Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Enterprise Platforms
- Alfresco
- Alfresco Archive
- Re: [ERROR]Alfresco Engineers: CIFS auth does not ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
[ERROR]Alfresco Engineers: CIFS auth does not work. Sugg?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-13-2009 01:15 PM
[size=125]Purpose:[/size]
This thread is an attempt to resolve an issue that appears to plague many of us: CIFS server authentication configuration. Hopefully, this thread will come in handy to all of those who have posted about their various CIFS configurations not working. If possible, I would also like to create a wiki from this thread. To accomplish this goal, I will provide as much detail as I can because, regardless of significant efforts, I have been unable to configure CIFS to function properly in my environment at all.
[size=125]Platform:[/size]
Alfresco Server
—Operating System: Red Hat Enterprise Linux 5.2
—Database: MySQL 5.0.45-community (NOTE: Came w/ RHEL 5.2 installation)
—Java: JDK 1.6.0 Update 11
—Open Office: OpenOffice.org 2.3
Alfresco
—Current Version: Labs 3c
—Versions Tried: Community 2.9.0B, Enterprise 2.1 (trial), Enterprise 3.0.0 (trial)
—NOTE: Alfresco will be installed by and run under a NON-ROOT account. Configuration has been applied to forward requests on standard root-privileged ports to non-root ports, per the Running SMB/CIFS from a normal user account wiki.
Client PCs
—Operating System(s): Windows XP Professional SP3(80% of client PCs), Windows XP Professional x64 SP2 (20% of client PCs)
—Login Authentication: Windows Server 2003 Active Directory server
—Web Browser: Firefox 3.0.5
[size=125]Objective:[/size]
I would simply like to configure Alfresco Labs 3c to do the following:
a) Authenticate against Active Directory server and allow single sign-on (SSO) for the Alfresco Web Interface
b) Authenticate against Active Directory server and allow "Map Network Drive" on client PCs to the Alfresco CIFS server (see below picture)
[img]http://www.ece.uwaterloo.ca/Computing/Research/Software/Samba/images/map_network_drive.jpg[/img]
[size=125]Scenario 1: Issue, Output, and Configuration - Base Install CIFS Mapping Attempt:[/size]
For the purposes of this thread, I have freshly installed Alfresco Labs 3c. I then applied some general configuration to get Alfresco up and running without errors (e.g. set ALF_HOME, JAVA_HOME, running db_setup.sql on MySQL database, forcing db.url and dialect to use MySQL, setting OpenOffice location, etc).
Even at this early stage, I can not "Map Network Drive" to the Alfresco CIFS server (\\alfserver\alfresco) successfully. Also, it is worth noting is that issuing the command "alfresco.sh stop" DOES NOT stop all running Alfresco processes (a kill -9 <pid> command must be executed).
Output to alfresco.log (NOTE: log4j.properties org.alfresco.smb.protocol.auth=debug is ACTIVE)
"Map Network Drive" (Drive: Z: ; Folder: \\alfserver\alfresco), click Finish
"Map Network Drive" (Drive: Z: ; Folder: \\alfserver\alfresco), click "Connect using a different user name" (User name: Alfresco\<user>); Note that <user> has already been added via Alfresco Web Interface AND that <user> is the same value entered when logging into the client PC.
The following are ALL of the configuration files I have changed since freshly installing Alfresco Labs 3c:
/opt/alfresco/alfresco.sh
/opt/alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/file-servers.properties (NOTE: These are dummy values; my values are different)
/opt/alfresco/tomcat/shared/classes/alfresco/extension/web-client-config-custom.xml
/opt/alfresco/tomcat/shared/classes/alfresco/extension/file-servers-custom.xml
The above config produces the following output in alfresco.log when the "alfresco.sh start" command is issued:
Again, the result of the above configuration is that no user can use the Windows XP "Map Network Drive…" function to map the CIFS server as a shared drive.
Where is the error in this out-of-the-box configuration?
This thread is an attempt to resolve an issue that appears to plague many of us: CIFS server authentication configuration. Hopefully, this thread will come in handy to all of those who have posted about their various CIFS configurations not working. If possible, I would also like to create a wiki from this thread. To accomplish this goal, I will provide as much detail as I can because, regardless of significant efforts, I have been unable to configure CIFS to function properly in my environment at all.
[size=125]Platform:[/size]
Alfresco Server
—Operating System: Red Hat Enterprise Linux 5.2
—Database: MySQL 5.0.45-community (NOTE: Came w/ RHEL 5.2 installation)
—Java: JDK 1.6.0 Update 11
—Open Office: OpenOffice.org 2.3
Alfresco
—Current Version: Labs 3c
—Versions Tried: Community 2.9.0B, Enterprise 2.1 (trial), Enterprise 3.0.0 (trial)
—NOTE: Alfresco will be installed by and run under a NON-ROOT account. Configuration has been applied to forward requests on standard root-privileged ports to non-root ports, per the Running SMB/CIFS from a normal user account wiki.
Client PCs
—Operating System(s): Windows XP Professional SP3(80% of client PCs), Windows XP Professional x64 SP2 (20% of client PCs)
—Login Authentication: Windows Server 2003 Active Directory server
—Web Browser: Firefox 3.0.5
[size=125]Objective:[/size]
I would simply like to configure Alfresco Labs 3c to do the following:
a) Authenticate against Active Directory server and allow single sign-on (SSO) for the Alfresco Web Interface
b) Authenticate against Active Directory server and allow "Map Network Drive" on client PCs to the Alfresco CIFS server (see below picture)
[img]http://www.ece.uwaterloo.ca/Computing/Research/Software/Samba/images/map_network_drive.jpg[/img]
[size=125]Scenario 1: Issue, Output, and Configuration - Base Install CIFS Mapping Attempt:[/size]
For the purposes of this thread, I have freshly installed Alfresco Labs 3c. I then applied some general configuration to get Alfresco up and running without errors (e.g. set ALF_HOME, JAVA_HOME, running db_setup.sql on MySQL database, forcing db.url and dialect to use MySQL, setting OpenOffice location, etc).
Even at this early stage, I can not "Map Network Drive" to the Alfresco CIFS server (\\alfserver\alfresco) successfully. Also, it is worth noting is that issuing the command "alfresco.sh stop" DOES NOT stop all running Alfresco processes (a kill -9 <pid> command must be executed).
Output to alfresco.log (NOTE: log4j.properties org.alfresco.smb.protocol.auth=debug is ACTIVE)
"Map Network Drive" (Drive: Z: ; Folder: \\alfserver\alfresco), click Finish
12:52:43,303 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup NTLMSSP, MID=8, UID=0, PID=65279
12:52:43,303 DEBUG [org.alfresco.smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=985,Authenticator=EncType=23,Kvno=-1,Len=181]
12:52:43,303 DEBUG [org.alfresco.smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
12:52:43,303 ERROR [org.alfresco.smb.protocol.auth] Kerberos logon error
12:52:43,303 ERROR [org.alfresco.smb.protocol.auth] java.lang.NullPointerException
12:52:43,306 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup NTLMSSP, MID=16, UID=0, PID=65279
12:52:43,306 DEBUG [org.alfresco.smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=1020,Authenticator=EncType=23,Kvno=-1,Len=176]
12:52:43,306 DEBUG [org.alfresco.smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
12:52:43,306 ERROR [org.alfresco.smb.protocol.auth] Kerberos logon error
12:52:43,306 ERROR [org.alfresco.smb.protocol.auth] java.lang.NullPointerException"Map Network Drive" (Drive: Z: ; Folder: \\alfserver\alfresco), click "Connect using a different user name" (User name: Alfresco\<user>); Note that <user> has already been added via Alfresco Web Interface AND that <user> is the same value entered when logging into the client PC.
12:54:37,200 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup NTLMSSP, MID=8, UID=0, PID=65279
12:54:37,201 DEBUG [org.alfresco.smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=985,Authenticator=EncType=23,Kvno=-1,Len=181]
12:54:37,201 DEBUG [org.alfresco.smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
12:54:37,201 ERROR [org.alfresco.smb.protocol.auth] Kerberos logon error
12:54:37,201 ERROR [org.alfresco.smb.protocol.auth] java.lang.NullPointerException
12:54:39,466 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup NTLMSSP, MID=16, UID=0, PID=65279
12:54:39,476 DEBUG [org.alfresco.smb.protocol.auth] User logged on (type Normal)
12:54:39,478 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup NTLMSSP, MID=24, UID=0, PID=65279
12:54:39,631 DEBUG [org.alfresco.smb.protocol.auth] Logged on using NTLMSSP/NTLMv2
12:54:39,633 DEBUG [org.alfresco.smb.protocol.auth] User <user> logged on (type Normal)
12:54:39,634 DEBUG [org.alfresco.smb.protocol.auth] Allocated UID=0 for VC=[0:0,[<user>:null,Windows XP 3790 Service Pack 2,,<client pc ip>],Tree=0,Searches=0]The following are ALL of the configuration files I have changed since freshly installing Alfresco Labs 3c:
/opt/alfresco/alfresco.sh
#!/bin/sh
ALF_HOME=/opt/alfresco
cd "$ALF_HOME"
APPSERVER="${ALF_HOME}/tomcat"
export JAVA_HOME="/usr/local/java/jdk1.6.0_11"
export JAVA_OPTS='-Xms128m -Xmx1024m -XX:MaxPermSize=128m -server'
if [ "$1" = "start" ]; then
"${APPSERVER}/bin/startup.sh"
elif [ "$1" = "stop" ]; then
"${APPSERVER}/bin/shutdown.sh"
fi#########################################
# Override Alfresco Repository Settings #
#########################################
# Force fully-qualified path
dir.root=/opt/alfresco/alf_data
# Set MySQL database attributes
db.username=alfresco
db.password=alfresco
db.pool.initial=10
db.pool.max=100
db.driver=org.gjt.mm.mysql.Driver
db.url=jdbc:mysql://localhost/alfresco
# Set email attributes
mail.host=popserver.my.domain.com
mail.port=25
mail.username=
mail.password=
mail.encoding=UTF-8
mail.header=
mail.from.default=alfresco-admin@alfserver######################################
# Override Hibernate dialiect config #
######################################
# MySQL dialect (default)
hibernate.dialect=org.hibernate.dialect.MySQLInnoDBDialect<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
<bean id="openOfficeStartupBootstrap" class="org.alfresco.util.exec.RuntimeExecBootstrapBean" >
<property name="startupCommands">
<list><ref bean="openOfficeStartupCommand" /></list>
</property>
<property name="failOnError">
<value>false</value>
</property>
</bean>
<bean id="openOfficeStartupCommand" class="org.alfresco.util.exec.RuntimeExec">
<property name="commandMap">
<map>
<entry key=".*">
<value><![CDATA[soffice -accept=socket,host=localhost,port=8100;urp;StarOffice.ServiceManager -env:UserInstallation=file://oouser -nologo -headless -nofirststartwizard -nocrashrep -norestore]]></value>
</entry>
</map>
</property>
<property name="waitForCompletion">
<value>false</value>
</property>
<property name="errorCodes">
<value>2</value>
</property>
</bean>
</beans><?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
<bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
<property name="providers"> <list> <ref bean="authenticatedAuthenticationPassthroughProvider" /> <ref bean="daoAuthenticationProvider" /> </list> </property>
</bean>
<bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="authenticationDao"> <ref bean="authenticationDao" /> </property>
<property name="saltSource"> <ref bean="saltSource" /> </property>
<property name="passwordEncoder"> <ref bean="passwordEncoder" /> </property>
</bean>
<bean id="authenticatedAuthenticationPassthroughProvider" class="org.alfresco.repo.security.authentication.AuthenticatedAuthenticationPassthroughProvider" />
<bean id="authenticationDao" class="org.alfresco.repo.security.authentication.RepositoryAuthenticationDao">
<property name="nodeService"> <ref bean="nodeService" /> </property>
<property name="tenantService"> <ref bean="tenantService"/> </property>
<property name="dictionaryService"> <ref bean="dictionaryService" /> </property>
<property name="namespaceService"> <ref bean="namespaceService" /> </property>
<property name="searchService"> <ref bean="admSearchService" /> </property>
<property name="retryingTransactionHelper"> <ref bean="retryingTransactionHelper"/> </property>
<property name="userNamesAreCaseSensitive"> <value>${user.name.caseSensitive}</value> </property>
<property name="passwordEncoder"> <ref bean="passwordEncoder" /> </property>
</bean>
<alias alias="saltSource" name="authenticationDao"/>
<bean id="passwordEncoder" class="org.alfresco.repo.security.authentication.MD4PasswordEncoderImpl"></bean>
<bean id="authenticationService" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
<property name="authenticationDao"> <ref bean="authenticationDao" /> </property>
<property name="ticketComponent"> <ref bean="ticketComponent" /> </property>
<property name="authenticationComponent"> <ref bean="authenticationComponent" /> </property>
<property name="sysAdminCache"> <ref bean="sysAdminCache"/> </property>
</bean>
<bean id="AuthenticationComponent" class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean">
<property name="proxyInterfaces"> <value>org.alfresco.repo.security.authentication.AuthenticationComponent</value> </property>
<property name="transactionManager"> <ref bean="transactionManager" /> </property>
<property name="target"> <ref bean="authenticationComponent" /> </property>
<property name="transactionAttributes"> <props> <prop key="*">${server.transaction.mode.default}</prop> </props> </property>
</bean>
<bean id="authenticationComponentBase" abstract="true">
<property name="tenantService"> <ref bean="tenantService"/> </property>
</bean>
<bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.AuthenticationComponentImpl" parent="authenticationComponentBase">
<property name="authenticationDao"> <ref bean="authenticationDao" /> </property>
<property name="authenticationManager"> <ref bean="authenticationManager" /> </property>
<property name="allowGuestLogin"> <value>false</value> </property>
<property name="nodeService"> <ref bean="nodeService" /> </property>
<property name="personService"> <ref bean="personService" /> </property>
<property name="transactionService"> <ref bean="transactionService" /> </property>
</bean>
<bean id="personDaoImpl" class="org.alfresco.repo.security.person.PersonDaoImpl">
<property name="sessionFactory"> <ref bean="sessionFactory" /> </property>
<property name="localeDAO"> <ref bean="localeDAO" /> </property>
<property name="qnameDAO"> <ref bean="qnameDAO" /> </property>
<property name="dictionaryService"> <ref bean="dictionaryService" /> </property>
</bean>
<bean id="personService" class="org.alfresco.repo.security.person.PersonServiceImpl" init-method="init">
<property name="transactionService"> <ref bean="transactionService" /> </property>
<property name="nodeService"> <ref bean="nodeService" /> </property>
<property name="tenantService"> <ref bean="tenantService"/> </property>
<property name="searchService"> <ref bean="admSearchService" /> </property>
<property name="permissionServiceSPI"> <ref bean="permissionServiceImpl" /> </property>
<property name="authorityService"> <ref bean="authorityService" /> </property>
<property name="dictionaryService"> <ref bean="dictionaryService" /> </property>
<property name="namespacePrefixResolver"> <ref bean="namespaceService" /> </property>
<property name="policyComponent"> <ref bean="policyComponent"/> </property>
<property name="personCache"> <ref bean="personCache" /> </property>
<property name="personDao"> <ref bean="personDaoImpl" /> </property>
<property name="storeUrl"> <value>${spaces.store}</value> </property>
<property name="createMissingPeople"> <value>${server.transaction.allow-writes}</value> </property>
<property name="userNamesAreCaseSensitive"> <value>${user.name.caseSensitive}</value> </property>
<property name="processDuplicates"> <value>true</value> </property>
<property name="duplicateMode"> <value>SPLIT</value> </property>
<property name="lastIsBest"> <value>true</value> </property>
<property name="includeAutoCreated"> <value>false</value> </property>
</bean>
<bean name="homeFolderManager" class="org.alfresco.repo.security.person.HomeFolderManager">
<property name="nodeService"> <ref bean="nodeService" /> </property>
<property name="policyComponent"> <ref bean="policyComponent" /> </property>
<property name="defaultProvider"> <ref bean="userHomesHomeFolderProvider" /> </property>
</bean>
<bean name="companyHomeFolderProvider" class="org.alfresco.repo.security.person.ExistingPathBasedHomeFolderProvider">
<property name="serviceRegistry"> <ref bean="ServiceRegistry" /> </property>
<property name="path"> <value>/${spaces.company_home.childname}</value> </property>
<property name="storeUrl"> <value>${spaces.store}</value> </property>
<property name="homeFolderManager"> <ref bean="homeFolderManager" /> </property>
</bean>
<bean name="guestHomeFolderProvider" class="org.alfresco.repo.security.person.ExistingPathBasedHomeFolderProvider">
<property name="serviceRegistry"> <ref bean="ServiceRegistry" /> </property>
<property name="path"> <value>/${spaces.company_home.childname}/${spaces.guest_home.childname}</value> </property>
<property name="storeUrl"> <value>${spaces.store}</value> </property>
<property name="homeFolderManager"> <ref bean="homeFolderManager" /> </property>
<property name="userPermissions"> <set> <value>Consumer</value> </set> </property>
</bean>
<bean name="bootstrapHomeFolderProvider" class="org.alfresco.repo.security.person.BootstrapHomeFolderProvider">
<property name="homeFolderManager"> <ref bean="homeFolderManager" /> </property>
</bean>
<bean name="personalHomeFolderProvider" class="org.alfresco.repo.security.person.UIDBasedHomeFolderProvider">
<property name="serviceRegistry"> <ref bean="ServiceRegistry" /> </property>
<property name="path"> <value>/${spaces.company_home.childname}</value> </property>
<property name="storeUrl"> <value>${spaces.store}</value> </property>
<property name="homeFolderManager"> <ref bean="homeFolderManager" /> </property>
<property name="inheritsPermissionsOnCreate"> <value>false</value> </property>
<property name="ownerPermissionsToSetOnCreate"> <set> <value>All</value> </set> </property>
<property name="userPermissions"> <set> <value>All</value> </set> </property>
</bean>
<bean name="userHomesHomeFolderProvider" class="org.alfresco.repo.security.person.UIDBasedHomeFolderProvider">
<property name="serviceRegistry"> <ref bean="ServiceRegistry" /> </property>
<property name="path"> <value>/${spaces.company_home.childname}/${spaces.user_homes.childname}</value> </property>
<property name="storeUrl"> <value>${spaces.store}</value> </property>
<property name="homeFolderManager"> <ref bean="homeFolderManager" /> </property>
<property name="inheritsPermissionsOnCreate"> <value>false</value> </property>
<property name="ownerPermissionsToSetOnCreate"> <set> <value>All</value> </set> </property>
<property name="userPermissions"> <set> <value>All</value> </set> </property>
</bean>
<bean id="ticketComponent" class="org.alfresco.repo.security.authentication.InMemoryTicketComponentImpl">
<property name="ticketsCache"> <ref bean="ticketsCache"/> </property>
<property name="validDuration"> <value>PT1H</value> </property>
<property name="ticketsExpire"> <value>false</value> </property>
<property name="oneOff"> <value>false</value> </property>
<property name="expiryMode"> <value>AFTER_FIXED_TIME</value> </property>
</bean>
<bean id="userNameGenerator" class="org.alfresco.repo.security.authentication.BasicUserNameGenerator">
<property name="userNameLength"> <value>6</value> </property>
</bean>
<bean id="passwordGenerator" class="org.alfresco.repo.security.authentication.BasicPasswordGenerator">
<property name="passwordLength"> <value>8</value> </property>
</bean>
</beans>/opt/alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/file-servers.properties (NOTE: These are dummy values; my values are different)
cifs.localname=alfserver
cifs.domain=my.domain.com
cifs.broadcast=123.234.123.234/opt/alfresco/tomcat/shared/classes/alfresco/extension/web-client-config-custom.xml
<alfresco-config>
<config>
<client>
<initial-location>userhome</initial-location>
<from-email-address>alfresco-admin@alfserver</from-email-address>
</client>
</config>
<config evaluator="string-compare" condition="Views">
<views>
<view-defaults>
<browse>
<sort-direction>descending</sort-direction>
<view>details</view>
<page-size>
<list>30</list>
<details>30</details>
<icons>30</icons>
</page-size>
</browse>
</view-defaults>
</views>
</config>
</alfresco-config>/opt/alfresco/tomcat/shared/classes/alfresco/extension/file-servers-custom.xml
<alfresco-config area="file-servers">
<config evaluator="string-compare" condition="Filesystems" replace="true">
<filesystems>
<filesystem name="Alfresco">
<store>workspace://SpacesStore</store>
<rootPath>/app:company_home</rootPath>
<urlFile>
<filename>__Alfresco.url</filename>
<webpath>http://${localname}:8080/alfresco/</webpath>
</urlFile>
<offlineFiles/>
<desktopActions>
<global>
<path>alfresco/desktop/Alfresco.exe</path>
<webpath>http://${localname}:8080/alfresco/</webpath>
</global>
<action>
<class>org.alfresco.filesys.repo.desk.CheckInOutDesktopAction</class>
<name>CheckInOut</name>
<filename>__CheckInOut.exe</filename>
</action>
<action>
<class>org.alfresco.filesys.repo.desk.JavaScriptDesktopAction</class>
<name>JavaScriptURL</name>
<filename>__ShowDetails.exe</filename>
<script>alfresco/desktop/showDetails.js</script>
<attributes>anyFiles</attributes>
<preprocess>copyToTarget</preprocess>
</action>
</desktopActions>
</filesystem>
<avmfilesystem name="AVM">
<virtualView/>
</avmfilesystem>
</filesystems>
</config>
<config evaluator="string-compare" condition="CIFS Server" replace="true">
<serverEnable enabled="true"/>
<host name="${cifs.localname}" domain="${cifs.domain}"/>
<comment>Alfresco CIFS Server</comment>
<broadcast>${cifs.broadcast}</broadcast>
<tcpipSMB port="1445" platforms="linux,solaris,macosx"/>
<netBIOSSMB sessionPort="1139" namePort="1137" datagramPort="1138" platforms="linux,solaris,macosx"/>
<hostAnnounce interval="5"/>
<Win32NetBIOS/>
<Win32Announce interval="5"/>
<authenticator type="enterprise">
</authenticator>
<sessionDebug flags="Negotiate,Socket"/>
</config>
</alfresco-config>The above config produces the following output in alfresco.log when the "alfresco.sh start" command is issued:
12:17:10,456 INFO [org.alfresco.config.xml.XMLConfigService$PropertyConfigurer] Loading properties file from class path resource [alfresco/file-servers.properties]
12:17:11,102 DEBUG [org.alfresco.smb.protocol.auth] preRegister called. Server=com.sun.jmx.mbeanserver.JmxMBeanServer@18438d57, name=log4j:logger=org.alfresco.smb.protocol.auth
12:17:14,939 INFO [org.alfresco.repo.domain.schema.SchemaBootstrap] Schema managed by database dialect org.hibernate.dialect.MySQLInnoDBDialect.
12:17:15,297 INFO [org.alfresco.repo.domain.schema.SchemaBootstrap] No changes were made to the schema.
12:17:16,419 INFO [org.alfresco.repo.admin.ConfigurationChecker] The Alfresco root data directory ('dir.root') is: /opt/alfresco/alf_data
12:17:16,441 INFO [org.alfresco.repo.admin.patch.PatchExecuter] Checking for patches to apply …
12:17:16,586 INFO [org.alfresco.repo.admin.patch.PatchExecuter] No patches were required.
12:17:16,589 INFO [org.alfresco.repo.module.ModuleServiceImpl] Found 0 module(s).
12:17:16,961 INFO [org.alfresco.service.descriptor.DescriptorService] Alfresco JVM - v1.6.0_11-b03; maximum heap size 910.250MB
12:17:16,961 INFO [org.alfresco.service.descriptor.DescriptorService] Alfresco started (Labs): Current version 3.0.0 (c 1342) schema 1000 - Installed version 3.0.0 (c 1342) schema 1000
12:17:17,068 WARN [org.alfresco.linkvalidation.LinkValidationServiceImpl] LinkValidationService Update is not running (virtualization server not registered or started)
12:17:26,249 INFO [org.alfresco.web.scripts.DeclarativeRegistry] Registered 21 Web Scripts (+0 failed), 23 URLs
12:17:26,250 INFO [org.alfresco.web.scripts.AbstractRuntimeContainer] Initialised Presentation Web Script Container (in 65.977ms)
12:17:26,417 INFO [org.alfresco.web.scripts.DeclarativeRegistry] Registered 134 Web Scripts (+0 failed), 136 URLs
12:17:26,417 INFO [org.alfresco.web.scripts.AbstractRuntimeContainer] Initialised WebFramework Web Script Container (in 164.794ms)
12:17:26,436 INFO [org.alfresco.web.site.FrameworkHelper] Successfully Initialized Web Framework
12:17:57,744 INFO [org.alfresco.web.site.FrameworkHelper] Successfully Initialized Web FrameworkAgain, the result of the above configuration is that no user can use the Windows XP "Map Network Drive…" function to map the CIFS server as a shared drive.
Where is the error in this out-of-the-box configuration?
Labels:
- Labels:
-
Archive
32 REPLIES 32
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-12-2009 12:05 AM
My findings are that there is a bug whereby the definition of "enterprise" security as below
<config evaluator="string-compare" condition="Filesystem Security">
<authenticator type="enterprise">
</authenticator>
causes CIFS to fail with (at least) dynamically assigned user spaces. Use "alfresco" instead and this works. It has something to do with the authenticator failing because it cannot find/associate the homeFolder. Of course setting this means that you probably can't use NTLM/Kerberos etc. - but hey , at least you can connect as a CIFS user … 🙂
My version is 2.2B fyi.
<config evaluator="string-compare" condition="Filesystem Security">
<authenticator type="enterprise">
</authenticator>
causes CIFS to fail with (at least) dynamically assigned user spaces. Use "alfresco" instead and this works. It has something to do with the authenticator failing because it cannot find/associate the homeFolder. Of course setting this means that you probably can't use NTLM/Kerberos etc. - but hey , at least you can connect as a CIFS user … 🙂
My version is 2.2B fyi.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-16-2009 03:21 AM
If you use Lab 3 stable release, in order to have CIFS authentication working with NTLM, you have to put the following config within the CIFS config rather than outside as previous releases:
<authenticator type="alfresco">
</authenticator>
For instance:
<config evaluator="string-compare" condition="CIFS Server" replace="true">
<serverEnable enabled="true"/>
<host name="alflab3z" domain="yourdomain" />
<comment>Alfresco CIFS Server</comment>
<broadcast>255.255.255.255</broadcast>
<tcpipSMB platforms="linux,solaris,macosx"/>
<netBIOSSMB platforms="linux,solaris,macosx"/>
<hostAnnounce interval="5"/>
<Win32NetBIOS/>
<Win32Announce interval="5"/>
<authenticator type="alfresco">
</authenticator>
<sessionDebug flags="Negotiate,Socket"/>
</config>
Best regards,
Alessandro
<authenticator type="alfresco">
</authenticator>
For instance:
<config evaluator="string-compare" condition="CIFS Server" replace="true">
<serverEnable enabled="true"/>
<host name="alflab3z" domain="yourdomain" />
<comment>Alfresco CIFS Server</comment>
<broadcast>255.255.255.255</broadcast>
<tcpipSMB platforms="linux,solaris,macosx"/>
<netBIOSSMB platforms="linux,solaris,macosx"/>
<hostAnnounce interval="5"/>
<Win32NetBIOS/>
<Win32Announce interval="5"/>
<authenticator type="alfresco">
</authenticator>
<sessionDebug flags="Negotiate,Socket"/>
</config>
Best regards,
Alessandro
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-01-2009 01:48 PM
Uh.. you mention you were not running alfresco as root, but if it is to operate the privileged ports below 1024 ( 137,138,139, 445) for cifs and auth wouldn't you need root privs? When you went to samba, i'm betting it is started with root level privs at boot time.
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
