Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Enterprise Platforms
- Alfresco
- Alfresco Archive
- Re: [ERROR]Alfresco Engineers: CIFS auth does not ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
[ERROR]Alfresco Engineers: CIFS auth does not work. Sugg?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-13-2009 01:15 PM
[size=125]Purpose:[/size]
This thread is an attempt to resolve an issue that appears to plague many of us: CIFS server authentication configuration. Hopefully, this thread will come in handy to all of those who have posted about their various CIFS configurations not working. If possible, I would also like to create a wiki from this thread. To accomplish this goal, I will provide as much detail as I can because, regardless of significant efforts, I have been unable to configure CIFS to function properly in my environment at all.
[size=125]Platform:[/size]
Alfresco Server
—Operating System: Red Hat Enterprise Linux 5.2
—Database: MySQL 5.0.45-community (NOTE: Came w/ RHEL 5.2 installation)
—Java: JDK 1.6.0 Update 11
—Open Office: OpenOffice.org 2.3
Alfresco
—Current Version: Labs 3c
—Versions Tried: Community 2.9.0B, Enterprise 2.1 (trial), Enterprise 3.0.0 (trial)
—NOTE: Alfresco will be installed by and run under a NON-ROOT account. Configuration has been applied to forward requests on standard root-privileged ports to non-root ports, per the Running SMB/CIFS from a normal user account wiki.
Client PCs
—Operating System(s): Windows XP Professional SP3(80% of client PCs), Windows XP Professional x64 SP2 (20% of client PCs)
—Login Authentication: Windows Server 2003 Active Directory server
—Web Browser: Firefox 3.0.5
[size=125]Objective:[/size]
I would simply like to configure Alfresco Labs 3c to do the following:
a) Authenticate against Active Directory server and allow single sign-on (SSO) for the Alfresco Web Interface
b) Authenticate against Active Directory server and allow "Map Network Drive" on client PCs to the Alfresco CIFS server (see below picture)
[img]http://www.ece.uwaterloo.ca/Computing/Research/Software/Samba/images/map_network_drive.jpg[/img]
[size=125]Scenario 1: Issue, Output, and Configuration - Base Install CIFS Mapping Attempt:[/size]
For the purposes of this thread, I have freshly installed Alfresco Labs 3c. I then applied some general configuration to get Alfresco up and running without errors (e.g. set ALF_HOME, JAVA_HOME, running db_setup.sql on MySQL database, forcing db.url and dialect to use MySQL, setting OpenOffice location, etc).
Even at this early stage, I can not "Map Network Drive" to the Alfresco CIFS server (\\alfserver\alfresco) successfully. Also, it is worth noting is that issuing the command "alfresco.sh stop" DOES NOT stop all running Alfresco processes (a kill -9 <pid> command must be executed).
Output to alfresco.log (NOTE: log4j.properties org.alfresco.smb.protocol.auth=debug is ACTIVE)
"Map Network Drive" (Drive: Z: ; Folder: \\alfserver\alfresco), click Finish
"Map Network Drive" (Drive: Z: ; Folder: \\alfserver\alfresco), click "Connect using a different user name" (User name: Alfresco\<user>); Note that <user> has already been added via Alfresco Web Interface AND that <user> is the same value entered when logging into the client PC.
The following are ALL of the configuration files I have changed since freshly installing Alfresco Labs 3c:
/opt/alfresco/alfresco.sh
/opt/alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/file-servers.properties (NOTE: These are dummy values; my values are different)
/opt/alfresco/tomcat/shared/classes/alfresco/extension/web-client-config-custom.xml
/opt/alfresco/tomcat/shared/classes/alfresco/extension/file-servers-custom.xml
The above config produces the following output in alfresco.log when the "alfresco.sh start" command is issued:
Again, the result of the above configuration is that no user can use the Windows XP "Map Network Drive…" function to map the CIFS server as a shared drive.
Where is the error in this out-of-the-box configuration?
This thread is an attempt to resolve an issue that appears to plague many of us: CIFS server authentication configuration. Hopefully, this thread will come in handy to all of those who have posted about their various CIFS configurations not working. If possible, I would also like to create a wiki from this thread. To accomplish this goal, I will provide as much detail as I can because, regardless of significant efforts, I have been unable to configure CIFS to function properly in my environment at all.
[size=125]Platform:[/size]
Alfresco Server
—Operating System: Red Hat Enterprise Linux 5.2
—Database: MySQL 5.0.45-community (NOTE: Came w/ RHEL 5.2 installation)
—Java: JDK 1.6.0 Update 11
—Open Office: OpenOffice.org 2.3
Alfresco
—Current Version: Labs 3c
—Versions Tried: Community 2.9.0B, Enterprise 2.1 (trial), Enterprise 3.0.0 (trial)
—NOTE: Alfresco will be installed by and run under a NON-ROOT account. Configuration has been applied to forward requests on standard root-privileged ports to non-root ports, per the Running SMB/CIFS from a normal user account wiki.
Client PCs
—Operating System(s): Windows XP Professional SP3(80% of client PCs), Windows XP Professional x64 SP2 (20% of client PCs)
—Login Authentication: Windows Server 2003 Active Directory server
—Web Browser: Firefox 3.0.5
[size=125]Objective:[/size]
I would simply like to configure Alfresco Labs 3c to do the following:
a) Authenticate against Active Directory server and allow single sign-on (SSO) for the Alfresco Web Interface
b) Authenticate against Active Directory server and allow "Map Network Drive" on client PCs to the Alfresco CIFS server (see below picture)
[img]http://www.ece.uwaterloo.ca/Computing/Research/Software/Samba/images/map_network_drive.jpg[/img]
[size=125]Scenario 1: Issue, Output, and Configuration - Base Install CIFS Mapping Attempt:[/size]
For the purposes of this thread, I have freshly installed Alfresco Labs 3c. I then applied some general configuration to get Alfresco up and running without errors (e.g. set ALF_HOME, JAVA_HOME, running db_setup.sql on MySQL database, forcing db.url and dialect to use MySQL, setting OpenOffice location, etc).
Even at this early stage, I can not "Map Network Drive" to the Alfresco CIFS server (\\alfserver\alfresco) successfully. Also, it is worth noting is that issuing the command "alfresco.sh stop" DOES NOT stop all running Alfresco processes (a kill -9 <pid> command must be executed).
Output to alfresco.log (NOTE: log4j.properties org.alfresco.smb.protocol.auth=debug is ACTIVE)
"Map Network Drive" (Drive: Z: ; Folder: \\alfserver\alfresco), click Finish
12:52:43,303 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup NTLMSSP, MID=8, UID=0, PID=65279
12:52:43,303 DEBUG [org.alfresco.smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=985,Authenticator=EncType=23,Kvno=-1,Len=181]
12:52:43,303 DEBUG [org.alfresco.smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
12:52:43,303 ERROR [org.alfresco.smb.protocol.auth] Kerberos logon error
12:52:43,303 ERROR [org.alfresco.smb.protocol.auth] java.lang.NullPointerException
12:52:43,306 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup NTLMSSP, MID=16, UID=0, PID=65279
12:52:43,306 DEBUG [org.alfresco.smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=1020,Authenticator=EncType=23,Kvno=-1,Len=176]
12:52:43,306 DEBUG [org.alfresco.smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
12:52:43,306 ERROR [org.alfresco.smb.protocol.auth] Kerberos logon error
12:52:43,306 ERROR [org.alfresco.smb.protocol.auth] java.lang.NullPointerException"Map Network Drive" (Drive: Z: ; Folder: \\alfserver\alfresco), click "Connect using a different user name" (User name: Alfresco\<user>); Note that <user> has already been added via Alfresco Web Interface AND that <user> is the same value entered when logging into the client PC.
12:54:37,200 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup NTLMSSP, MID=8, UID=0, PID=65279
12:54:37,201 DEBUG [org.alfresco.smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=985,Authenticator=EncType=23,Kvno=-1,Len=181]
12:54:37,201 DEBUG [org.alfresco.smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
12:54:37,201 ERROR [org.alfresco.smb.protocol.auth] Kerberos logon error
12:54:37,201 ERROR [org.alfresco.smb.protocol.auth] java.lang.NullPointerException
12:54:39,466 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup NTLMSSP, MID=16, UID=0, PID=65279
12:54:39,476 DEBUG [org.alfresco.smb.protocol.auth] User logged on (type Normal)
12:54:39,478 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup NTLMSSP, MID=24, UID=0, PID=65279
12:54:39,631 DEBUG [org.alfresco.smb.protocol.auth] Logged on using NTLMSSP/NTLMv2
12:54:39,633 DEBUG [org.alfresco.smb.protocol.auth] User <user> logged on (type Normal)
12:54:39,634 DEBUG [org.alfresco.smb.protocol.auth] Allocated UID=0 for VC=[0:0,[<user>:null,Windows XP 3790 Service Pack 2,,<client pc ip>],Tree=0,Searches=0]The following are ALL of the configuration files I have changed since freshly installing Alfresco Labs 3c:
/opt/alfresco/alfresco.sh
#!/bin/sh
ALF_HOME=/opt/alfresco
cd "$ALF_HOME"
APPSERVER="${ALF_HOME}/tomcat"
export JAVA_HOME="/usr/local/java/jdk1.6.0_11"
export JAVA_OPTS='-Xms128m -Xmx1024m -XX:MaxPermSize=128m -server'
if [ "$1" = "start" ]; then
"${APPSERVER}/bin/startup.sh"
elif [ "$1" = "stop" ]; then
"${APPSERVER}/bin/shutdown.sh"
fi#########################################
# Override Alfresco Repository Settings #
#########################################
# Force fully-qualified path
dir.root=/opt/alfresco/alf_data
# Set MySQL database attributes
db.username=alfresco
db.password=alfresco
db.pool.initial=10
db.pool.max=100
db.driver=org.gjt.mm.mysql.Driver
db.url=jdbc:mysql://localhost/alfresco
# Set email attributes
mail.host=popserver.my.domain.com
mail.port=25
mail.username=
mail.password=
mail.encoding=UTF-8
mail.header=
mail.from.default=alfresco-admin@alfserver######################################
# Override Hibernate dialiect config #
######################################
# MySQL dialect (default)
hibernate.dialect=org.hibernate.dialect.MySQLInnoDBDialect<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
<bean id="openOfficeStartupBootstrap" class="org.alfresco.util.exec.RuntimeExecBootstrapBean" >
<property name="startupCommands">
<list><ref bean="openOfficeStartupCommand" /></list>
</property>
<property name="failOnError">
<value>false</value>
</property>
</bean>
<bean id="openOfficeStartupCommand" class="org.alfresco.util.exec.RuntimeExec">
<property name="commandMap">
<map>
<entry key=".*">
<value><![CDATA[soffice -accept=socket,host=localhost,port=8100;urp;StarOffice.ServiceManager -env:UserInstallation=file://oouser -nologo -headless -nofirststartwizard -nocrashrep -norestore]]></value>
</entry>
</map>
</property>
<property name="waitForCompletion">
<value>false</value>
</property>
<property name="errorCodes">
<value>2</value>
</property>
</bean>
</beans><?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
<bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
<property name="providers"> <list> <ref bean="authenticatedAuthenticationPassthroughProvider" /> <ref bean="daoAuthenticationProvider" /> </list> </property>
</bean>
<bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="authenticationDao"> <ref bean="authenticationDao" /> </property>
<property name="saltSource"> <ref bean="saltSource" /> </property>
<property name="passwordEncoder"> <ref bean="passwordEncoder" /> </property>
</bean>
<bean id="authenticatedAuthenticationPassthroughProvider" class="org.alfresco.repo.security.authentication.AuthenticatedAuthenticationPassthroughProvider" />
<bean id="authenticationDao" class="org.alfresco.repo.security.authentication.RepositoryAuthenticationDao">
<property name="nodeService"> <ref bean="nodeService" /> </property>
<property name="tenantService"> <ref bean="tenantService"/> </property>
<property name="dictionaryService"> <ref bean="dictionaryService" /> </property>
<property name="namespaceService"> <ref bean="namespaceService" /> </property>
<property name="searchService"> <ref bean="admSearchService" /> </property>
<property name="retryingTransactionHelper"> <ref bean="retryingTransactionHelper"/> </property>
<property name="userNamesAreCaseSensitive"> <value>${user.name.caseSensitive}</value> </property>
<property name="passwordEncoder"> <ref bean="passwordEncoder" /> </property>
</bean>
<alias alias="saltSource" name="authenticationDao"/>
<bean id="passwordEncoder" class="org.alfresco.repo.security.authentication.MD4PasswordEncoderImpl"></bean>
<bean id="authenticationService" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
<property name="authenticationDao"> <ref bean="authenticationDao" /> </property>
<property name="ticketComponent"> <ref bean="ticketComponent" /> </property>
<property name="authenticationComponent"> <ref bean="authenticationComponent" /> </property>
<property name="sysAdminCache"> <ref bean="sysAdminCache"/> </property>
</bean>
<bean id="AuthenticationComponent" class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean">
<property name="proxyInterfaces"> <value>org.alfresco.repo.security.authentication.AuthenticationComponent</value> </property>
<property name="transactionManager"> <ref bean="transactionManager" /> </property>
<property name="target"> <ref bean="authenticationComponent" /> </property>
<property name="transactionAttributes"> <props> <prop key="*">${server.transaction.mode.default}</prop> </props> </property>
</bean>
<bean id="authenticationComponentBase" abstract="true">
<property name="tenantService"> <ref bean="tenantService"/> </property>
</bean>
<bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.AuthenticationComponentImpl" parent="authenticationComponentBase">
<property name="authenticationDao"> <ref bean="authenticationDao" /> </property>
<property name="authenticationManager"> <ref bean="authenticationManager" /> </property>
<property name="allowGuestLogin"> <value>false</value> </property>
<property name="nodeService"> <ref bean="nodeService" /> </property>
<property name="personService"> <ref bean="personService" /> </property>
<property name="transactionService"> <ref bean="transactionService" /> </property>
</bean>
<bean id="personDaoImpl" class="org.alfresco.repo.security.person.PersonDaoImpl">
<property name="sessionFactory"> <ref bean="sessionFactory" /> </property>
<property name="localeDAO"> <ref bean="localeDAO" /> </property>
<property name="qnameDAO"> <ref bean="qnameDAO" /> </property>
<property name="dictionaryService"> <ref bean="dictionaryService" /> </property>
</bean>
<bean id="personService" class="org.alfresco.repo.security.person.PersonServiceImpl" init-method="init">
<property name="transactionService"> <ref bean="transactionService" /> </property>
<property name="nodeService"> <ref bean="nodeService" /> </property>
<property name="tenantService"> <ref bean="tenantService"/> </property>
<property name="searchService"> <ref bean="admSearchService" /> </property>
<property name="permissionServiceSPI"> <ref bean="permissionServiceImpl" /> </property>
<property name="authorityService"> <ref bean="authorityService" /> </property>
<property name="dictionaryService"> <ref bean="dictionaryService" /> </property>
<property name="namespacePrefixResolver"> <ref bean="namespaceService" /> </property>
<property name="policyComponent"> <ref bean="policyComponent"/> </property>
<property name="personCache"> <ref bean="personCache" /> </property>
<property name="personDao"> <ref bean="personDaoImpl" /> </property>
<property name="storeUrl"> <value>${spaces.store}</value> </property>
<property name="createMissingPeople"> <value>${server.transaction.allow-writes}</value> </property>
<property name="userNamesAreCaseSensitive"> <value>${user.name.caseSensitive}</value> </property>
<property name="processDuplicates"> <value>true</value> </property>
<property name="duplicateMode"> <value>SPLIT</value> </property>
<property name="lastIsBest"> <value>true</value> </property>
<property name="includeAutoCreated"> <value>false</value> </property>
</bean>
<bean name="homeFolderManager" class="org.alfresco.repo.security.person.HomeFolderManager">
<property name="nodeService"> <ref bean="nodeService" /> </property>
<property name="policyComponent"> <ref bean="policyComponent" /> </property>
<property name="defaultProvider"> <ref bean="userHomesHomeFolderProvider" /> </property>
</bean>
<bean name="companyHomeFolderProvider" class="org.alfresco.repo.security.person.ExistingPathBasedHomeFolderProvider">
<property name="serviceRegistry"> <ref bean="ServiceRegistry" /> </property>
<property name="path"> <value>/${spaces.company_home.childname}</value> </property>
<property name="storeUrl"> <value>${spaces.store}</value> </property>
<property name="homeFolderManager"> <ref bean="homeFolderManager" /> </property>
</bean>
<bean name="guestHomeFolderProvider" class="org.alfresco.repo.security.person.ExistingPathBasedHomeFolderProvider">
<property name="serviceRegistry"> <ref bean="ServiceRegistry" /> </property>
<property name="path"> <value>/${spaces.company_home.childname}/${spaces.guest_home.childname}</value> </property>
<property name="storeUrl"> <value>${spaces.store}</value> </property>
<property name="homeFolderManager"> <ref bean="homeFolderManager" /> </property>
<property name="userPermissions"> <set> <value>Consumer</value> </set> </property>
</bean>
<bean name="bootstrapHomeFolderProvider" class="org.alfresco.repo.security.person.BootstrapHomeFolderProvider">
<property name="homeFolderManager"> <ref bean="homeFolderManager" /> </property>
</bean>
<bean name="personalHomeFolderProvider" class="org.alfresco.repo.security.person.UIDBasedHomeFolderProvider">
<property name="serviceRegistry"> <ref bean="ServiceRegistry" /> </property>
<property name="path"> <value>/${spaces.company_home.childname}</value> </property>
<property name="storeUrl"> <value>${spaces.store}</value> </property>
<property name="homeFolderManager"> <ref bean="homeFolderManager" /> </property>
<property name="inheritsPermissionsOnCreate"> <value>false</value> </property>
<property name="ownerPermissionsToSetOnCreate"> <set> <value>All</value> </set> </property>
<property name="userPermissions"> <set> <value>All</value> </set> </property>
</bean>
<bean name="userHomesHomeFolderProvider" class="org.alfresco.repo.security.person.UIDBasedHomeFolderProvider">
<property name="serviceRegistry"> <ref bean="ServiceRegistry" /> </property>
<property name="path"> <value>/${spaces.company_home.childname}/${spaces.user_homes.childname}</value> </property>
<property name="storeUrl"> <value>${spaces.store}</value> </property>
<property name="homeFolderManager"> <ref bean="homeFolderManager" /> </property>
<property name="inheritsPermissionsOnCreate"> <value>false</value> </property>
<property name="ownerPermissionsToSetOnCreate"> <set> <value>All</value> </set> </property>
<property name="userPermissions"> <set> <value>All</value> </set> </property>
</bean>
<bean id="ticketComponent" class="org.alfresco.repo.security.authentication.InMemoryTicketComponentImpl">
<property name="ticketsCache"> <ref bean="ticketsCache"/> </property>
<property name="validDuration"> <value>PT1H</value> </property>
<property name="ticketsExpire"> <value>false</value> </property>
<property name="oneOff"> <value>false</value> </property>
<property name="expiryMode"> <value>AFTER_FIXED_TIME</value> </property>
</bean>
<bean id="userNameGenerator" class="org.alfresco.repo.security.authentication.BasicUserNameGenerator">
<property name="userNameLength"> <value>6</value> </property>
</bean>
<bean id="passwordGenerator" class="org.alfresco.repo.security.authentication.BasicPasswordGenerator">
<property name="passwordLength"> <value>8</value> </property>
</bean>
</beans>/opt/alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/file-servers.properties (NOTE: These are dummy values; my values are different)
cifs.localname=alfserver
cifs.domain=my.domain.com
cifs.broadcast=123.234.123.234/opt/alfresco/tomcat/shared/classes/alfresco/extension/web-client-config-custom.xml
<alfresco-config>
<config>
<client>
<initial-location>userhome</initial-location>
<from-email-address>alfresco-admin@alfserver</from-email-address>
</client>
</config>
<config evaluator="string-compare" condition="Views">
<views>
<view-defaults>
<browse>
<sort-direction>descending</sort-direction>
<view>details</view>
<page-size>
<list>30</list>
<details>30</details>
<icons>30</icons>
</page-size>
</browse>
</view-defaults>
</views>
</config>
</alfresco-config>/opt/alfresco/tomcat/shared/classes/alfresco/extension/file-servers-custom.xml
<alfresco-config area="file-servers">
<config evaluator="string-compare" condition="Filesystems" replace="true">
<filesystems>
<filesystem name="Alfresco">
<store>workspace://SpacesStore</store>
<rootPath>/app:company_home</rootPath>
<urlFile>
<filename>__Alfresco.url</filename>
<webpath>http://${localname}:8080/alfresco/</webpath>
</urlFile>
<offlineFiles/>
<desktopActions>
<global>
<path>alfresco/desktop/Alfresco.exe</path>
<webpath>http://${localname}:8080/alfresco/</webpath>
</global>
<action>
<class>org.alfresco.filesys.repo.desk.CheckInOutDesktopAction</class>
<name>CheckInOut</name>
<filename>__CheckInOut.exe</filename>
</action>
<action>
<class>org.alfresco.filesys.repo.desk.JavaScriptDesktopAction</class>
<name>JavaScriptURL</name>
<filename>__ShowDetails.exe</filename>
<script>alfresco/desktop/showDetails.js</script>
<attributes>anyFiles</attributes>
<preprocess>copyToTarget</preprocess>
</action>
</desktopActions>
</filesystem>
<avmfilesystem name="AVM">
<virtualView/>
</avmfilesystem>
</filesystems>
</config>
<config evaluator="string-compare" condition="CIFS Server" replace="true">
<serverEnable enabled="true"/>
<host name="${cifs.localname}" domain="${cifs.domain}"/>
<comment>Alfresco CIFS Server</comment>
<broadcast>${cifs.broadcast}</broadcast>
<tcpipSMB port="1445" platforms="linux,solaris,macosx"/>
<netBIOSSMB sessionPort="1139" namePort="1137" datagramPort="1138" platforms="linux,solaris,macosx"/>
<hostAnnounce interval="5"/>
<Win32NetBIOS/>
<Win32Announce interval="5"/>
<authenticator type="enterprise">
</authenticator>
<sessionDebug flags="Negotiate,Socket"/>
</config>
</alfresco-config>The above config produces the following output in alfresco.log when the "alfresco.sh start" command is issued:
12:17:10,456 INFO [org.alfresco.config.xml.XMLConfigService$PropertyConfigurer] Loading properties file from class path resource [alfresco/file-servers.properties]
12:17:11,102 DEBUG [org.alfresco.smb.protocol.auth] preRegister called. Server=com.sun.jmx.mbeanserver.JmxMBeanServer@18438d57, name=log4j:logger=org.alfresco.smb.protocol.auth
12:17:14,939 INFO [org.alfresco.repo.domain.schema.SchemaBootstrap] Schema managed by database dialect org.hibernate.dialect.MySQLInnoDBDialect.
12:17:15,297 INFO [org.alfresco.repo.domain.schema.SchemaBootstrap] No changes were made to the schema.
12:17:16,419 INFO [org.alfresco.repo.admin.ConfigurationChecker] The Alfresco root data directory ('dir.root') is: /opt/alfresco/alf_data
12:17:16,441 INFO [org.alfresco.repo.admin.patch.PatchExecuter] Checking for patches to apply …
12:17:16,586 INFO [org.alfresco.repo.admin.patch.PatchExecuter] No patches were required.
12:17:16,589 INFO [org.alfresco.repo.module.ModuleServiceImpl] Found 0 module(s).
12:17:16,961 INFO [org.alfresco.service.descriptor.DescriptorService] Alfresco JVM - v1.6.0_11-b03; maximum heap size 910.250MB
12:17:16,961 INFO [org.alfresco.service.descriptor.DescriptorService] Alfresco started (Labs): Current version 3.0.0 (c 1342) schema 1000 - Installed version 3.0.0 (c 1342) schema 1000
12:17:17,068 WARN [org.alfresco.linkvalidation.LinkValidationServiceImpl] LinkValidationService Update is not running (virtualization server not registered or started)
12:17:26,249 INFO [org.alfresco.web.scripts.DeclarativeRegistry] Registered 21 Web Scripts (+0 failed), 23 URLs
12:17:26,250 INFO [org.alfresco.web.scripts.AbstractRuntimeContainer] Initialised Presentation Web Script Container (in 65.977ms)
12:17:26,417 INFO [org.alfresco.web.scripts.DeclarativeRegistry] Registered 134 Web Scripts (+0 failed), 136 URLs
12:17:26,417 INFO [org.alfresco.web.scripts.AbstractRuntimeContainer] Initialised WebFramework Web Script Container (in 164.794ms)
12:17:26,436 INFO [org.alfresco.web.site.FrameworkHelper] Successfully Initialized Web Framework
12:17:57,744 INFO [org.alfresco.web.site.FrameworkHelper] Successfully Initialized Web FrameworkAgain, the result of the above configuration is that no user can use the Windows XP "Map Network Drive…" function to map the CIFS server as a shared drive.
Where is the error in this out-of-the-box configuration?
Labels:
- Labels:
-
Archive
32 REPLIES 32
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-20-2009 08:55 AM
Just tried installing Alfresco's latest version being touted as the "stable" one. Still no joy with the CIFS passthru auth. Logs as follows:
However, everything working well through the web client.
file-servers-custom.xml as follows
13:51:15,206 DEBUG [org.alfresco.smb.protocol.auth] Null CIFS logon allowed
13:51:15,216 DEBUG [org.alfresco.smb.protocol.auth] No PassthruDetails for T1
13:51:22,884 DEBUG [org.alfresco.smb.protocol.auth] Null CIFS logon allowed
13:51:22,891 DEBUG [org.alfresco.smb.protocol.auth] No PassthruDetails for T2However, everything working well through the web client.
file-servers-custom.xml as follows
<alfresco-config area="file-servers">
<!– To override the default Alfresco filesystem use replace="true", to –>
<!– add additional filesystems remove the replace="true" attribute –>
<config evaluator="string-compare" condition="CIFS Server" replace="true">
<serverEnable enabled="true"/>
<host name="${cifs.localname}A" domain="${cifs.domain}"/>
<comment>Alfresco CIFS Server</comment>
<!– Set to the broadcast mask for the subnet –>
<broadcast>${cifs.broadcast}</broadcast>
<!– Use Java socket based NetBIOS over TCP/IP and native SMB on linux –>
<tcpipSMB platforms="linux,solaris,macosx"/>
<netBIOSSMB platforms="linux,solaris,macosx"/>
<!– Can be mapped to non-privileged ports, then use firewall rules to forward
requests from the standard ports –>
<!–
<tcpipSMB port="1445" platforms="linux,solaris,macosx"/>
<netBIOSSMB sessionPort="1139" namePort="1137" datagramPort="1138" platforms="linux,solaris,macosx"/>
–>
<hostAnnounce interval="5"/>
<!– Use Win32 NetBIOS interface on Windows –>
<Win32NetBIOS/>
<Win32Announce interval="5"/>
<!– CIFS authentication –>
<authenticator type="passthru">
<Server>DOMAIN\our.domain.com,DOMAIN\our2.domain.com</Server>
</authenticator>
</config>
<config evaluator="string-compare" condition="Filesystems" replace="true">
<filesystems>
<filesystem name="Alfresco">
<store>workspace://SpacesStore</store>
<rootPath>/app:company_home</rootPath>
<!– Add a URL file to each folder that links back to the web client –>
<urlFile>
<filename>__Alfresco.url</filename>
<webpath>http://${localname}:8080/alfresco/</webpath>
</urlFile>
<!– Mark locked files as offline –>
<offlineFiles/>
<!– Desktop actions –>
<desktopActions>
<global>
<path>alfresco/desktop/Alfresco.exe</path>
<webpath>http://${localname}:8080/alfresco/</webpath>
</global>
<action>
<class>org.alfresco.filesys.repo.desk.CheckInOutDesktopAction</class>
<name>CheckInOut</name>
<filename>__CheckInOut.exe</filename>
</action>
<action>
<class>org.alfresco.filesys.repo.desk.JavaScriptDesktopAction</class>
<name>JavaScriptURL</name>
<filename>__ShowDetails.exe</filename>
<script>alfresco/desktop/showDetails.js</script>
<attributes>anyFiles</attributes>
<preprocess>copyToTarget</preprocess>
</action>
</desktopActions>
<!–
<accessControl default="Write">
<user name="admin" access="Write"/>
<address subnet="90.1.0.0" mask="255.255.0.0" access="Write"/>
</accessControl>
–>
</filesystem>
<!– AVM virtualization view of all stores/versions for WCM –>
<avmfilesystem name="AVM">
<virtualView/>
</avmfilesystem>
</filesystems>
</config>
</alfresco-config>
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-20-2009 09:51 AM
Thought I should mention that JIRA has the ability to allow you to Vote for the issues you want to see fixed if you login. Might be an idea for everyone to vote for the following related issue to try and get it bumped a bit higher in the priority list?
https://issues.alfresco.com/jira/browse/ALFCOM-2165
https://issues.alfresco.com/jira/browse/ALFCOM-2165
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-20-2009 01:42 PM
It seems that Samba may provide the workaround we need. So now, we are going to install and configure Samba on our RHEL 5.2 server in an attempt to allow Alfresco to be mapped as a Network Drive. Apparently, Samba now supports both digital signatures and NTLMv2 hashing, which should get us to where we want to be.
Can anyone confirm for me that Samba could provide a way to satisfy the group policy settings that appear to be a cause of the issues I'm experiencing?
An example of these settings appear in the following Microsoft knowledge base article:
http://support.microsoft.com/kb/281648
If I can not find a way around these group policy issues (without changing the group policy settings) so that the Alfresco CIFS server can be mapped as a Network Drive, I may have to abandon Alfresco completely.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-22-2009 06:42 AM
As requested in https://issues.alfresco.com/jira/browse/ETHREEOH-531 please attach a WireShark trace to the ticket.
Thanks,
Mike
Thanks,
Mike
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2009 02:53 AM
Pardon my jumping in here. Today, I have loaded the Labs 3 Stable version on my CentOS 5.2 server and have working CIFS access using the Alfresco built-in CIFS server. Logging in as admin allowed me to add a PDF through Windows Explorer. As an ordinary user, I can't yet see my own home environment.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2009 04:47 PM
[size=125]UPDATE:[/size]
I strongly believe (though I can not prove) that the issues I am encountering are directly related to several group policy settings. Specifically, I believe the following group policy settings may be to blame:
[size=125][ERROR]WebDAV works in browser, but not Add Network Place[/size]
Are you in an Active Directory environment? I sure hope not, but if you are, I am VERY interested to see your configuration.
I strongly believe (though I can not prove) that the issues I am encountering are directly related to several group policy settings. Specifically, I believe the following group policy settings may be to blame:
- Policy – Current Setting
Microsoft network client: Digitally sign communications (always) – Enabled
Network security: LAN Manager authentication level – Send NTLMv2 response only\refuse LM & NTLM
Network security: Minimum session security for NTLM SSP based (including RPC) clients – Require message integrity, Require message confidentiality, Require NTLMv2 session security, Require 128-bit encryption
Network security: Minimum session security for NTLM SSP based (including RPC) servers — Require message integrity, Require message confidentiality, Require NTLMv2 session security, Require 128-bit encryption
[size=125][ERROR]WebDAV works in browser, but not Add Network Place[/size]
Pardon my jumping in here. Today, I have loaded the Labs 3 Stable version on my CentOS 5.2 server and have working CIFS access using the Alfresco built-in CIFS server. Logging in as admin allowed me to add a PDF through Windows Explorer. As an ordinary user, I can't yet see my own home environment.
Are you in an Active Directory environment? I sure hope not, but if you are, I am VERY interested to see your configuration.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2009 11:41 PM
No, not an AD environment, just straightforward CIFS password authentication.
Des
Des
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-24-2009 08:15 AM
No, not an AD environment, just straightforward CIFS password authentication.
That would explain it, at least, according to my theory of several group policy settings preventing Alfresco from working.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-27-2009 08:21 AM
I've managed to get CIFS to work with Alfresco 3d-dev nightly build from Jan 02. It contains some fixes from the enterprise version. It's a Windows 2003 server 32-bit in an AD environment. Same config on 64-bit won't work (tho it's a lot larger repository so it might be related to that). It seems up but accessing it just locks processor and then dies after a while. Java.exe remains using 50% proc.
Config:
ntlm-authentication-context.xml (note the usage of BOTH domain\server,server!):
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
<bean id="authenticationDao" class="org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao" >
<property name="allowSetEnabled" value="true" />
<property name="allowGetEnabled" value="true" />
<property name="allowDeleteUser" value="true" />
<property name="allowCreateUser" value="true" />
</bean>
<!– The authentication component. –>
<!– Use the passthru authentication component to authenticate using –>
<!– user accounts on one or more Windows servers. –>
<!– Properties that specify the server(s) to use for passthru –>
<!– authentication :- –>
<!– useLocalServer use the local server for authentication –>
<!– domain use domain controllers from the specified domain–>
<!– servers comma delimted list of server addresses or –>
<!– names –>
<bean id="authenticationComponent"
class="org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl"
parent="authenticationComponentBase">
<property name="useLocalServer">
<value>false</value>
</property>
<property name="servers">
<value>DOMAIN\DC,DC</value>
</property>
<property name="personService">
<ref bean="personService" />
</property>
<property name="nodeService">
<ref bean="nodeService" />
</property>
<property name="transactionService">
<ref bean="transactionComponent" />
</property>
<property name="guestAccess">
<value>false</value>
</property>
</bean>
</beans>
file-servers-custom.xml
<alfresco-config area="file-servers">
<!– To override the default Alfresco filesystem use replace="true", to –>
<!– add additional filesystems remove the replace="true" attribute –>
<config evaluator="string-compare" condition="CIFS Server" replace="true">
<serverEnable enabled="true"/>
<host name="${cifs.localname}_A" domain="${cifs.domain}"/>
<comment>Alfresco CIFS Server</comment>
<!– Set to the broadcast mask for the subnet –>
<broadcast>${cifs.broadcast}</broadcast>
<!– Use Java socket based NetBIOS over TCP/IP and native SMB on linux –>
<!–
<tcpipSMB platforms="linux,solaris,macosx"/>
<netBIOSSMB platforms="linux,solaris,macosx"/>
–>
<!– Can be mapped to non-privileged ports, then use firewall rules to forward
requests from the standard ports –>
<!–
<tcpipSMB port="1445" platforms="linux,solaris,macosx"/>
<netBIOSSMB sessionPort="1139" namePort="1137" datagramPort="1138" platforms="linux,solaris,macosx"/>
–>
<hostAnnounce interval="5"/>
<!– Use Win32 NetBIOS interface on Windows –>
<Win32NetBIOS/>
<Win32Announce interval="5"/>
<!– CIFS authentication –>
<authenticator type="alfresco">
</authenticator>
<!–
<WINS>
<primary>1.2.3.4</primary>
<secondary>5.6.7.8</secondary>
</WINS>
–>
<sessionDebug flags="Negotiate,Socket"/>
</config>
<config evaluator="string-compare" condition="Filesystems" replace="true">
<filesystems>
<filesystem name="Alfresco">
<store>workspace://SpacesStore</store>
<rootPath>/app:company_home</rootPath>
<!– Add a URL file to each folder that links back to the web client –>
<urlFile>
<filename>__Alfresco.url</filename>
<webpath>http://${localname}:8080/alfresco/</webpath>
</urlFile>
<!– Mark locked files as offline –>
<offlineFiles/>
<!– Desktop actions –>
<desktopActions>
<global>
<path>alfresco/desktop/Alfresco.exe</path>
<webpath>http://${localname}:8080/alfresco/</webpath>
</global>
<action>
<class>org.alfresco.filesys.repo.desk.CheckInOutDesktopAction</class>
<name>CheckInOut</name>
<filename>__CheckInOut.exe</filename>
</action>
<action>
<class>org.alfresco.filesys.repo.desk.JavaScriptDesktopAction</class>
<name>JavaScriptURL</name>
<filename>__ShowDetails.exe</filename>
<script>alfresco/desktop/showDetails.js</script>
<attributes>anyFiles</attributes>
<preprocess>copyToTarget</preprocess>
</action>
</desktopActions>
<!–
<accessControl default="Write">
<user name="admin" access="Write"/>
<address subnet="90.1.0.0" mask="255.255.0.0" access="Write"/>
</accessControl>
–>
</filesystem>
<!– AVM virtualization view of all stores/versions for WCM –>
<avmfilesystem name="AVM">
<virtualView/>
</avmfilesystem>
</filesystems>
</config>
</alfresco-config>
file-server.properties:
cifs.localname=${localname}
cifs.domain=DOMAIN
cifs.broadcast=172.16.1.255
+ usual NTLM changes in web.xml
Note that we can't access CIFS on any Alfresco version from XP SP3 or Vista SP1 computers. If anyone has a clue how to fix this on client side…
Hope this helps.
Managed to get it working from Vista SP1 using above configuration and with a rather strange fix mentioned here: https://issues.alfresco.com/jira/browse/ETWOTWO-501
So I edited Windows hosts file (found in c:\Windows\System32\drivers\etc\) on client and added:
13.13.13.13 alfp_ADoes anyone have a working 64bit CIFS configuration?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-04-2009 10:15 PM
I'd have to concurr that I got it to work..
Still testing.
I've udated the bug report to show the setup.. but essentially I set it up with Passthru.. (as I have done prior) - this time using "3stable" (as at 5 Feb 2009 AEDT) running on linux (centos 5.2 minimal - java and labs-3stable).
Was able to CIFS to IP address without username prompt (will check further - but initial shows working as expected) via XP workstation..
Still testing but appears to be OK..
"washed" Config I am using is in the bug report..
https://issues.alfresco.com/jira/browse/ALFCOM-2165
Still testing.
I've udated the bug report to show the setup.. but essentially I set it up with Passthru.. (as I have done prior) - this time using "3stable" (as at 5 Feb 2009 AEDT) running on linux (centos 5.2 minimal - java and labs-3stable).
Was able to CIFS to IP address without username prompt (will check further - but initial shows working as expected) via XP workstation..
Still testing but appears to be OK..
"washed" Config I am using is in the bug report..
https://issues.alfresco.com/jira/browse/ALFCOM-2165
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
