Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Explorer - NTLM SSO Authentication Error

unknown-user
Champ on-the-rise
Champ on-the-rise

‎10-08-2010 01:47 PM

I am getting the following error when trying to access my Alfresco Explorer site when NTLM SSO is enabled for the alfrescoNtlm authentication chain:

java.lang.UnsatisfiedLinkError: org.alfresco.jlan.netbios.win32.Win32NetBIOS.GetLocalNetBIOSName()Ljava/lang/String;

The details of the error are as follows:

java.lang.UnsatisfiedLinkError: org.alfresco.jlan.netbios.win32.Win32NetBIOS.GetLocalNetBIOSName()Ljava/lang/String; 
at org.alfresco.jlan.netbios.win32.Win32NetBIOS.GetLocalNetBIOSName(Native Method) 
at org.alfresco.filesys.AbstractServerConfigurationBean.getLocalServerName(AbstractServerConfigurationBean.java:665) 
at org.alfresco.filesys.AbstractServerConfigurationBean.getLocalServerName(AbstractServerConfigurationBean.java:625) 
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) 
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) 
at java.lang.reflect.Method.invoke(Method.java:597) 
at org.alfresco.repo.management.subsystems.SubsystemProxyFactory$1.invoke(SubsystemProxyFactory.java:65) 
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) 
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202) 
at $Proxy62.getLocalServerName(Unknown Source) 
at org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter.getServerName(BaseSSOAuthenticationFilter.java:457) 
at org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter.processType1(BaseNTLMAuthenticationFilter.java:386) 
at org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter.authenticateRequest(BaseNTLMAuthenticationFilter.java:278) 
at org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter.doFilter(BaseSSOAuthenticationFilter.java:132) 
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) 
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) 
at java.lang.reflect.Method.invoke(Method.java:597) 
at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:103) 
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) 
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202) 
at $Proxy240.doFilter(Unknown Source) 
at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:82) 
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) 
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) 
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) 
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) 
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) 
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) 
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) 
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298) 
at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:859) 
at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:579) 
at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1555) 
at java.lang.Thread.run(Thread.java:619)

My alfresco-global.properties is unchanged, with the following chain:

authentication.chain=alfrescoNtlm1:alfrescoNtlm

My ntlm-filter.properties located at C:\Alfresco\tomcat\webapps\WEB-INF\classes\alfresco\subsystems\Authentication\alfrescoNtlm\ is as follows:


ntlm.authentication.sso.enabled=true
ntlm.authentication.mapUnknownUserToGuest=false
ntlm.authentication.browser.ticketLogons=true

I have also added C:\Alfresco\bin to my PATH on the server and added http:\\WEBCONTENT02:8080\alfresco as a trusted website in IE8 yet I am still getting the above error.  When I set ntlm.authentication.sso.enabled=false, I am able to bring up the Alfresco Explorer and log in as the admin without any issues.  I have tried setting up passthru as well following the Wiki instructions but have been getting the same error whenever SSO is enabled.

I am running Alfresco CE 3.4a on Windows Server 2008 with a MySQL database.  We use Active Directory as our user authentication.  Any help would be greatly appreciated.

Regards,

Matthew Rose
Labels:
0 Kudos
7 REPLIES 7

unknown-user
Champ on-the-rise
Champ on-the-rise

‎10-08-2010 02:55 PM

As an update, I am still extremely new to this realm of SSO and LDAP integration.  I realize in the original post that in order for SSO to work with the default alfrescoNtlm, I must have the user accounts set up to match our Windows accounts used to log in.  This is not what I want, I want to be able to leverage our existing Active Directory structure within Alfresco by synchronizing a subset of accounts into Alfresco.  I then want to enable passthru to allow our users to utilize SSO for both Share and Explorer.

I have LDAP-AD synchronization working and am working on getting passthru set up now.  I have altered passthru-authentication-context.properties to the following:

passthru.authentication.useLocalServer=false
passthru.authentication.domain=
passthru.authentication.servers=[DomainName]\\[DomainController1],[DomainController2]
passthru.authentication.guestAccess=true
passthru.authentication.defaultAdministratorUserNames=alfrescotest@domain.com
#Timeout value when opening a session to an authentication server, in milliseconds
passthru.authentication.connectTimeout=5000
#Offline server check interval in seconds
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=NetBIOS,TCPIP
passthru.authentication.authenticateCIFS=true
passthru.authentication.authenticateFTP=false

I have also altered ntlm-filter.properties to the following:

ntlm.authentication.sso.enabled=true
ntlm.authentication.mapUnknownUserToGuest=true
ntlm.authentication.browser.ticketLogons=true

I have set ldap.authentication.active=false in ldap-ad-authentication.properties as well so the two do not conflict.

I am getting the following error when I navigate to http://webcontent02:8080/alfresco:

java.lang.UnsatisfiedLinkError: org.alfresco.jlan.netbios.win32.Win32NetBIOS.GetLocalNetBIOSName()Ljava/lang/String; 
at org.alfresco.jlan.netbios.win32.Win32NetBIOS.GetLocalNetBIOSName(Native Method) 
at org.alfresco.filesys.AbstractServerConfigurationBean.getLocalServerName(AbstractServerConfigurationBean.java:665) 
at org.alfresco.filesys.AbstractServerConfigurationBean.getLocalServerName(AbstractServerConfigurationBean.java:625) 
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) 
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) 
at java.lang.reflect.Method.invoke(Method.java:597) 
at org.alfresco.repo.management.subsystems.SubsystemProxyFactory$1.invoke(SubsystemProxyFactory.java:65) 
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) 
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202) 
at $Proxy62.getLocalServerName(Unknown Source) 
at org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter.getServerName(BaseSSOAuthenticationFilter.java:457) 
at org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter.processType1(BaseNTLMAuthenticationFilter.java:386) 
at org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter.authenticateRequest(BaseNTLMAuthenticationFilter.java:278) 
at org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter.doFilter(BaseSSOAuthenticationFilter.java:132) 
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) 
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) 
at java.lang.reflect.Method.invoke(Method.java:597) 
at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:103) 
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) 
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202) 
at $Proxy240.doFilter(Unknown Source) 
at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:82) 
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) 
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) 
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) 
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) 
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) 
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) 
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) 
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298) 
at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:859) 
at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:579) 
at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1555) 
at java.lang.Thread.run(Thread.java:619)

I am finally beginning to see how all of this ties together but just need some additional help to get over the hump.  Please let me know if you need additional information.  Any help would be greatly appreciated.

Regards,

Matthew Rose
0 Kudos

unknown-user
Champ on-the-rise
Champ on-the-rise

‎10-12-2010 12:41 PM

Okay, so I have some additional information that may help elicit a response from the Alfresco Community.  I have everything functioning properly with LDAP-AD as far as authentication and synchronization goes.  If I enable SSO in passthru/ntlm-filter.properties, set ldap.authentication.active=false in ldap-ad/ldap-ad-authentication.properties and add passthru1Smiley Tongueassthru into my authentication chain, I get the following error:

net.sf.acegisecurity.AuthenticationServiceException: Failed to open passthru auth session at org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.authenticatePassthru(NTLMAuthenticationComponentImpl.java:783)

If I disable SSO, it lets me get in just fine by entering the credentials manually.

Here are the debug logs for the last few authentication attempts:


09:33:57,111  DEBUG [alfresco.passthru.auth] Authenticate user=admin via local credentials
09:33:57,111  DEBUG [alfresco.passthru.auth] Authenticate org.alfresco.repo.security.authentication.ntlm.NTLMLocalToken@1165281: Username: admin; Password: [PROTECTED]; Authenticated: false; Details: null; Not granted any authorities via token
Exception in thread "Thread-73" org.apache.chemistry.opencmis.commons.exceptions.CmisRuntimeException: Unauthorized
   at org.apache.chemistry.opencmis.client.bindings.spi.atompub.AbstractAtomPubService.convertStatusCode(AbstractAtomPubService.java:411)
   at org.apache.chemistry.opencmis.client.bindings.spi.atompub.AbstractAtomPubService.read(AbstractAtomPubService.java:483)
   at org.apache.chemistry.opencmis.client.bindings.spi.atompub.AbstractAtomPubService.getRepositoriesInternal(AbstractAtomPubService.java:635)
   at org.apache.chemistry.opencmis.client.bindings.spi.atompub.RepositoryServiceImpl.getRepositoryInfos(RepositoryServiceImpl.java:68)
   at org.apache.chemistry.opencmis.client.bindings.impl.RepositoryServiceImpl.getRepositoryInfos(RepositoryServiceImpl.java:85)
   at org.apache.chemistry.opencmis.client.runtime.SessionFactoryImpl.getRepositories(SessionFactoryImpl.java:108)
   at org.alfresco.wcm.client.util.impl.GuestSessionFactoryImpl.getRepository(GuestSessionFactoryImpl.java:105)
   at org.alfresco.wcm.client.util.impl.GuestSessionFactoryImpl.run(GuestSessionFactoryImpl.java:115)
   at java.lang.Thread.run(Thread.java:619)
09:34:08,518  DEBUG [alfresco.passthru.auth] Authenticate org.alfresco.repo.security.authentication.ntlm.NTLMPassthruToken@194ef9f: Username: null; Password: [PROTECTED]; Authenticated: false; Details: null; Not granted any authorities via token
09:34:20,736 User:guest DEBUG [alfresco.passthru.auth] Authenticate org.alfresco.repo.security.authentication.ntlm.NTLMPassthruToken@624159: Username: null; Password: [PROTECTED]; Authenticated: false; Details: null; Not granted any authorities via token
09:34:20,846 User:guest DEBUG [alfresco.passthru.auth] Passthru stage 1 token org.alfresco.repo.security.authentication.ntlm.NTLMPassthruToken@624159: Username: null; Password: [PROTECTED]; Authenticated: false; Details: [DOMAIN]\[SERVER_IP],TCP/IP NetBIOS; Not granted any authorities
09:35:22,222  DEBUG [alfresco.passthru.auth] Removed expired NTLM token org.alfresco.repo.security.authentication.ntlm.NTLMPassthruToken@624159: Username: null; Password: [PROTECTED]; Authenticated: false; Details: [DOMAIN]\[SERVER_IP],TCP/IP NetBIOS; Not granted any authorities

As you can see from the logs, the username is not correctly being passed in both IE8 and Firefox 3.6.10.  I have added our server IP address to the about:config in Firefox as the Wiki explains and other posts have explained as well as added the server in IE8 as a trusted Intranet server.

Any help would be greatly appreciated!  I am running on Windows Server 2008, MySQL Database, and Alfresco CE 3.4a.  I would really like to get SSO working as this will be used company-wide for our Intranet portal and would prefer to not force users to login each session.

Regards,

Matthew Rose
0 Kudos

denis
Champ in-the-making
Champ in-the-making

‎10-14-2010 12:10 PM

I'm having the same problem with 3.4a version. Did anybody solved this issue?
0 Kudos

unknown-user
Champ on-the-rise
Champ on-the-rise

‎10-15-2010 01:31 PM

I'm thinking it must be an error with the Win32NetBios.dll.  I've tried getting this to work on both Windows Server 2008 R2 and Windows Server 2003 with the same result.  I've downgraded our NTLM to allow v1 as many people have had to do because of the way Alfresco works as the "man-in-the-middle" and also set up IE7/IE8/Firefox to allow our server as a trusted URI but am still getting the same errors on both OS versions.

I'm going to try to get 3.3g working and see what happens to try to rule out user error.

Regards,

Matthew Rose
0 Kudos

netwerk
Champ in-the-making
Champ in-the-making

‎01-20-2011 07:28 AM

Any news on this issue?

We're expierencing the same problems on 3.4c:
-AlfrescoNTlm works ok
-LDAP-ad authentication / synchronization works ok
-Passthru works ok
- SSO passthru ….. no go (win32netbios errors)

thnx, BS (no BS)
0 Kudos

cdombrowski
Champ in-the-making
Champ in-the-making

‎02-01-2011 02:06 PM

Same issue here.  Help please!!
0 Kudos

msalihg
Champ in-the-making
Champ in-the-making

‎02-22-2012 04:49 AM

This problem might be because of you miss the "Win32NetBIOS.dll" file or the server cannot find its path.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC