Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Enterprise Platforms
- Alfresco
- Alfresco Archive
- [ERROR]Alfresco Engineers: CIFS auth does not work...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
[ERROR]Alfresco Engineers: CIFS auth does not work. Sugg?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-13-2009 01:15 PM
[size=125]Purpose:[/size]
This thread is an attempt to resolve an issue that appears to plague many of us: CIFS server authentication configuration. Hopefully, this thread will come in handy to all of those who have posted about their various CIFS configurations not working. If possible, I would also like to create a wiki from this thread. To accomplish this goal, I will provide as much detail as I can because, regardless of significant efforts, I have been unable to configure CIFS to function properly in my environment at all.
[size=125]Platform:[/size]
Alfresco Server
—Operating System: Red Hat Enterprise Linux 5.2
—Database: MySQL 5.0.45-community (NOTE: Came w/ RHEL 5.2 installation)
—Java: JDK 1.6.0 Update 11
—Open Office: OpenOffice.org 2.3
Alfresco
—Current Version: Labs 3c
—Versions Tried: Community 2.9.0B, Enterprise 2.1 (trial), Enterprise 3.0.0 (trial)
—NOTE: Alfresco will be installed by and run under a NON-ROOT account. Configuration has been applied to forward requests on standard root-privileged ports to non-root ports, per the Running SMB/CIFS from a normal user account wiki.
Client PCs
—Operating System(s): Windows XP Professional SP3(80% of client PCs), Windows XP Professional x64 SP2 (20% of client PCs)
—Login Authentication: Windows Server 2003 Active Directory server
—Web Browser: Firefox 3.0.5
[size=125]Objective:[/size]
I would simply like to configure Alfresco Labs 3c to do the following:
a) Authenticate against Active Directory server and allow single sign-on (SSO) for the Alfresco Web Interface
b) Authenticate against Active Directory server and allow "Map Network Drive" on client PCs to the Alfresco CIFS server (see below picture)
[img]http://www.ece.uwaterloo.ca/Computing/Research/Software/Samba/images/map_network_drive.jpg[/img]
[size=125]Scenario 1: Issue, Output, and Configuration - Base Install CIFS Mapping Attempt:[/size]
For the purposes of this thread, I have freshly installed Alfresco Labs 3c. I then applied some general configuration to get Alfresco up and running without errors (e.g. set ALF_HOME, JAVA_HOME, running db_setup.sql on MySQL database, forcing db.url and dialect to use MySQL, setting OpenOffice location, etc).
Even at this early stage, I can not "Map Network Drive" to the Alfresco CIFS server (\\alfserver\alfresco) successfully. Also, it is worth noting is that issuing the command "alfresco.sh stop" DOES NOT stop all running Alfresco processes (a kill -9 <pid> command must be executed).
Output to alfresco.log (NOTE: log4j.properties org.alfresco.smb.protocol.auth=debug is ACTIVE)
"Map Network Drive" (Drive: Z: ; Folder: \\alfserver\alfresco), click Finish
"Map Network Drive" (Drive: Z: ; Folder: \\alfserver\alfresco), click "Connect using a different user name" (User name: Alfresco\<user>); Note that <user> has already been added via Alfresco Web Interface AND that <user> is the same value entered when logging into the client PC.
The following are ALL of the configuration files I have changed since freshly installing Alfresco Labs 3c:
/opt/alfresco/alfresco.sh
/opt/alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/file-servers.properties (NOTE: These are dummy values; my values are different)
/opt/alfresco/tomcat/shared/classes/alfresco/extension/web-client-config-custom.xml
/opt/alfresco/tomcat/shared/classes/alfresco/extension/file-servers-custom.xml
The above config produces the following output in alfresco.log when the "alfresco.sh start" command is issued:
Again, the result of the above configuration is that no user can use the Windows XP "Map Network Drive…" function to map the CIFS server as a shared drive.
Where is the error in this out-of-the-box configuration?
This thread is an attempt to resolve an issue that appears to plague many of us: CIFS server authentication configuration. Hopefully, this thread will come in handy to all of those who have posted about their various CIFS configurations not working. If possible, I would also like to create a wiki from this thread. To accomplish this goal, I will provide as much detail as I can because, regardless of significant efforts, I have been unable to configure CIFS to function properly in my environment at all.
[size=125]Platform:[/size]
Alfresco Server
—Operating System: Red Hat Enterprise Linux 5.2
—Database: MySQL 5.0.45-community (NOTE: Came w/ RHEL 5.2 installation)
—Java: JDK 1.6.0 Update 11
—Open Office: OpenOffice.org 2.3
Alfresco
—Current Version: Labs 3c
—Versions Tried: Community 2.9.0B, Enterprise 2.1 (trial), Enterprise 3.0.0 (trial)
—NOTE: Alfresco will be installed by and run under a NON-ROOT account. Configuration has been applied to forward requests on standard root-privileged ports to non-root ports, per the Running SMB/CIFS from a normal user account wiki.
Client PCs
—Operating System(s): Windows XP Professional SP3(80% of client PCs), Windows XP Professional x64 SP2 (20% of client PCs)
—Login Authentication: Windows Server 2003 Active Directory server
—Web Browser: Firefox 3.0.5
[size=125]Objective:[/size]
I would simply like to configure Alfresco Labs 3c to do the following:
a) Authenticate against Active Directory server and allow single sign-on (SSO) for the Alfresco Web Interface
b) Authenticate against Active Directory server and allow "Map Network Drive" on client PCs to the Alfresco CIFS server (see below picture)
[img]http://www.ece.uwaterloo.ca/Computing/Research/Software/Samba/images/map_network_drive.jpg[/img]
[size=125]Scenario 1: Issue, Output, and Configuration - Base Install CIFS Mapping Attempt:[/size]
For the purposes of this thread, I have freshly installed Alfresco Labs 3c. I then applied some general configuration to get Alfresco up and running without errors (e.g. set ALF_HOME, JAVA_HOME, running db_setup.sql on MySQL database, forcing db.url and dialect to use MySQL, setting OpenOffice location, etc).
Even at this early stage, I can not "Map Network Drive" to the Alfresco CIFS server (\\alfserver\alfresco) successfully. Also, it is worth noting is that issuing the command "alfresco.sh stop" DOES NOT stop all running Alfresco processes (a kill -9 <pid> command must be executed).
Output to alfresco.log (NOTE: log4j.properties org.alfresco.smb.protocol.auth=debug is ACTIVE)
"Map Network Drive" (Drive: Z: ; Folder: \\alfserver\alfresco), click Finish
12:52:43,303 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup NTLMSSP, MID=8, UID=0, PID=65279
12:52:43,303 DEBUG [org.alfresco.smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=985,Authenticator=EncType=23,Kvno=-1,Len=181]
12:52:43,303 DEBUG [org.alfresco.smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
12:52:43,303 ERROR [org.alfresco.smb.protocol.auth] Kerberos logon error
12:52:43,303 ERROR [org.alfresco.smb.protocol.auth] java.lang.NullPointerException
12:52:43,306 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup NTLMSSP, MID=16, UID=0, PID=65279
12:52:43,306 DEBUG [org.alfresco.smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=1020,Authenticator=EncType=23,Kvno=-1,Len=176]
12:52:43,306 DEBUG [org.alfresco.smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
12:52:43,306 ERROR [org.alfresco.smb.protocol.auth] Kerberos logon error
12:52:43,306 ERROR [org.alfresco.smb.protocol.auth] java.lang.NullPointerException"Map Network Drive" (Drive: Z: ; Folder: \\alfserver\alfresco), click "Connect using a different user name" (User name: Alfresco\<user>); Note that <user> has already been added via Alfresco Web Interface AND that <user> is the same value entered when logging into the client PC.
12:54:37,200 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup NTLMSSP, MID=8, UID=0, PID=65279
12:54:37,201 DEBUG [org.alfresco.smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=985,Authenticator=EncType=23,Kvno=-1,Len=181]
12:54:37,201 DEBUG [org.alfresco.smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
12:54:37,201 ERROR [org.alfresco.smb.protocol.auth] Kerberos logon error
12:54:37,201 ERROR [org.alfresco.smb.protocol.auth] java.lang.NullPointerException
12:54:39,466 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup NTLMSSP, MID=16, UID=0, PID=65279
12:54:39,476 DEBUG [org.alfresco.smb.protocol.auth] User logged on (type Normal)
12:54:39,478 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup NTLMSSP, MID=24, UID=0, PID=65279
12:54:39,631 DEBUG [org.alfresco.smb.protocol.auth] Logged on using NTLMSSP/NTLMv2
12:54:39,633 DEBUG [org.alfresco.smb.protocol.auth] User <user> logged on (type Normal)
12:54:39,634 DEBUG [org.alfresco.smb.protocol.auth] Allocated UID=0 for VC=[0:0,[<user>:null,Windows XP 3790 Service Pack 2,,<client pc ip>],Tree=0,Searches=0]The following are ALL of the configuration files I have changed since freshly installing Alfresco Labs 3c:
/opt/alfresco/alfresco.sh
#!/bin/sh
ALF_HOME=/opt/alfresco
cd "$ALF_HOME"
APPSERVER="${ALF_HOME}/tomcat"
export JAVA_HOME="/usr/local/java/jdk1.6.0_11"
export JAVA_OPTS='-Xms128m -Xmx1024m -XX:MaxPermSize=128m -server'
if [ "$1" = "start" ]; then
"${APPSERVER}/bin/startup.sh"
elif [ "$1" = "stop" ]; then
"${APPSERVER}/bin/shutdown.sh"
fi#########################################
# Override Alfresco Repository Settings #
#########################################
# Force fully-qualified path
dir.root=/opt/alfresco/alf_data
# Set MySQL database attributes
db.username=alfresco
db.password=alfresco
db.pool.initial=10
db.pool.max=100
db.driver=org.gjt.mm.mysql.Driver
db.url=jdbc:mysql://localhost/alfresco
# Set email attributes
mail.host=popserver.my.domain.com
mail.port=25
mail.username=
mail.password=
mail.encoding=UTF-8
mail.header=
mail.from.default=alfresco-admin@alfserver######################################
# Override Hibernate dialiect config #
######################################
# MySQL dialect (default)
hibernate.dialect=org.hibernate.dialect.MySQLInnoDBDialect<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
<bean id="openOfficeStartupBootstrap" class="org.alfresco.util.exec.RuntimeExecBootstrapBean" >
<property name="startupCommands">
<list><ref bean="openOfficeStartupCommand" /></list>
</property>
<property name="failOnError">
<value>false</value>
</property>
</bean>
<bean id="openOfficeStartupCommand" class="org.alfresco.util.exec.RuntimeExec">
<property name="commandMap">
<map>
<entry key=".*">
<value><![CDATA[soffice -accept=socket,host=localhost,port=8100;urp;StarOffice.ServiceManager -env:UserInstallation=file://oouser -nologo -headless -nofirststartwizard -nocrashrep -norestore]]></value>
</entry>
</map>
</property>
<property name="waitForCompletion">
<value>false</value>
</property>
<property name="errorCodes">
<value>2</value>
</property>
</bean>
</beans><?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
<bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
<property name="providers"> <list> <ref bean="authenticatedAuthenticationPassthroughProvider" /> <ref bean="daoAuthenticationProvider" /> </list> </property>
</bean>
<bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="authenticationDao"> <ref bean="authenticationDao" /> </property>
<property name="saltSource"> <ref bean="saltSource" /> </property>
<property name="passwordEncoder"> <ref bean="passwordEncoder" /> </property>
</bean>
<bean id="authenticatedAuthenticationPassthroughProvider" class="org.alfresco.repo.security.authentication.AuthenticatedAuthenticationPassthroughProvider" />
<bean id="authenticationDao" class="org.alfresco.repo.security.authentication.RepositoryAuthenticationDao">
<property name="nodeService"> <ref bean="nodeService" /> </property>
<property name="tenantService"> <ref bean="tenantService"/> </property>
<property name="dictionaryService"> <ref bean="dictionaryService" /> </property>
<property name="namespaceService"> <ref bean="namespaceService" /> </property>
<property name="searchService"> <ref bean="admSearchService" /> </property>
<property name="retryingTransactionHelper"> <ref bean="retryingTransactionHelper"/> </property>
<property name="userNamesAreCaseSensitive"> <value>${user.name.caseSensitive}</value> </property>
<property name="passwordEncoder"> <ref bean="passwordEncoder" /> </property>
</bean>
<alias alias="saltSource" name="authenticationDao"/>
<bean id="passwordEncoder" class="org.alfresco.repo.security.authentication.MD4PasswordEncoderImpl"></bean>
<bean id="authenticationService" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
<property name="authenticationDao"> <ref bean="authenticationDao" /> </property>
<property name="ticketComponent"> <ref bean="ticketComponent" /> </property>
<property name="authenticationComponent"> <ref bean="authenticationComponent" /> </property>
<property name="sysAdminCache"> <ref bean="sysAdminCache"/> </property>
</bean>
<bean id="AuthenticationComponent" class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean">
<property name="proxyInterfaces"> <value>org.alfresco.repo.security.authentication.AuthenticationComponent</value> </property>
<property name="transactionManager"> <ref bean="transactionManager" /> </property>
<property name="target"> <ref bean="authenticationComponent" /> </property>
<property name="transactionAttributes"> <props> <prop key="*">${server.transaction.mode.default}</prop> </props> </property>
</bean>
<bean id="authenticationComponentBase" abstract="true">
<property name="tenantService"> <ref bean="tenantService"/> </property>
</bean>
<bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.AuthenticationComponentImpl" parent="authenticationComponentBase">
<property name="authenticationDao"> <ref bean="authenticationDao" /> </property>
<property name="authenticationManager"> <ref bean="authenticationManager" /> </property>
<property name="allowGuestLogin"> <value>false</value> </property>
<property name="nodeService"> <ref bean="nodeService" /> </property>
<property name="personService"> <ref bean="personService" /> </property>
<property name="transactionService"> <ref bean="transactionService" /> </property>
</bean>
<bean id="personDaoImpl" class="org.alfresco.repo.security.person.PersonDaoImpl">
<property name="sessionFactory"> <ref bean="sessionFactory" /> </property>
<property name="localeDAO"> <ref bean="localeDAO" /> </property>
<property name="qnameDAO"> <ref bean="qnameDAO" /> </property>
<property name="dictionaryService"> <ref bean="dictionaryService" /> </property>
</bean>
<bean id="personService" class="org.alfresco.repo.security.person.PersonServiceImpl" init-method="init">
<property name="transactionService"> <ref bean="transactionService" /> </property>
<property name="nodeService"> <ref bean="nodeService" /> </property>
<property name="tenantService"> <ref bean="tenantService"/> </property>
<property name="searchService"> <ref bean="admSearchService" /> </property>
<property name="permissionServiceSPI"> <ref bean="permissionServiceImpl" /> </property>
<property name="authorityService"> <ref bean="authorityService" /> </property>
<property name="dictionaryService"> <ref bean="dictionaryService" /> </property>
<property name="namespacePrefixResolver"> <ref bean="namespaceService" /> </property>
<property name="policyComponent"> <ref bean="policyComponent"/> </property>
<property name="personCache"> <ref bean="personCache" /> </property>
<property name="personDao"> <ref bean="personDaoImpl" /> </property>
<property name="storeUrl"> <value>${spaces.store}</value> </property>
<property name="createMissingPeople"> <value>${server.transaction.allow-writes}</value> </property>
<property name="userNamesAreCaseSensitive"> <value>${user.name.caseSensitive}</value> </property>
<property name="processDuplicates"> <value>true</value> </property>
<property name="duplicateMode"> <value>SPLIT</value> </property>
<property name="lastIsBest"> <value>true</value> </property>
<property name="includeAutoCreated"> <value>false</value> </property>
</bean>
<bean name="homeFolderManager" class="org.alfresco.repo.security.person.HomeFolderManager">
<property name="nodeService"> <ref bean="nodeService" /> </property>
<property name="policyComponent"> <ref bean="policyComponent" /> </property>
<property name="defaultProvider"> <ref bean="userHomesHomeFolderProvider" /> </property>
</bean>
<bean name="companyHomeFolderProvider" class="org.alfresco.repo.security.person.ExistingPathBasedHomeFolderProvider">
<property name="serviceRegistry"> <ref bean="ServiceRegistry" /> </property>
<property name="path"> <value>/${spaces.company_home.childname}</value> </property>
<property name="storeUrl"> <value>${spaces.store}</value> </property>
<property name="homeFolderManager"> <ref bean="homeFolderManager" /> </property>
</bean>
<bean name="guestHomeFolderProvider" class="org.alfresco.repo.security.person.ExistingPathBasedHomeFolderProvider">
<property name="serviceRegistry"> <ref bean="ServiceRegistry" /> </property>
<property name="path"> <value>/${spaces.company_home.childname}/${spaces.guest_home.childname}</value> </property>
<property name="storeUrl"> <value>${spaces.store}</value> </property>
<property name="homeFolderManager"> <ref bean="homeFolderManager" /> </property>
<property name="userPermissions"> <set> <value>Consumer</value> </set> </property>
</bean>
<bean name="bootstrapHomeFolderProvider" class="org.alfresco.repo.security.person.BootstrapHomeFolderProvider">
<property name="homeFolderManager"> <ref bean="homeFolderManager" /> </property>
</bean>
<bean name="personalHomeFolderProvider" class="org.alfresco.repo.security.person.UIDBasedHomeFolderProvider">
<property name="serviceRegistry"> <ref bean="ServiceRegistry" /> </property>
<property name="path"> <value>/${spaces.company_home.childname}</value> </property>
<property name="storeUrl"> <value>${spaces.store}</value> </property>
<property name="homeFolderManager"> <ref bean="homeFolderManager" /> </property>
<property name="inheritsPermissionsOnCreate"> <value>false</value> </property>
<property name="ownerPermissionsToSetOnCreate"> <set> <value>All</value> </set> </property>
<property name="userPermissions"> <set> <value>All</value> </set> </property>
</bean>
<bean name="userHomesHomeFolderProvider" class="org.alfresco.repo.security.person.UIDBasedHomeFolderProvider">
<property name="serviceRegistry"> <ref bean="ServiceRegistry" /> </property>
<property name="path"> <value>/${spaces.company_home.childname}/${spaces.user_homes.childname}</value> </property>
<property name="storeUrl"> <value>${spaces.store}</value> </property>
<property name="homeFolderManager"> <ref bean="homeFolderManager" /> </property>
<property name="inheritsPermissionsOnCreate"> <value>false</value> </property>
<property name="ownerPermissionsToSetOnCreate"> <set> <value>All</value> </set> </property>
<property name="userPermissions"> <set> <value>All</value> </set> </property>
</bean>
<bean id="ticketComponent" class="org.alfresco.repo.security.authentication.InMemoryTicketComponentImpl">
<property name="ticketsCache"> <ref bean="ticketsCache"/> </property>
<property name="validDuration"> <value>PT1H</value> </property>
<property name="ticketsExpire"> <value>false</value> </property>
<property name="oneOff"> <value>false</value> </property>
<property name="expiryMode"> <value>AFTER_FIXED_TIME</value> </property>
</bean>
<bean id="userNameGenerator" class="org.alfresco.repo.security.authentication.BasicUserNameGenerator">
<property name="userNameLength"> <value>6</value> </property>
</bean>
<bean id="passwordGenerator" class="org.alfresco.repo.security.authentication.BasicPasswordGenerator">
<property name="passwordLength"> <value>8</value> </property>
</bean>
</beans>/opt/alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/file-servers.properties (NOTE: These are dummy values; my values are different)
cifs.localname=alfserver
cifs.domain=my.domain.com
cifs.broadcast=123.234.123.234/opt/alfresco/tomcat/shared/classes/alfresco/extension/web-client-config-custom.xml
<alfresco-config>
<config>
<client>
<initial-location>userhome</initial-location>
<from-email-address>alfresco-admin@alfserver</from-email-address>
</client>
</config>
<config evaluator="string-compare" condition="Views">
<views>
<view-defaults>
<browse>
<sort-direction>descending</sort-direction>
<view>details</view>
<page-size>
<list>30</list>
<details>30</details>
<icons>30</icons>
</page-size>
</browse>
</view-defaults>
</views>
</config>
</alfresco-config>/opt/alfresco/tomcat/shared/classes/alfresco/extension/file-servers-custom.xml
<alfresco-config area="file-servers">
<config evaluator="string-compare" condition="Filesystems" replace="true">
<filesystems>
<filesystem name="Alfresco">
<store>workspace://SpacesStore</store>
<rootPath>/app:company_home</rootPath>
<urlFile>
<filename>__Alfresco.url</filename>
<webpath>http://${localname}:8080/alfresco/</webpath>
</urlFile>
<offlineFiles/>
<desktopActions>
<global>
<path>alfresco/desktop/Alfresco.exe</path>
<webpath>http://${localname}:8080/alfresco/</webpath>
</global>
<action>
<class>org.alfresco.filesys.repo.desk.CheckInOutDesktopAction</class>
<name>CheckInOut</name>
<filename>__CheckInOut.exe</filename>
</action>
<action>
<class>org.alfresco.filesys.repo.desk.JavaScriptDesktopAction</class>
<name>JavaScriptURL</name>
<filename>__ShowDetails.exe</filename>
<script>alfresco/desktop/showDetails.js</script>
<attributes>anyFiles</attributes>
<preprocess>copyToTarget</preprocess>
</action>
</desktopActions>
</filesystem>
<avmfilesystem name="AVM">
<virtualView/>
</avmfilesystem>
</filesystems>
</config>
<config evaluator="string-compare" condition="CIFS Server" replace="true">
<serverEnable enabled="true"/>
<host name="${cifs.localname}" domain="${cifs.domain}"/>
<comment>Alfresco CIFS Server</comment>
<broadcast>${cifs.broadcast}</broadcast>
<tcpipSMB port="1445" platforms="linux,solaris,macosx"/>
<netBIOSSMB sessionPort="1139" namePort="1137" datagramPort="1138" platforms="linux,solaris,macosx"/>
<hostAnnounce interval="5"/>
<Win32NetBIOS/>
<Win32Announce interval="5"/>
<authenticator type="enterprise">
</authenticator>
<sessionDebug flags="Negotiate,Socket"/>
</config>
</alfresco-config>The above config produces the following output in alfresco.log when the "alfresco.sh start" command is issued:
12:17:10,456 INFO [org.alfresco.config.xml.XMLConfigService$PropertyConfigurer] Loading properties file from class path resource [alfresco/file-servers.properties]
12:17:11,102 DEBUG [org.alfresco.smb.protocol.auth] preRegister called. Server=com.sun.jmx.mbeanserver.JmxMBeanServer@18438d57, name=log4j:logger=org.alfresco.smb.protocol.auth
12:17:14,939 INFO [org.alfresco.repo.domain.schema.SchemaBootstrap] Schema managed by database dialect org.hibernate.dialect.MySQLInnoDBDialect.
12:17:15,297 INFO [org.alfresco.repo.domain.schema.SchemaBootstrap] No changes were made to the schema.
12:17:16,419 INFO [org.alfresco.repo.admin.ConfigurationChecker] The Alfresco root data directory ('dir.root') is: /opt/alfresco/alf_data
12:17:16,441 INFO [org.alfresco.repo.admin.patch.PatchExecuter] Checking for patches to apply …
12:17:16,586 INFO [org.alfresco.repo.admin.patch.PatchExecuter] No patches were required.
12:17:16,589 INFO [org.alfresco.repo.module.ModuleServiceImpl] Found 0 module(s).
12:17:16,961 INFO [org.alfresco.service.descriptor.DescriptorService] Alfresco JVM - v1.6.0_11-b03; maximum heap size 910.250MB
12:17:16,961 INFO [org.alfresco.service.descriptor.DescriptorService] Alfresco started (Labs): Current version 3.0.0 (c 1342) schema 1000 - Installed version 3.0.0 (c 1342) schema 1000
12:17:17,068 WARN [org.alfresco.linkvalidation.LinkValidationServiceImpl] LinkValidationService Update is not running (virtualization server not registered or started)
12:17:26,249 INFO [org.alfresco.web.scripts.DeclarativeRegistry] Registered 21 Web Scripts (+0 failed), 23 URLs
12:17:26,250 INFO [org.alfresco.web.scripts.AbstractRuntimeContainer] Initialised Presentation Web Script Container (in 65.977ms)
12:17:26,417 INFO [org.alfresco.web.scripts.DeclarativeRegistry] Registered 134 Web Scripts (+0 failed), 136 URLs
12:17:26,417 INFO [org.alfresco.web.scripts.AbstractRuntimeContainer] Initialised WebFramework Web Script Container (in 164.794ms)
12:17:26,436 INFO [org.alfresco.web.site.FrameworkHelper] Successfully Initialized Web Framework
12:17:57,744 INFO [org.alfresco.web.site.FrameworkHelper] Successfully Initialized Web FrameworkAgain, the result of the above configuration is that no user can use the Windows XP "Map Network Drive…" function to map the CIFS server as a shared drive.
Where is the error in this out-of-the-box configuration?
Labels:
- Labels:
-
Archive
32 REPLIES 32
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-14-2009 05:42 PM
Hi
Could you try adding a <disableNTLM/> config tag to the "CIFS Server" section of file-servers-custom.xml ? It means you won't be able to do non-domain logons, but would be interesting to see if it solves the immediate issue.
As Mark says above, this should be tried on either HEAD (Labs 3D-dev) or Enterprise 3.0 SP1.
Thanks,
Mike
Could you try adding a <disableNTLM/> config tag to the "CIFS Server" section of file-servers-custom.xml ? It means you won't be able to do non-domain logons, but would be interesting to see if it solves the immediate issue.
As Mark says above, this should be tried on either HEAD (Labs 3D-dev) or Enterprise 3.0 SP1.
Thanks,
Mike
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-15-2009 02:26 PM
Could you try adding a <disableNTLM/> config tag to the "CIFS Server" section of file-servers-custom.xml ? It means you won't be able to do non-domain logons, but would be interesting to see if it solves the immediate issue.
As Mark says above, this should be tried on either HEAD (Labs 3D-dev) or Enterprise 3.0 SP1.
Mike - I just went ahead and tried your suggestion. It changed the output to alfresco.log when attempting a "Map Network Drive", but still did not work. Here is the file I changed and the output to alfresco.log.
/opt/alfresco/tomcat/shared/classes/alfresco/extension/file-servers-custom.xml
<alfresco-config area="file-servers">
<config evaluator="string-compare" condition="Filesystems" replace="true">
<filesystems>
<filesystem name="Alfresco">
<store>workspace://SpacesStore</store>
<rootPath>/app:company_home</rootPath>
<urlFile>
<filename>__Alfresco.url</filename>
<webpath>http://${localname}:8080/alfresco/</webpath>
</urlFile>
<offlineFiles/>
<desktopActions>
<global>
<path>alfresco/desktop/Alfresco.exe</path>
<webpath>http://${localname}:8080/alfresco/</webpath>
</global>
<action>
<class>org.alfresco.filesys.repo.desk.CheckInOutDesktopAction</class>
<name>CheckInOut</name>
<filename>__CheckInOut.exe</filename>
</action>
<action>
<class>org.alfresco.filesys.repo.desk.JavaScriptDesktopAction</class>
<name>JavaScriptURL</name>
<filename>__ShowDetails.exe</filename>
<script>alfresco/desktop/showDetails.js</script>
<attributes>anyFiles</attributes>
<preprocess>copyToTarget</preprocess>
</action>
</desktopActions>
</filesystem>
<avmfilesystem name="AVM">
<virtualView/>
</avmfilesystem>
</filesystems>
</config>
<config evaluator="string-compare" condition="CIFS Server" replace="true">
<serverEnable enabled="true"/>
<host name="${cifs.localname}" domain="${cifs.domain}"/>
<comment>Alfresco CIFS Server</comment>
<broadcast>${cifs.broadcast}</broadcast>
<tcpipSMB port="1445" platforms="linux,solaris,macosx"/>
<netBIOSSMB sessionPort="1139" namePort="1137" datagramPort="1138" platforms="linux,solaris,macosx"/>
<hostAnnounce interval="5"/>
<Win32NetBIOS/>
<Win32Announce interval="5"/>
<authenticator type="enterprise">
<KDC>adserver.my.domain.com</KDC>
<Realm>MY.REALM.COM</Realm>
<Password>…</Password>
<Principal>cifs/alfserver.my.domain.com</Principal>
<disableNTLM/>
</authenticator>
<sessionDebug flags="Negotiate,Socket"/>
</config>
<config evaluator="string-compare" condition="Filesystem Security" replace="true">
<authenticator type="enterprise">
</authenticator>
</config>
</alfresco-config>/opt/alfresco/alfresco.log (NOTE: This is the result from the "alfresco.sh start" command)
14:08:03,101 INFO [org.alfresco.config.xml.XMLConfigService$PropertyConfigurer] Loading properties file from class path resource [alfresco/file-servers.properties]
14:08:03,744 DEBUG [org.alfresco.repo.webdav.auth.NTLMAuthenticationFilter] preRegister called. Server=com.sun.jmx.mbeanserver.JmxMBeanServer@59596138, name=log4j:logger=org.alfresco.repo.webdav.auth.NTLMAuthenticationFilter
14:08:03,744 DEBUG [org.alfresco.smb.protocol.auth] preRegister called. Server=com.sun.jmx.mbeanserver.JmxMBeanServer@59596138, name=log4j:logger=org.alfresco.smb.protocol.auth
14:08:03,745 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] preRegister called. Server=com.sun.jmx.mbeanserver.JmxMBeanServer@59596138, name=log4j:logger=org.alfresco.web.app.servlet.NTLMAuthenticationFilter
14:08:07,475 INFO [org.alfresco.repo.domain.schema.SchemaBootstrap] Schema managed by database dialect org.hibernate.dialect.MySQLInnoDBDialect.
14:08:07,854 INFO [org.alfresco.repo.domain.schema.SchemaBootstrap] No changes were made to the schema.
14:08:08,907 INFO [org.alfresco.repo.admin.ConfigurationChecker] The Alfresco root data directory ('dir.root') is: /opt/alfresco/alf_data
14:08:08,939 INFO [org.alfresco.repo.admin.patch.PatchExecuter] Checking for patches to apply …
14:08:09,104 INFO [org.alfresco.repo.admin.patch.PatchExecuter] No patches were required.
14:08:09,107 INFO [org.alfresco.repo.module.ModuleServiceImpl] Found 0 module(s).
14:08:09,411 DEBUG [org.alfresco.smb.protocol.auth] Logged on using principal cifs/alfserver.my.domain.com@MY.REALM.COM
14:08:09,411 DEBUG [org.alfresco.smb.protocol.auth] Enabling mechTypes :-
14:08:09,411 DEBUG [org.alfresco.smb.protocol.auth] Kerberos5
14:08:09,411 DEBUG [org.alfresco.smb.protocol.auth] MS-Kerberos5
14:08:09,637 INFO [org.alfresco.service.descriptor.DescriptorService] Alfresco JVM - v1.6.0_11-b03; maximum heap size 910.250MB
14:08:09,637 INFO [org.alfresco.service.descriptor.DescriptorService] Alfresco started (Labs): Current version 3.0.0 (c 1342) schema 1000 - Installed version 3.0.0 (c 1342) schema 1000
14:08:09,752 WARN [org.alfresco.linkvalidation.LinkValidationServiceImpl] LinkValidationService Update is not running (virtualization server not registered or started)
14:08:18,497 INFO [org.alfresco.web.scripts.DeclarativeRegistry] Registered 21 Web Scripts (+0 failed), 23 URLs
14:08:18,498 INFO [org.alfresco.web.scripts.AbstractRuntimeContainer] Initialised Presentation Web Script Container (in 63.338ms)
14:08:18,669 INFO [org.alfresco.web.scripts.DeclarativeRegistry] Registered 134 Web Scripts (+0 failed), 136 URLs
14:08:18,669 INFO [org.alfresco.web.scripts.AbstractRuntimeContainer] Initialised WebFramework Web Script Container (in 168.63ms)
14:08:18,689 INFO [org.alfresco.web.site.FrameworkHelper] Successfully Initialized Web Framework
14:08:50,064 INFO [org.alfresco.web.site.FrameworkHelper] Successfully Initialized Web Framework"Map Network Drive" (Drive: Z: ; Folder: \\alfserver\alfresco), click Finish
14:21:22,067 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup SPNEGO, MID=8, UID=0, PID=65279
14:21:22,072 DEBUG [org.alfresco.smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=985,Authenticator=EncType=23,Kvno=-1,Len=181]
14:21:22,073 DEBUG [org.alfresco.smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
14:21:22,163 DEBUG [org.alfresco.smb.protocol.auth] Using OID MS Kerberos5 for NegTokenTarg
14:21:22,167 DEBUG [org.alfresco.smb.protocol.auth] Created NegTokenTarg using updated AP-REP, added subkey
14:21:22,167 DEBUG [org.alfresco.smb.protocol.auth] Machine account logon, client PC name>$, as null logon
14:21:22,167 DEBUG [org.alfresco.smb.protocol.auth] Logged on using Kerberos, user <client PC name>$
14:21:22,168 DEBUG [org.alfresco.smb.protocol.auth] User logged on (type Null)
14:21:22,170 DEBUG [org.alfresco.smb.protocol.auth] Allocated UID=0 for VC=[0:0,[:null,Windows XP 3790 Service Pack 2,,128.183.223.147],Tree=0,Searches=0]
14:21:22,214 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup SPNEGO, MID=24, UID=0, PID=65279
14:21:22,215 DEBUG [org.alfresco.smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=1020,Authenticator=EncType=23,Kvno=-1,Len=176]
14:21:22,215 DEBUG [org.alfresco.smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
14:21:22,225 DEBUG [org.alfresco.smb.protocol.auth] Using OID MS Kerberos5 for NegTokenTarg
14:21:22,226 DEBUG [org.alfresco.smb.protocol.auth] Created NegTokenTarg using updated AP-REP, added subkey
14:21:22,245 DEBUG [org.alfresco.smb.protocol.auth] Logged on using Kerberos, user <user>
14:21:22,246 DEBUG [org.alfresco.smb.protocol.auth] User <user>@MY.REALM.COM logged on (type Normal)
14:21:22,246 DEBUG [org.alfresco.smb.protocol.auth] Allocated UID=1 for VC=[1:1,[<user>@MY.REALM.COM:null,Windows XP 3790 Service Pack 2,,123.234.123.147],Tree=0,Searches=0]"Map Network Drive" (Drive: Z: ; Folder: \\alfserver\alfresco), click "Connect using a different user name" (User name: Alfresco\<user>); Note that <user> is the same value entered when logging into the client PC attempting to "Map Network Drive"
14:23:49,828 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup SPNEGO, MID=8, UID=0, PID=65279
14:23:49,829 DEBUG [org.alfresco.smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=985,Authenticator=EncType=23,Kvno=-1,Len=181]
14:23:49,829 DEBUG [org.alfresco.smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
14:23:49,833 DEBUG [org.alfresco.smb.protocol.auth] Using OID MS Kerberos5 for NegTokenTarg
14:23:49,834 DEBUG [org.alfresco.smb.protocol.auth] Created NegTokenTarg using updated AP-REP, added subkey
14:23:49,834 DEBUG [org.alfresco.smb.protocol.auth] Machine account logon, <client PC name>$, as null logon
14:23:49,834 DEBUG [org.alfresco.smb.protocol.auth] Logged on using Kerberos, user <client PC name>$
14:23:49,834 DEBUG [org.alfresco.smb.protocol.auth] User logged on (type Null)
14:23:49,835 DEBUG [org.alfresco.smb.protocol.auth] Allocated UID=0 for VC=[0:0,[:null,Windows XP 3790 Service Pack 2,,128.183.223.147],Tree=0,Searches=0]Still searching for the answer…
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-15-2009 03:55 PM
Anyone at alfresco know if Cifs with AD can actually be done? a simple yes of no answer would be good because there are so many conflicting reports some people seem to get it working and then some say it cant be done because of cifs bugs?
If we cant get cifs working against AD properly with SSO there is no point in me continuing with this and i'll have to start testing out sharepoint for the company as there seems to be no alternative available.
If we cant get cifs working against AD properly with SSO there is no point in me continuing with this and i'll have to start testing out sharepoint for the company as there seems to be no alternative available.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-16-2009 11:25 AM
I am now trying a trial version of Alfresco Enterprise 3.0.1. Applied the same configuration as used in the first 2 posts of this thread for Labs 3c and still seeing the same issues.
I refuse to believe that the CIFS server does not work in all of the Alfresco versions I've tried. What am I doing wrong? Could this be a client-side issue?
I would really like to explore what could be causing this issue on the client side of things, but the problem is I don't know where to look or what to look for. Again, we're hosting Alfresco on a RHEL 5.2 server (running under a non-root account), which is attempting to be accessed via CIFS by Windows XP Professional SP3 (and a few x64 SP2 PCs, of which my PC is one) PCs. All I need is for CIFS to work.
There has to be an answer out there somewhere…
I refuse to believe that the CIFS server does not work in all of the Alfresco versions I've tried. What am I doing wrong? Could this be a client-side issue?
I would really like to explore what could be causing this issue on the client side of things, but the problem is I don't know where to look or what to look for. Again, we're hosting Alfresco on a RHEL 5.2 server (running under a non-root account), which is attempting to be accessed via CIFS by Windows XP Professional SP3 (and a few x64 SP2 PCs, of which my PC is one) PCs. All I need is for CIFS to work.
There has to be an answer out there somewhere…
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-16-2009 12:41 PM
I would really like to explore what could be causing this issue on the client side of things, but the problem is I don't know where to look or what to look for. Again, we're hosting Alfresco on a RHEL 5.2 server (running under a non-root account), which is attempting to be accessed via CIFS by Windows XP Professional SP3 (and a few x64 SP2 PCs, of which my PC is one) PCs. All I need is for CIFS to work.
There has to be an answer out there somewhere…
Based on the following Microsoft Support Knowledge Base article, I am starting to think the issue I'm experiencing is directly related to group policy-level configuration. Here's the article, for reference:
http://support.microsoft.com/kb/281648
I am now in the process of exploring our group policy-level configuration and figuring out what could be an issue… I will report back.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-17-2009 05:08 PM
I've managed to get CIFS to work with Alfresco 3d-dev nightly build from Jan 02. It contains some fixes from the enterprise version. It's a Windows 2003 server 32-bit in an AD environment. Same config on 64-bit won't work (tho it's a lot larger repository so it might be related to that). It seems up but accessing it just locks processor and then dies after a while. Java.exe remains using 50% proc.
Config:
ntlm-authentication-context.xml (note the usage of BOTH domain\server,server!):
file-servers-custom.xml
file-server.properties:
+ usual NTLM changes in web.xml
Note that we can't access CIFS on any Alfresco version from XP SP3 or Vista SP1 computers. If anyone has a clue how to fix this on client side…
Hope this helps.
Config:
ntlm-authentication-context.xml (note the usage of BOTH domain\server,server!):
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
<bean id="authenticationDao" class="org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao" >
<property name="allowSetEnabled" value="true" />
<property name="allowGetEnabled" value="true" />
<property name="allowDeleteUser" value="true" />
<property name="allowCreateUser" value="true" />
</bean>
<!– The authentication component. –>
<!– Use the passthru authentication component to authenticate using –>
<!– user accounts on one or more Windows servers. –>
<!– Properties that specify the server(s) to use for passthru –>
<!– authentication :- –>
<!– useLocalServer use the local server for authentication –>
<!– domain use domain controllers from the specified domain–>
<!– servers comma delimted list of server addresses or –>
<!– names –>
<bean id="authenticationComponent"
class="org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl"
parent="authenticationComponentBase">
<property name="useLocalServer">
<value>false</value>
</property>
<property name="servers">
<value>DOMAIN\DC,DC</value>
</property>
<property name="personService">
<ref bean="personService" />
</property>
<property name="nodeService">
<ref bean="nodeService" />
</property>
<property name="transactionService">
<ref bean="transactionComponent" />
</property>
<property name="guestAccess">
<value>false</value>
</property>
</bean>
</beans>
file-servers-custom.xml
<alfresco-config area="file-servers">
<!– To override the default Alfresco filesystem use replace="true", to –>
<!– add additional filesystems remove the replace="true" attribute –>
<config evaluator="string-compare" condition="CIFS Server" replace="true">
<serverEnable enabled="true"/>
<host name="${cifs.localname}_A" domain="${cifs.domain}"/>
<comment>Alfresco CIFS Server</comment>
<!– Set to the broadcast mask for the subnet –>
<broadcast>${cifs.broadcast}</broadcast>
<!– Use Java socket based NetBIOS over TCP/IP and native SMB on linux –>
<!–
<tcpipSMB platforms="linux,solaris,macosx"/>
<netBIOSSMB platforms="linux,solaris,macosx"/>
–>
<!– Can be mapped to non-privileged ports, then use firewall rules to forward
requests from the standard ports –>
<!–
<tcpipSMB port="1445" platforms="linux,solaris,macosx"/>
<netBIOSSMB sessionPort="1139" namePort="1137" datagramPort="1138" platforms="linux,solaris,macosx"/>
–>
<hostAnnounce interval="5"/>
<!– Use Win32 NetBIOS interface on Windows –>
<Win32NetBIOS/>
<Win32Announce interval="5"/>
<!– CIFS authentication –>
<authenticator type="alfresco">
</authenticator>
<!–
<WINS>
<primary>1.2.3.4</primary>
<secondary>5.6.7.8</secondary>
</WINS>
–>
<sessionDebug flags="Negotiate,Socket"/>
</config>
<config evaluator="string-compare" condition="Filesystems" replace="true">
<filesystems>
<filesystem name="Alfresco">
<store>workspace://SpacesStore</store>
<rootPath>/app:company_home</rootPath>
<!– Add a URL file to each folder that links back to the web client –>
<urlFile>
<filename>__Alfresco.url</filename>
<webpath>http://${localname}:8080/alfresco/</webpath>
</urlFile>
<!– Mark locked files as offline –>
<offlineFiles/>
<!– Desktop actions –>
<desktopActions>
<global>
<path>alfresco/desktop/Alfresco.exe</path>
<webpath>http://${localname}:8080/alfresco/</webpath>
</global>
<action>
<class>org.alfresco.filesys.repo.desk.CheckInOutDesktopAction</class>
<name>CheckInOut</name>
<filename>__CheckInOut.exe</filename>
</action>
<action>
<class>org.alfresco.filesys.repo.desk.JavaScriptDesktopAction</class>
<name>JavaScriptURL</name>
<filename>__ShowDetails.exe</filename>
<script>alfresco/desktop/showDetails.js</script>
<attributes>anyFiles</attributes>
<preprocess>copyToTarget</preprocess>
</action>
</desktopActions>
<!–
<accessControl default="Write">
<user name="admin" access="Write"/>
<address subnet="90.1.0.0" mask="255.255.0.0" access="Write"/>
</accessControl>
–>
</filesystem>
<!– AVM virtualization view of all stores/versions for WCM –>
<avmfilesystem name="AVM">
<virtualView/>
</avmfilesystem>
</filesystems>
</config>
</alfresco-config>
file-server.properties:
cifs.localname=${localname}
cifs.domain=DOMAIN
cifs.broadcast=172.16.1.255
+ usual NTLM changes in web.xml
Note that we can't access CIFS on any Alfresco version from XP SP3 or Vista SP1 computers. If anyone has a clue how to fix this on client side…
Hope this helps.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-19-2009 08:38 AM
I've managed to get CIFS to work with Alfresco 3d-dev nightly build from Jan 02. It contains some fixes from the enterprise version. It's a Windows 2003 server 32-bit in an AD environment. Same config on 64-bit won't work (tho it's a lot larger repository so it might be related to that). It seems up but accessing it just locks processor and then dies after a while. Java.exe remains using 50% proc.
… SNIP …
Note that we can't access CIFS on any Alfresco version from XP SP3 or Vista SP1 computers. If anyone has a clue how to fix this on client side…
The first issue you mention (locking up all CPU utilization, then Alfresco dying) I am completely unfamiliar with. Alfresco is installed on RedHat Enterprise Linux 5.2 in an Active Directory environment and I have not experienced the issue you mention.
The second issue you mention is exactly what I am currently investigating; client-side group policies that may be preventing CIFS access. I too have been completely unable to get CIFS working on ANY Alfresco version I've tried. Unfortunately, I do not control the group policy configurations; I have to wait on a third party to a) allow/approve the changes and b) make the changes. Here's my latest post where I linked some Microsoft documentation that may just be the answer to our problem:
Based on the following Microsoft Support Knowledge Base article, I am starting to think the issue I'm experiencing is directly related to group policy-level configuration. Here's the article, for reference:
http://support.microsoft.com/kb/281648
I am now in the process of exploring our group policy-level configuration and figuring out what could be an issue… I will report back.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-19-2009 08:55 AM
I've managed to get CIFS to work with Alfresco 3d-dev nightly build from Jan 02. It contains some fixes from the enterprise version. It's a Windows 2003 server 32-bit in an AD environment. Same config on 64-bit won't work (tho it's a lot larger repository so it might be related to that). It seems up but accessing it just locks processor and then dies after a while. Java.exe remains using 50% proc.
… SNIP …
Note that we can't access CIFS on any Alfresco version from XP SP3 or Vista SP1 computers. If anyone has a clue how to fix this on client side…
The first issue you mention (locking up all CPU utilization, then Alfresco dying) I am completely unfamiliar with. Alfresco is installed on RedHat Enterprise Linux 5.2 in an Active Directory environment and I have not experienced the issue you mention.
The second issue you mention is exactly what I am currently investigating; client-side group policies that may be preventing CIFS access. I too have been completely unable to get CIFS working on ANY Alfresco version I've tried. Unfortunately, I do not control the group policy configurations; I have to wait on a third party to a) allow/approve the changes and b) make the changes. Here's my latest post where I linked some Microsoft documentation that may just be the answer to our problem:Based on the following Microsoft Support Knowledge Base article, I am starting to think the issue I'm experiencing is directly related to group policy-level configuration. Here's the article, for reference:
http://support.microsoft.com/kb/281648
I am now in the process of exploring our group policy-level configuration and figuring out what could be an issue… I will report back.
Hm, actually I've retested the CIFS on Vista SP1 with above configuration I posted and it does seem to work now. You are right about the Windows security settings as the point of failure. Namely LAN Manager Authentication Level parameter in group policy. We've tested this before and when environment was set to use only NTLMv2 hashes we couldn't get NTLM authentication to work. That parameter is set to Send LM & NTLM responses in our AD now and it works perfectly. On the other hand it's less secure. Details about those parameters: http://kb.iu.edu/data/atvn.html. Not sure what is the status of Alfresco supporting NTLMv2 now? Any info? I know it wasn't supported in 2.1.
As for the CIFS locking processor - it only happens on 64bit server. Is your server (java) 32 or 64 bit? Btw it dies on client side. Alfresco still runs normally, proc on 50% or so, then calms down after a while.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-19-2009 02:52 PM
Hm, actually I've retested the CIFS on Vista SP1 with above configuration I posted and it does seem to work now. You are right about the Windows security settings as the point of failure. Namely LAN Manager Authentication Level parameter in group policy. We've tested this before and when environment was set to use only NTLMv2 hashes we couldn't get NTLM authentication to work. That parameter is set to Send LM & NTLM responses in our AD now and it works perfectly. On the other hand it's less secure. Details about those parameters: http://kb.iu.edu/data/atvn.html. Not sure what is the status of Alfresco supporting NTLMv2 now? Any info? I know it wasn't supported in 2.1.
As for the CIFS locking processor - it only happens on 64bit server. Is your server (java) 32 or 64 bit? Btw it dies on client side. Alfresco still runs normally, proc on 50% or so, then calms down after a while.
In our case, I have confirmed with the administrators of our group policy settings that we can not change the existing settings.
It seems that Samba may provide the workaround we need. So now, we are going to install and configure Samba on our RHEL 5.2 server in an attempt to allow Alfresco to be mapped as a Network Drive. Apparently, Samba now supports both digital signatures and NTLMv2 hashing, which should get us to where we want to be.
I will keep you informed…
P.S. It would seem that Alfresco needs to give serious consideration to supporting NTLMv2…
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-19-2009 11:33 PM
In my case Send LM & NTLM responses is already set, So I dont think this is the problem.
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
