommend not to use passthru anymore (insecure) and instead utilize Kerberos.

badim
Champ on-the-rise
Champ on-the-rise
Thank you, I will change on Kerberos