Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Enterprise Platforms
- Alfresco
- Alfresco Archive
- [ERROR]Alfresco Engineers: CIFS auth does not work...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
[ERROR]Alfresco Engineers: CIFS auth does not work. Sugg?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-13-2009 01:15 PM
[size=125]Purpose:[/size]
This thread is an attempt to resolve an issue that appears to plague many of us: CIFS server authentication configuration. Hopefully, this thread will come in handy to all of those who have posted about their various CIFS configurations not working. If possible, I would also like to create a wiki from this thread. To accomplish this goal, I will provide as much detail as I can because, regardless of significant efforts, I have been unable to configure CIFS to function properly in my environment at all.
[size=125]Platform:[/size]
Alfresco Server
—Operating System: Red Hat Enterprise Linux 5.2
—Database: MySQL 5.0.45-community (NOTE: Came w/ RHEL 5.2 installation)
—Java: JDK 1.6.0 Update 11
—Open Office: OpenOffice.org 2.3
Alfresco
—Current Version: Labs 3c
—Versions Tried: Community 2.9.0B, Enterprise 2.1 (trial), Enterprise 3.0.0 (trial)
—NOTE: Alfresco will be installed by and run under a NON-ROOT account. Configuration has been applied to forward requests on standard root-privileged ports to non-root ports, per the Running SMB/CIFS from a normal user account wiki.
Client PCs
—Operating System(s): Windows XP Professional SP3(80% of client PCs), Windows XP Professional x64 SP2 (20% of client PCs)
—Login Authentication: Windows Server 2003 Active Directory server
—Web Browser: Firefox 3.0.5
[size=125]Objective:[/size]
I would simply like to configure Alfresco Labs 3c to do the following:
a) Authenticate against Active Directory server and allow single sign-on (SSO) for the Alfresco Web Interface
b) Authenticate against Active Directory server and allow "Map Network Drive" on client PCs to the Alfresco CIFS server (see below picture)
[img]http://www.ece.uwaterloo.ca/Computing/Research/Software/Samba/images/map_network_drive.jpg[/img]
[size=125]Scenario 1: Issue, Output, and Configuration - Base Install CIFS Mapping Attempt:[/size]
For the purposes of this thread, I have freshly installed Alfresco Labs 3c. I then applied some general configuration to get Alfresco up and running without errors (e.g. set ALF_HOME, JAVA_HOME, running db_setup.sql on MySQL database, forcing db.url and dialect to use MySQL, setting OpenOffice location, etc).
Even at this early stage, I can not "Map Network Drive" to the Alfresco CIFS server (\\alfserver\alfresco) successfully. Also, it is worth noting is that issuing the command "alfresco.sh stop" DOES NOT stop all running Alfresco processes (a kill -9 <pid> command must be executed).
Output to alfresco.log (NOTE: log4j.properties org.alfresco.smb.protocol.auth=debug is ACTIVE)
"Map Network Drive" (Drive: Z: ; Folder: \\alfserver\alfresco), click Finish
"Map Network Drive" (Drive: Z: ; Folder: \\alfserver\alfresco), click "Connect using a different user name" (User name: Alfresco\<user>); Note that <user> has already been added via Alfresco Web Interface AND that <user> is the same value entered when logging into the client PC.
The following are ALL of the configuration files I have changed since freshly installing Alfresco Labs 3c:
/opt/alfresco/alfresco.sh
/opt/alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/file-servers.properties (NOTE: These are dummy values; my values are different)
/opt/alfresco/tomcat/shared/classes/alfresco/extension/web-client-config-custom.xml
/opt/alfresco/tomcat/shared/classes/alfresco/extension/file-servers-custom.xml
The above config produces the following output in alfresco.log when the "alfresco.sh start" command is issued:
Again, the result of the above configuration is that no user can use the Windows XP "Map Network Drive…" function to map the CIFS server as a shared drive.
Where is the error in this out-of-the-box configuration?
This thread is an attempt to resolve an issue that appears to plague many of us: CIFS server authentication configuration. Hopefully, this thread will come in handy to all of those who have posted about their various CIFS configurations not working. If possible, I would also like to create a wiki from this thread. To accomplish this goal, I will provide as much detail as I can because, regardless of significant efforts, I have been unable to configure CIFS to function properly in my environment at all.
[size=125]Platform:[/size]
Alfresco Server
—Operating System: Red Hat Enterprise Linux 5.2
—Database: MySQL 5.0.45-community (NOTE: Came w/ RHEL 5.2 installation)
—Java: JDK 1.6.0 Update 11
—Open Office: OpenOffice.org 2.3
Alfresco
—Current Version: Labs 3c
—Versions Tried: Community 2.9.0B, Enterprise 2.1 (trial), Enterprise 3.0.0 (trial)
—NOTE: Alfresco will be installed by and run under a NON-ROOT account. Configuration has been applied to forward requests on standard root-privileged ports to non-root ports, per the Running SMB/CIFS from a normal user account wiki.
Client PCs
—Operating System(s): Windows XP Professional SP3(80% of client PCs), Windows XP Professional x64 SP2 (20% of client PCs)
—Login Authentication: Windows Server 2003 Active Directory server
—Web Browser: Firefox 3.0.5
[size=125]Objective:[/size]
I would simply like to configure Alfresco Labs 3c to do the following:
a) Authenticate against Active Directory server and allow single sign-on (SSO) for the Alfresco Web Interface
b) Authenticate against Active Directory server and allow "Map Network Drive" on client PCs to the Alfresco CIFS server (see below picture)
[img]http://www.ece.uwaterloo.ca/Computing/Research/Software/Samba/images/map_network_drive.jpg[/img]
[size=125]Scenario 1: Issue, Output, and Configuration - Base Install CIFS Mapping Attempt:[/size]
For the purposes of this thread, I have freshly installed Alfresco Labs 3c. I then applied some general configuration to get Alfresco up and running without errors (e.g. set ALF_HOME, JAVA_HOME, running db_setup.sql on MySQL database, forcing db.url and dialect to use MySQL, setting OpenOffice location, etc).
Even at this early stage, I can not "Map Network Drive" to the Alfresco CIFS server (\\alfserver\alfresco) successfully. Also, it is worth noting is that issuing the command "alfresco.sh stop" DOES NOT stop all running Alfresco processes (a kill -9 <pid> command must be executed).
Output to alfresco.log (NOTE: log4j.properties org.alfresco.smb.protocol.auth=debug is ACTIVE)
"Map Network Drive" (Drive: Z: ; Folder: \\alfserver\alfresco), click Finish
12:52:43,303 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup NTLMSSP, MID=8, UID=0, PID=65279
12:52:43,303 DEBUG [org.alfresco.smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=985,Authenticator=EncType=23,Kvno=-1,Len=181]
12:52:43,303 DEBUG [org.alfresco.smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
12:52:43,303 ERROR [org.alfresco.smb.protocol.auth] Kerberos logon error
12:52:43,303 ERROR [org.alfresco.smb.protocol.auth] java.lang.NullPointerException
12:52:43,306 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup NTLMSSP, MID=16, UID=0, PID=65279
12:52:43,306 DEBUG [org.alfresco.smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=1020,Authenticator=EncType=23,Kvno=-1,Len=176]
12:52:43,306 DEBUG [org.alfresco.smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
12:52:43,306 ERROR [org.alfresco.smb.protocol.auth] Kerberos logon error
12:52:43,306 ERROR [org.alfresco.smb.protocol.auth] java.lang.NullPointerException"Map Network Drive" (Drive: Z: ; Folder: \\alfserver\alfresco), click "Connect using a different user name" (User name: Alfresco\<user>); Note that <user> has already been added via Alfresco Web Interface AND that <user> is the same value entered when logging into the client PC.
12:54:37,200 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup NTLMSSP, MID=8, UID=0, PID=65279
12:54:37,201 DEBUG [org.alfresco.smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=985,Authenticator=EncType=23,Kvno=-1,Len=181]
12:54:37,201 DEBUG [org.alfresco.smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
12:54:37,201 ERROR [org.alfresco.smb.protocol.auth] Kerberos logon error
12:54:37,201 ERROR [org.alfresco.smb.protocol.auth] java.lang.NullPointerException
12:54:39,466 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup NTLMSSP, MID=16, UID=0, PID=65279
12:54:39,476 DEBUG [org.alfresco.smb.protocol.auth] User logged on (type Normal)
12:54:39,478 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup NTLMSSP, MID=24, UID=0, PID=65279
12:54:39,631 DEBUG [org.alfresco.smb.protocol.auth] Logged on using NTLMSSP/NTLMv2
12:54:39,633 DEBUG [org.alfresco.smb.protocol.auth] User <user> logged on (type Normal)
12:54:39,634 DEBUG [org.alfresco.smb.protocol.auth] Allocated UID=0 for VC=[0:0,[<user>:null,Windows XP 3790 Service Pack 2,,<client pc ip>],Tree=0,Searches=0]The following are ALL of the configuration files I have changed since freshly installing Alfresco Labs 3c:
/opt/alfresco/alfresco.sh
#!/bin/sh
ALF_HOME=/opt/alfresco
cd "$ALF_HOME"
APPSERVER="${ALF_HOME}/tomcat"
export JAVA_HOME="/usr/local/java/jdk1.6.0_11"
export JAVA_OPTS='-Xms128m -Xmx1024m -XX:MaxPermSize=128m -server'
if [ "$1" = "start" ]; then
"${APPSERVER}/bin/startup.sh"
elif [ "$1" = "stop" ]; then
"${APPSERVER}/bin/shutdown.sh"
fi#########################################
# Override Alfresco Repository Settings #
#########################################
# Force fully-qualified path
dir.root=/opt/alfresco/alf_data
# Set MySQL database attributes
db.username=alfresco
db.password=alfresco
db.pool.initial=10
db.pool.max=100
db.driver=org.gjt.mm.mysql.Driver
db.url=jdbc:mysql://localhost/alfresco
# Set email attributes
mail.host=popserver.my.domain.com
mail.port=25
mail.username=
mail.password=
mail.encoding=UTF-8
mail.header=
mail.from.default=alfresco-admin@alfserver######################################
# Override Hibernate dialiect config #
######################################
# MySQL dialect (default)
hibernate.dialect=org.hibernate.dialect.MySQLInnoDBDialect<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
<bean id="openOfficeStartupBootstrap" class="org.alfresco.util.exec.RuntimeExecBootstrapBean" >
<property name="startupCommands">
<list><ref bean="openOfficeStartupCommand" /></list>
</property>
<property name="failOnError">
<value>false</value>
</property>
</bean>
<bean id="openOfficeStartupCommand" class="org.alfresco.util.exec.RuntimeExec">
<property name="commandMap">
<map>
<entry key=".*">
<value><![CDATA[soffice -accept=socket,host=localhost,port=8100;urp;StarOffice.ServiceManager -env:UserInstallation=file://oouser -nologo -headless -nofirststartwizard -nocrashrep -norestore]]></value>
</entry>
</map>
</property>
<property name="waitForCompletion">
<value>false</value>
</property>
<property name="errorCodes">
<value>2</value>
</property>
</bean>
</beans><?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
<bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
<property name="providers"> <list> <ref bean="authenticatedAuthenticationPassthroughProvider" /> <ref bean="daoAuthenticationProvider" /> </list> </property>
</bean>
<bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="authenticationDao"> <ref bean="authenticationDao" /> </property>
<property name="saltSource"> <ref bean="saltSource" /> </property>
<property name="passwordEncoder"> <ref bean="passwordEncoder" /> </property>
</bean>
<bean id="authenticatedAuthenticationPassthroughProvider" class="org.alfresco.repo.security.authentication.AuthenticatedAuthenticationPassthroughProvider" />
<bean id="authenticationDao" class="org.alfresco.repo.security.authentication.RepositoryAuthenticationDao">
<property name="nodeService"> <ref bean="nodeService" /> </property>
<property name="tenantService"> <ref bean="tenantService"/> </property>
<property name="dictionaryService"> <ref bean="dictionaryService" /> </property>
<property name="namespaceService"> <ref bean="namespaceService" /> </property>
<property name="searchService"> <ref bean="admSearchService" /> </property>
<property name="retryingTransactionHelper"> <ref bean="retryingTransactionHelper"/> </property>
<property name="userNamesAreCaseSensitive"> <value>${user.name.caseSensitive}</value> </property>
<property name="passwordEncoder"> <ref bean="passwordEncoder" /> </property>
</bean>
<alias alias="saltSource" name="authenticationDao"/>
<bean id="passwordEncoder" class="org.alfresco.repo.security.authentication.MD4PasswordEncoderImpl"></bean>
<bean id="authenticationService" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
<property name="authenticationDao"> <ref bean="authenticationDao" /> </property>
<property name="ticketComponent"> <ref bean="ticketComponent" /> </property>
<property name="authenticationComponent"> <ref bean="authenticationComponent" /> </property>
<property name="sysAdminCache"> <ref bean="sysAdminCache"/> </property>
</bean>
<bean id="AuthenticationComponent" class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean">
<property name="proxyInterfaces"> <value>org.alfresco.repo.security.authentication.AuthenticationComponent</value> </property>
<property name="transactionManager"> <ref bean="transactionManager" /> </property>
<property name="target"> <ref bean="authenticationComponent" /> </property>
<property name="transactionAttributes"> <props> <prop key="*">${server.transaction.mode.default}</prop> </props> </property>
</bean>
<bean id="authenticationComponentBase" abstract="true">
<property name="tenantService"> <ref bean="tenantService"/> </property>
</bean>
<bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.AuthenticationComponentImpl" parent="authenticationComponentBase">
<property name="authenticationDao"> <ref bean="authenticationDao" /> </property>
<property name="authenticationManager"> <ref bean="authenticationManager" /> </property>
<property name="allowGuestLogin"> <value>false</value> </property>
<property name="nodeService"> <ref bean="nodeService" /> </property>
<property name="personService"> <ref bean="personService" /> </property>
<property name="transactionService"> <ref bean="transactionService" /> </property>
</bean>
<bean id="personDaoImpl" class="org.alfresco.repo.security.person.PersonDaoImpl">
<property name="sessionFactory"> <ref bean="sessionFactory" /> </property>
<property name="localeDAO"> <ref bean="localeDAO" /> </property>
<property name="qnameDAO"> <ref bean="qnameDAO" /> </property>
<property name="dictionaryService"> <ref bean="dictionaryService" /> </property>
</bean>
<bean id="personService" class="org.alfresco.repo.security.person.PersonServiceImpl" init-method="init">
<property name="transactionService"> <ref bean="transactionService" /> </property>
<property name="nodeService"> <ref bean="nodeService" /> </property>
<property name="tenantService"> <ref bean="tenantService"/> </property>
<property name="searchService"> <ref bean="admSearchService" /> </property>
<property name="permissionServiceSPI"> <ref bean="permissionServiceImpl" /> </property>
<property name="authorityService"> <ref bean="authorityService" /> </property>
<property name="dictionaryService"> <ref bean="dictionaryService" /> </property>
<property name="namespacePrefixResolver"> <ref bean="namespaceService" /> </property>
<property name="policyComponent"> <ref bean="policyComponent"/> </property>
<property name="personCache"> <ref bean="personCache" /> </property>
<property name="personDao"> <ref bean="personDaoImpl" /> </property>
<property name="storeUrl"> <value>${spaces.store}</value> </property>
<property name="createMissingPeople"> <value>${server.transaction.allow-writes}</value> </property>
<property name="userNamesAreCaseSensitive"> <value>${user.name.caseSensitive}</value> </property>
<property name="processDuplicates"> <value>true</value> </property>
<property name="duplicateMode"> <value>SPLIT</value> </property>
<property name="lastIsBest"> <value>true</value> </property>
<property name="includeAutoCreated"> <value>false</value> </property>
</bean>
<bean name="homeFolderManager" class="org.alfresco.repo.security.person.HomeFolderManager">
<property name="nodeService"> <ref bean="nodeService" /> </property>
<property name="policyComponent"> <ref bean="policyComponent" /> </property>
<property name="defaultProvider"> <ref bean="userHomesHomeFolderProvider" /> </property>
</bean>
<bean name="companyHomeFolderProvider" class="org.alfresco.repo.security.person.ExistingPathBasedHomeFolderProvider">
<property name="serviceRegistry"> <ref bean="ServiceRegistry" /> </property>
<property name="path"> <value>/${spaces.company_home.childname}</value> </property>
<property name="storeUrl"> <value>${spaces.store}</value> </property>
<property name="homeFolderManager"> <ref bean="homeFolderManager" /> </property>
</bean>
<bean name="guestHomeFolderProvider" class="org.alfresco.repo.security.person.ExistingPathBasedHomeFolderProvider">
<property name="serviceRegistry"> <ref bean="ServiceRegistry" /> </property>
<property name="path"> <value>/${spaces.company_home.childname}/${spaces.guest_home.childname}</value> </property>
<property name="storeUrl"> <value>${spaces.store}</value> </property>
<property name="homeFolderManager"> <ref bean="homeFolderManager" /> </property>
<property name="userPermissions"> <set> <value>Consumer</value> </set> </property>
</bean>
<bean name="bootstrapHomeFolderProvider" class="org.alfresco.repo.security.person.BootstrapHomeFolderProvider">
<property name="homeFolderManager"> <ref bean="homeFolderManager" /> </property>
</bean>
<bean name="personalHomeFolderProvider" class="org.alfresco.repo.security.person.UIDBasedHomeFolderProvider">
<property name="serviceRegistry"> <ref bean="ServiceRegistry" /> </property>
<property name="path"> <value>/${spaces.company_home.childname}</value> </property>
<property name="storeUrl"> <value>${spaces.store}</value> </property>
<property name="homeFolderManager"> <ref bean="homeFolderManager" /> </property>
<property name="inheritsPermissionsOnCreate"> <value>false</value> </property>
<property name="ownerPermissionsToSetOnCreate"> <set> <value>All</value> </set> </property>
<property name="userPermissions"> <set> <value>All</value> </set> </property>
</bean>
<bean name="userHomesHomeFolderProvider" class="org.alfresco.repo.security.person.UIDBasedHomeFolderProvider">
<property name="serviceRegistry"> <ref bean="ServiceRegistry" /> </property>
<property name="path"> <value>/${spaces.company_home.childname}/${spaces.user_homes.childname}</value> </property>
<property name="storeUrl"> <value>${spaces.store}</value> </property>
<property name="homeFolderManager"> <ref bean="homeFolderManager" /> </property>
<property name="inheritsPermissionsOnCreate"> <value>false</value> </property>
<property name="ownerPermissionsToSetOnCreate"> <set> <value>All</value> </set> </property>
<property name="userPermissions"> <set> <value>All</value> </set> </property>
</bean>
<bean id="ticketComponent" class="org.alfresco.repo.security.authentication.InMemoryTicketComponentImpl">
<property name="ticketsCache"> <ref bean="ticketsCache"/> </property>
<property name="validDuration"> <value>PT1H</value> </property>
<property name="ticketsExpire"> <value>false</value> </property>
<property name="oneOff"> <value>false</value> </property>
<property name="expiryMode"> <value>AFTER_FIXED_TIME</value> </property>
</bean>
<bean id="userNameGenerator" class="org.alfresco.repo.security.authentication.BasicUserNameGenerator">
<property name="userNameLength"> <value>6</value> </property>
</bean>
<bean id="passwordGenerator" class="org.alfresco.repo.security.authentication.BasicPasswordGenerator">
<property name="passwordLength"> <value>8</value> </property>
</bean>
</beans>/opt/alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/file-servers.properties (NOTE: These are dummy values; my values are different)
cifs.localname=alfserver
cifs.domain=my.domain.com
cifs.broadcast=123.234.123.234/opt/alfresco/tomcat/shared/classes/alfresco/extension/web-client-config-custom.xml
<alfresco-config>
<config>
<client>
<initial-location>userhome</initial-location>
<from-email-address>alfresco-admin@alfserver</from-email-address>
</client>
</config>
<config evaluator="string-compare" condition="Views">
<views>
<view-defaults>
<browse>
<sort-direction>descending</sort-direction>
<view>details</view>
<page-size>
<list>30</list>
<details>30</details>
<icons>30</icons>
</page-size>
</browse>
</view-defaults>
</views>
</config>
</alfresco-config>/opt/alfresco/tomcat/shared/classes/alfresco/extension/file-servers-custom.xml
<alfresco-config area="file-servers">
<config evaluator="string-compare" condition="Filesystems" replace="true">
<filesystems>
<filesystem name="Alfresco">
<store>workspace://SpacesStore</store>
<rootPath>/app:company_home</rootPath>
<urlFile>
<filename>__Alfresco.url</filename>
<webpath>http://${localname}:8080/alfresco/</webpath>
</urlFile>
<offlineFiles/>
<desktopActions>
<global>
<path>alfresco/desktop/Alfresco.exe</path>
<webpath>http://${localname}:8080/alfresco/</webpath>
</global>
<action>
<class>org.alfresco.filesys.repo.desk.CheckInOutDesktopAction</class>
<name>CheckInOut</name>
<filename>__CheckInOut.exe</filename>
</action>
<action>
<class>org.alfresco.filesys.repo.desk.JavaScriptDesktopAction</class>
<name>JavaScriptURL</name>
<filename>__ShowDetails.exe</filename>
<script>alfresco/desktop/showDetails.js</script>
<attributes>anyFiles</attributes>
<preprocess>copyToTarget</preprocess>
</action>
</desktopActions>
</filesystem>
<avmfilesystem name="AVM">
<virtualView/>
</avmfilesystem>
</filesystems>
</config>
<config evaluator="string-compare" condition="CIFS Server" replace="true">
<serverEnable enabled="true"/>
<host name="${cifs.localname}" domain="${cifs.domain}"/>
<comment>Alfresco CIFS Server</comment>
<broadcast>${cifs.broadcast}</broadcast>
<tcpipSMB port="1445" platforms="linux,solaris,macosx"/>
<netBIOSSMB sessionPort="1139" namePort="1137" datagramPort="1138" platforms="linux,solaris,macosx"/>
<hostAnnounce interval="5"/>
<Win32NetBIOS/>
<Win32Announce interval="5"/>
<authenticator type="enterprise">
</authenticator>
<sessionDebug flags="Negotiate,Socket"/>
</config>
</alfresco-config>The above config produces the following output in alfresco.log when the "alfresco.sh start" command is issued:
12:17:10,456 INFO [org.alfresco.config.xml.XMLConfigService$PropertyConfigurer] Loading properties file from class path resource [alfresco/file-servers.properties]
12:17:11,102 DEBUG [org.alfresco.smb.protocol.auth] preRegister called. Server=com.sun.jmx.mbeanserver.JmxMBeanServer@18438d57, name=log4j:logger=org.alfresco.smb.protocol.auth
12:17:14,939 INFO [org.alfresco.repo.domain.schema.SchemaBootstrap] Schema managed by database dialect org.hibernate.dialect.MySQLInnoDBDialect.
12:17:15,297 INFO [org.alfresco.repo.domain.schema.SchemaBootstrap] No changes were made to the schema.
12:17:16,419 INFO [org.alfresco.repo.admin.ConfigurationChecker] The Alfresco root data directory ('dir.root') is: /opt/alfresco/alf_data
12:17:16,441 INFO [org.alfresco.repo.admin.patch.PatchExecuter] Checking for patches to apply …
12:17:16,586 INFO [org.alfresco.repo.admin.patch.PatchExecuter] No patches were required.
12:17:16,589 INFO [org.alfresco.repo.module.ModuleServiceImpl] Found 0 module(s).
12:17:16,961 INFO [org.alfresco.service.descriptor.DescriptorService] Alfresco JVM - v1.6.0_11-b03; maximum heap size 910.250MB
12:17:16,961 INFO [org.alfresco.service.descriptor.DescriptorService] Alfresco started (Labs): Current version 3.0.0 (c 1342) schema 1000 - Installed version 3.0.0 (c 1342) schema 1000
12:17:17,068 WARN [org.alfresco.linkvalidation.LinkValidationServiceImpl] LinkValidationService Update is not running (virtualization server not registered or started)
12:17:26,249 INFO [org.alfresco.web.scripts.DeclarativeRegistry] Registered 21 Web Scripts (+0 failed), 23 URLs
12:17:26,250 INFO [org.alfresco.web.scripts.AbstractRuntimeContainer] Initialised Presentation Web Script Container (in 65.977ms)
12:17:26,417 INFO [org.alfresco.web.scripts.DeclarativeRegistry] Registered 134 Web Scripts (+0 failed), 136 URLs
12:17:26,417 INFO [org.alfresco.web.scripts.AbstractRuntimeContainer] Initialised WebFramework Web Script Container (in 164.794ms)
12:17:26,436 INFO [org.alfresco.web.site.FrameworkHelper] Successfully Initialized Web Framework
12:17:57,744 INFO [org.alfresco.web.site.FrameworkHelper] Successfully Initialized Web FrameworkAgain, the result of the above configuration is that no user can use the Windows XP "Map Network Drive…" function to map the CIFS server as a shared drive.
Where is the error in this out-of-the-box configuration?
Labels:
- Labels:
-
Archive
32 REPLIES 32
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-13-2009 03:05 PM
Scenario 2: Issue, Output, and Configuration - Active Directory NTLM Authentication CIFS Mapping Attempt:
This attempt builds off the previous post. In this post, I attempt to configure the Web Interface for Active Directory authentication and SSO, and configure the CIFS server to authenticate against Active Directory, both using NTLM passthru. Kerberos is also configured for the CIFS server authenticator. The following AlfrescoWiki pages were used as reference guides:
3.0 Configuring NTLM (NOTE: Only sections "Alfresco Explorer and WebDav SSO using NTLM" and "NTLM Passthru Authentication" were relevant)
CIFS Server Authentication
Enterprise Security and Authentication Configuration
This configuration attempt fails to allow "Map Network Drive" to the CIFS server. Though, the Alfresco Web Interface works flawlessly to allow Active Directory users SSO capability.
Output to alfresco.log (NOTE: log4j.logger.org.alfresco.web.app.servlet.NTLMAuthenticationFilter=debug and log4j.logger.org.alfresco.repo.webdav.auth.NTLMAuthenticationFilter=debug are ACTIVE)
"Map Network Drive" (Drive: Z: ; Folder: \\alfserver\alfresco), click Finish
"Map Network Drive" (Drive: Z: ; Folder: \\alfserver\alfresco), click "Connect using a different user name" (User name: Alfresco\<user>); Note that <user> is the same value entered when logging into the client PC attempting to "Map Network Drive"
The following are ALL of the configuration files I have changed to achieve NTLM Authentication against the Active Directory server (NOTE: I do not re-list the files changed in the first post of this thread unless they changed again for NTLM authentication to work):
/opt/alfresco/tomcat/webapps/alfresco/WEB-INF/web.xml (NOTE: Here I show the changed areas only)
/opt/alfresco/tomcat/shared/classes/alfresco/extension/ntlm-authentication-context.xml (NOTE: This file created from existing ntlm-authentication-context.xml.sample)
/opt/alfresco/tomcat/shared/classes/alfresco/extension/file-servers-custom.xml
/usr/local/java/jdk1.6.0_11/jre/lib/security/java.security (NOTE: Here I show the changed areas only)
/usr/local/java/jdk1.6.0_11/jre/lib/security/java.login.config
The above config produces the following output in alfresco.log when the "alfresco.sh start" command is issued:
Again, the result of the above configuration is that no user can use the Windows XP "Map Network Drive…" function to map the CIFS server as a shared drive.
Where is the error in this configuration?
This attempt builds off the previous post. In this post, I attempt to configure the Web Interface for Active Directory authentication and SSO, and configure the CIFS server to authenticate against Active Directory, both using NTLM passthru. Kerberos is also configured for the CIFS server authenticator. The following AlfrescoWiki pages were used as reference guides:
3.0 Configuring NTLM (NOTE: Only sections "Alfresco Explorer and WebDav SSO using NTLM" and "NTLM Passthru Authentication" were relevant)
CIFS Server Authentication
Enterprise Security and Authentication Configuration
This configuration attempt fails to allow "Map Network Drive" to the CIFS server. Though, the Alfresco Web Interface works flawlessly to allow Active Directory users SSO capability.
Output to alfresco.log (NOTE: log4j.logger.org.alfresco.web.app.servlet.NTLMAuthenticationFilter=debug and log4j.logger.org.alfresco.repo.webdav.auth.NTLMAuthenticationFilter=debug are ACTIVE)
"Map Network Drive" (Drive: Z: ; Folder: \\alfserver\alfresco), click Finish
14:48:34,624 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup SPNEGO, MID=8, UID=0, PID=65279
14:48:34,628 DEBUG [org.alfresco.smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=985,Authenticator=EncType=23,Kvno=-1,Len=181]
14:48:34,630 DEBUG [org.alfresco.smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
14:48:34,658 DEBUG [org.alfresco.smb.protocol.auth] Using OID MS Kerberos5 for NegTokenTarg
14:48:34,662 DEBUG [org.alfresco.smb.protocol.auth] Created NegTokenTarg using updated AP-REP, added subkey
14:48:34,662 DEBUG [org.alfresco.smb.protocol.auth] Machine account logon, <client PC name>$, as null logon
14:48:34,662 DEBUG [org.alfresco.smb.protocol.auth] Logged on using Kerberos, user <client PC name>$
14:48:34,663 DEBUG [org.alfresco.smb.protocol.auth] User logged on (type Null)
14:48:34,664 DEBUG [org.alfresco.smb.protocol.auth] Allocated UID=0 for VC=[0:0,[:null,Windows XP 3790 Service Pack 2,,<client pc IP>],Tree=0,Searches=0]
14:48:34,683 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup SPNEGO, MID=24, UID=0, PID=65279
14:48:34,683 DEBUG [org.alfresco.smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=1020,Authenticator=EncType=23,Kvno=-1,Len=176]
14:48:34,683 DEBUG [org.alfresco.smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
14:48:34,694 DEBUG [org.alfresco.smb.protocol.auth] Using OID MS Kerberos5 for NegTokenTarg
14:48:34,695 DEBUG [org.alfresco.smb.protocol.auth] Created NegTokenTarg using updated AP-REP, added subkey
14:48:34,698 DEBUG [org.alfresco.smb.protocol.auth] Logged on using Kerberos, user <user>
14:48:34,699 DEBUG [org.alfresco.smb.protocol.auth] User <user>@MY.REALM.COM logged on (type Normal)
14:48:34,699 DEBUG [org.alfresco.smb.protocol.auth] Allocated UID=1 for VC=[1:1,[<user>@MY.REALM.COM:null,Windows XP 3790 Service Pack 2,,<client pc ip>],Tree=0,Searches=0]"Map Network Drive" (Drive: Z: ; Folder: \\alfserver\alfresco), click "Connect using a different user name" (User name: Alfresco\<user>); Note that <user> is the same value entered when logging into the client PC attempting to "Map Network Drive"
14:52:36,272 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup SPNEGO, MID=8, UID=0, PID=65279
14:52:36,273 DEBUG [org.alfresco.smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=985,Authenticator=EncType=23,Kvno=-1,Len=181]
14:52:36,273 DEBUG [org.alfresco.smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
14:52:36,284 DEBUG [org.alfresco.smb.protocol.auth] Using OID MS Kerberos5 for NegTokenTarg
14:52:36,286 DEBUG [org.alfresco.smb.protocol.auth] Created NegTokenTarg using updated AP-REP, added subkey
14:52:36,286 DEBUG [org.alfresco.smb.protocol.auth] Machine account logon, <client PC name>$, as null logon
14:52:36,286 DEBUG [org.alfresco.smb.protocol.auth] Logged on using Kerberos, user <client PC name>$
14:52:36,286 DEBUG [org.alfresco.smb.protocol.auth] User logged on (type Null)
14:52:36,286 DEBUG [org.alfresco.smb.protocol.auth] Allocated UID=0 for VC=[0:0,[:null,Windows XP 3790 Service Pack 2,,<client pc IP>],Tree=0,Searches=0]
14:52:38,561 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup SPNEGO, MID=24, UID=0, PID=65279
14:52:38,562 DEBUG [org.alfresco.smb.protocol.auth] User logged on (type Normal)
14:52:38,563 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup SPNEGO, MID=32, UID=0, PID=65279
14:52:38,569 WARN [org.alfresco.smb.protocol.auth] Authentication component does not support MD4 password hashesThe following are ALL of the configuration files I have changed to achieve NTLM Authentication against the Active Directory server (NOTE: I do not re-list the files changed in the first post of this thread unless they changed again for NTLM authentication to work):
/opt/alfresco/tomcat/webapps/alfresco/WEB-INF/web.xml (NOTE: Here I show the changed areas only)
…
<filter>
<filter-name>Authentication Filter</filter-name>
<!– <filter-class>org.alfresco.web.app.servlet.AuthenticationFilter</filter-class> –>
<!– For Novell IChain support use the following filter –>
<!– <filter-class>org.alfresco.web.app.servlet.NovellIChainsHTTPRequestAuthenticationFilter</filter-class> –>
<!– For NTLM authentication support use the following filter –>
<filter-class>org.alfresco.web.app.servlet.NTLMAuthenticationFilter</filter-class>
</filter>
<filter>
<filter-name>WebDAV Authentication Filter</filter-name>
<!– <filter-class>org.alfresco.repo.webdav.auth.AuthenticationFilter</filter-class> –>
<!– For NTLM authentication support use the following filter –>
<filter-class>org.alfresco.repo.webdav.auth.NTLMAuthenticationFilter</filter-class>
</filter>
…
<!– For NTLM authentication support enable the following mapping –>
<filter-mapping>
<filter-name>Authentication Filter</filter-name>
<url-pattern>/navigate/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Authentication Filter</filter-name>
<url-pattern>/command/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Authentication Filter</filter-name>
<url-pattern>/download/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Authentication Filter</filter-name>
<url-pattern>/template/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Authentication Filter</filter-name>
<url-pattern>/n/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Authentication Filter</filter-name>
<url-pattern>/c/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Authentication Filter</filter-name>
<url-pattern>/t/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Authentication Filter</filter-name>
<url-pattern>/d/*</url-pattern>
</filter-mapping>
…
/opt/alfresco/tomcat/shared/classes/alfresco/extension/ntlm-authentication-context.xml (NOTE: This file created from existing ntlm-authentication-context.xml.sample)
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
<bean id="authenticationDao" class="org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticationDao" />
<!– The authentication component. –>
<!– Use the passthru authentication component to authenticate using –>
<!– user accounts on one or more Windows servers. –>
<!– Properties that specify the server(s) to use for passthru –>
<!– authentication :- –>
<!– useLocalServer use the local server for authentication –>
<!– domain use domain controllers from the specified domain–>
<!– servers comma delimted list of server addresses or –>
<!– names –>
<bean id="authenticationComponent"
class="org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl"
parent="authenticationComponentBase">
<property name="servers"> <value>adserver.my.domain.com</value> </property>
<property name="personService"> <ref bean="personService" /> </property>
<property name="nodeService"> <ref bean="nodeService" /> </property>
<property name="transactionService"> <ref bean="transactionComponent" /> </property>
<property name="guestAccess"> <value>false</value> </property>
</bean>
</beans>/opt/alfresco/tomcat/shared/classes/alfresco/extension/file-servers-custom.xml
<alfresco-config area="file-servers">
<config evaluator="string-compare" condition="Filesystems" replace="true">
<filesystems>
<filesystem name="Alfresco">
<store>workspace://SpacesStore</store>
<rootPath>/app:company_home</rootPath>
<urlFile>
<filename>__Alfresco.url</filename>
<webpath>http://${localname}:8080/alfresco/</webpath>
</urlFile>
<offlineFiles/>
<desktopActions>
<global>
<path>alfresco/desktop/Alfresco.exe</path>
<webpath>http://${localname}:8080/alfresco/</webpath>
</global>
<action>
<class>org.alfresco.filesys.repo.desk.CheckInOutDesktopAction</class>
<name>CheckInOut</name>
<filename>__CheckInOut.exe</filename>
</action>
<action>
<class>org.alfresco.filesys.repo.desk.JavaScriptDesktopAction</class>
<name>JavaScriptURL</name>
<filename>__ShowDetails.exe</filename>
<script>alfresco/desktop/showDetails.js</script>
<attributes>anyFiles</attributes>
<preprocess>copyToTarget</preprocess>
</action>
</desktopActions>
</filesystem>
<avmfilesystem name="AVM">
<virtualView/>
</avmfilesystem>
</filesystems>
</config>
<config evaluator="string-compare" condition="CIFS Server" replace="true">
<serverEnable enabled="true"/>
<host name="${cifs.localname}" domain="${cifs.domain}"/>
<comment>Alfresco CIFS Server</comment>
<broadcast>${cifs.broadcast}</broadcast>
<tcpipSMB port="1445" platforms="linux,solaris,macosx"/>
<netBIOSSMB sessionPort="1139" namePort="1137" datagramPort="1138" platforms="linux,solaris,macosx"/>
<hostAnnounce interval="5"/>
<Win32NetBIOS/>
<Win32Announce interval="5"/>
<authenticator type="enterprise">
<KDC>adserver.my.domain.com</KDC>
<Realm>MY.REALM.COM</Realm>
<Password>password</Password>
<Principal>cifs/adserver.my.domain.com</Principal>
</authenticator>
<sessionDebug flags="Negotiate,Socket"/>
</config>
<config evaluator="string-compare" condition="Filesystem Security" replace="true">
<authenticator type="enterprise">
</authenticator>
</config>
</alfresco-config>/usr/local/java/jdk1.6.0_11/jre/lib/security/java.security (NOTE: Here I show the changed areas only)
…
login.config.url.1=file:${java.home}/lib/security/java.login.config
…/usr/local/java/jdk1.6.0_11/jre/lib/security/java.login.config
AlfrescoCIFS {
com.sun.security.auth.module.Krb5LoginModule required
storeKey=true
useKeyTab=true
keyTab="/etc/alfservercifs.keytab"
principal="cifs/alfserver.my.domain.com";
};
AlfrescoHTTP {
com.sun.security.auth.module.Krb5LoginModule required
storeKey=true
useKeyTab=true
keyTab="/etc/alfserverhttp.keytab"
principal="HTTP/alfserver.my.domain.com";
};The above config produces the following output in alfresco.log when the "alfresco.sh start" command is issued:
14:25:23,418 INFO [org.alfresco.config.xml.XMLConfigService$PropertyConfigurer] Loading properties file from class path resource [alfresco/file-servers.properties]
14:25:24,141 DEBUG [org.alfresco.repo.webdav.auth.NTLMAuthenticationFilter] preRegister called. Server=com.sun.jmx.mbeanserver.JmxMBeanServer@201787a6, name=log4j:logger=org.alfresco.repo.webdav.auth.NTLMAuthenticationFilter
14:25:24,142 DEBUG [org.alfresco.smb.protocol.auth] preRegister called. Server=com.sun.jmx.mbeanserver.JmxMBeanServer@201787a6, name=log4j:logger=org.alfresco.smb.protocol.auth
14:25:24,143 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] preRegister called. Server=com.sun.jmx.mbeanserver.JmxMBeanServer@201787a6, name=log4j:logger=org.alfresco.web.app.servlet.NTLMAuthenticationFilter
14:25:28,291 INFO [org.alfresco.repo.domain.schema.SchemaBootstrap] Schema managed by database dialect org.hibernate.dialect.MySQLInnoDBDialect.
14:25:28,620 INFO [org.alfresco.repo.domain.schema.SchemaBootstrap] No changes were made to the schema.
14:25:29,693 INFO [org.alfresco.repo.admin.ConfigurationChecker] The Alfresco root data directory ('dir.root') is: /opt/alfresco/alf_data
14:25:29,802 INFO [org.alfresco.repo.admin.patch.PatchExecuter] Checking for patches to apply …
14:25:29,964 INFO [org.alfresco.repo.admin.patch.PatchExecuter] No patches were required.
14:25:29,967 INFO [org.alfresco.repo.module.ModuleServiceImpl] Found 0 module(s).
14:25:30,247 INFO [org.alfresco.service.descriptor.DescriptorService] Alfresco JVM - v1.6.0_11-b03; maximum heap size 910.250MB
14:25:30,247 INFO [org.alfresco.service.descriptor.DescriptorService] Alfresco started (Labs): Current version 3.0.0 (c 1342) schema 1000 - Installed version 3.0.0 (c 1342) schema 1000
14:25:30,351 WARN [org.alfresco.linkvalidation.LinkValidationServiceImpl] LinkValidationService Update is not running (virtualization server not registered or started)
14:25:40,070 INFO [org.alfresco.web.scripts.DeclarativeRegistry] Registered 21 Web Scripts (+0 failed), 23 URLs
14:25:40,071 INFO [org.alfresco.web.scripts.AbstractRuntimeContainer] Initialised Presentation Web Script Container (in 65.541ms)
14:25:40,250 INFO [org.alfresco.web.scripts.DeclarativeRegistry] Registered 134 Web Scripts (+0 failed), 136 URLs
14:25:40,250 INFO [org.alfresco.web.scripts.AbstractRuntimeContainer] Initialised WebFramework Web Script Container (in 176.483ms)
14:25:40,270 INFO [org.alfresco.web.site.FrameworkHelper] Successfully Initialized Web Framework
14:26:11,531 INFO [org.alfresco.web.site.FrameworkHelper] Successfully Initialized Web FrameworkAgain, the result of the above configuration is that no user can use the Windows XP "Map Network Drive…" function to map the CIFS server as a shared drive.
Where is the error in this configuration?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-13-2009 03:35 PM
I suggest you try your tests on HEAD rather than 3c. There are known issues with CIFS authentication on 3c such as ALFCOM-2165.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-13-2009 03:45 PM
I have attempted to link the following threads here to focus our collective minds on this problem:
— I got authentication with Active Directory working
— Alfresco user/pw must match AD user/pw for Map Network Drive
— Labs 3c + external AD auth + SSO... Need some direction
— Frustrating CIFS config issue... Help?
— Configuring CIFS for Kerberos/AD integration PROBLEM!!
— Active Directory Integration: Seriously very broken
— sts=Disallow via passthru
— Alfresco 3.0 Enterprise, CIFS & Kerberos
— CIFS conf problem (KrbException: Indentifier doesn't match...
— Problem with accessing CFIS share from windows
— Alfresco and Samba - Could not connect to CIFS.
Hopefully, everyone having issues in those threads will find there answer here eventually.
— I got authentication with Active Directory working
— Alfresco user/pw must match AD user/pw for Map Network Drive
— Labs 3c + external AD auth + SSO... Need some direction
— Frustrating CIFS config issue... Help?
— Configuring CIFS for Kerberos/AD integration PROBLEM!!
— Active Directory Integration: Seriously very broken
— sts=Disallow via passthru
— Alfresco 3.0 Enterprise, CIFS & Kerberos
— CIFS conf problem (KrbException: Indentifier doesn't match...
— Problem with accessing CFIS share from windows
— Alfresco and Samba - Could not connect to CIFS.
Hopefully, everyone having issues in those threads will find there answer here eventually.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-13-2009 03:49 PM
I suggest you try your tests on HEAD rather than 3c. There are known issues with CIFS authentication on 3c such as ALFCOM-2165.
Where can I find the "HEAD" version of Alfresco? And is this an official release?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-13-2009 06:33 PM
HEAD is the very latest version of Alfresco.
You check it out from SVN and build it yourself.
There is no point in testing CIFS on 3c or any other versions since there are known issues that have already been raised in JIRA. If you want to contribute towards getting a better version of Alfresco concentrate upon the current issues and add detail to the JIRA tickets.
You check it out from SVN and build it yourself.
There is no point in testing CIFS on 3c or any other versions since there are known issues that have already been raised in JIRA. If you want to contribute towards getting a better version of Alfresco concentrate upon the current issues and add detail to the JIRA tickets.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-13-2009 06:58 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-14-2009 04:54 AM
Just a short question:
Is there a possibility, to get SSO working with Kerberos?
I realized SSO with Apache/WebDav/Subversion on a Linuxserver, using kerberos and serviceprincipals against AD, works like a charm.
Following this guide:
http://wiki.alfresco.com/wiki/Configuring_the_CIFS_and_web_servers_for_Kerberos/AD_integration
i wondered, why i need to store Password in configfile.. with the generated keytab for the serviceprincipal, it shouldn't be necessary?
In general: Is there a possibilty, to setup Alfresco to use (SingleSignOn!)-kerberos authentication for webservice and share access?
Is there a possibility, to get SSO working with Kerberos?
I realized SSO with Apache/WebDav/Subversion on a Linuxserver, using kerberos and serviceprincipals against AD, works like a charm.
Following this guide:
http://wiki.alfresco.com/wiki/Configuring_the_CIFS_and_web_servers_for_Kerberos/AD_integration
i wondered, why i need to store Password in configfile.. with the generated keytab for the serviceprincipal, it shouldn't be necessary?
In general: Is there a possibilty, to setup Alfresco to use (SingleSignOn!)-kerberos authentication for webservice and share access?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-14-2009 08:51 AM
HEAD is the very latest version of Alfresco.
You check it out from SVN and build it yourself.
There is no point in testing CIFS on 3c or any other versions since there are known issues that have already been raised in JIRA. If you want to contribute towards getting a better version of Alfresco concentrate upon the current issues and add detail to the JIRA tickets.
What is the latest non-Enterprise released version (not requiring compilation) where CIFS is known to function properly with Active Directory authentication?
I have tried both Labs 3c and Community 2.9.0B without success.
Also, if there are known issues, what (generally) is the solution provided by Alfresco to Enterprise customers?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-14-2009 05:13 PM
What is the latest non-Enterprise released version (not requiring compilation) where CIFS is known to function properly with Active Directory authentication?
I have tried both Labs 3c and Community 2.9.0B without success.
Also, if there are known issues, what (generally) is the solution provided by Alfresco to Enterprise customers?
Add Alfresco Community 2.1R1 to the above list. I tried that today without any ability to "Map Network Drive" to the Alfresco CIFS server. This was the case in both "out-of-the-box" configuration, and my implementation-specific configuration.
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
