Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Enterprise Platforms
- Alfresco
- Alfresco Archive
- I got authentication with Active Directory working
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
I got authentication with Active Directory working
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-04-2008 07:33 PM
Desktop Actions didn't work in Labs 3 B on Linux or Windows, so I installed Community 2.1 on a CentOS 4.6 Linux server.
I got it working by following the JAAS section of the Enterprise Security and Authentication Configuration WIKI, and configuring the CIFS passthru authenticator described in the CIFS Server Authentication WIKI (The only option I use is the Server option).
LDAP isn't a good solution becuase you can't use your normal account name…you have to use a distinguished name (DN).
NTLM worked Ok for the web interface, but I couldn't get it to work with CIFS (JLAN-46?).
The problem with the Configuring the CIFS and web servers for Kerberos/AD integration WIKI is:
1. The keytab is optional and over-complicates things
2. The Kerberos authentication web filter, in web.xml, is not available in Community 2.1
I got it working by following the JAAS section of the Enterprise Security and Authentication Configuration WIKI, and configuring the CIFS passthru authenticator described in the CIFS Server Authentication WIKI (The only option I use is the Server option).
LDAP isn't a good solution becuase you can't use your normal account name…you have to use a distinguished name (DN).
NTLM worked Ok for the web interface, but I couldn't get it to work with CIFS (JLAN-46?).
The problem with the Configuring the CIFS and web servers for Kerberos/AD integration WIKI is:
1. The keytab is optional and over-complicates things
2. The Kerberos authentication web filter, in web.xml, is not available in Community 2.1
Labels:
- Labels:
-
Archive
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-08-2008 04:51 PM
Can you post your configs… I am having issues getting Kerberos working with AD.
I have plenty of experiance in the [not working] passthru method for CIFS in Labs 3b and 3c…
so keen to see how you got it to work.
I have plenty of experiance in the [not working] passthru method for CIFS in Labs 3b and 3c…
so keen to see how you got it to work.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-07-2009 06:32 PM
[size=150]From the JAAS section of the Enterprise Security and Authentication Configuration WIKI[/size]
tomcat/shared/classes/alfresco/extension/jaas-authentication-context.xml:
tomcat/webapps/alfresco/WEB-INF/classes/alfresco/file-servers.xml:
tomcat/shared/classes/alfresco/extension/jaas-authentication-context.xml:
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
<!– The authentication component. –>
<!– Jass authentication - most of the config goes somewhere else –>
<bean id="authenticationComponent"
class="org.alfresco.repo.security.authentication.jaas.JAASAuthenticationComponent">
<property name="realm">
<value>AMALFI.LG.COM</value>
</property>
<property name="jaasConfigEntryName">
<value>Alfresco</value>
</property>
</bean>
<!– DAO that rejects changes - JAAS is read only at the moment. –>
<!– It does allow users to be deleted with out warnings from the UI. –>
<!– The user is still present in JAAS, only the personal information is removed from alfresco. –>
<bean name="authenticationDao" class="org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao" >
<property name="allowDeleteUser">
<value>true</value>
</property>
</bean>
</beans>…
#
# Default login configuration file
#
#login.config.url.1=file:${user.home}/.java.login.config
login.config.url.1=file:${java.home}/lib/security/java.login.config
…Alfresco {
com.sun.security.auth.module.Krb5LoginModule sufficient;
};
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
[libdefaults]
ticket_lifetime = 24000
default_realm = AMALFI.LG.COM
dns_lookup_realm = false
dns_lookup_kdc = false
default_tkt_enctypes = des-cbc-md5 des-cbc-crc
default_tgs_enctypes = des-cbc-md5 des-cbc-crc
[realms]
AMALFI.LG.COM = {
kdc = srv-lg3.amalfi.lg.com:88
kdc = ssvrc14.amalfi.lg.com:88
admin_server = srv-lg3.amalfi.lg.com:749
kpasswd_server = srv-lg3.amalfi.lg.com:464
kpasswd_protocol = SET_CHANGE
default_domain = amalfi.lg.com
}
[domain_realm]
.amalfi.lg.com = AMALFI.LG.COM
amalfi.lg.com = AMALFI.LG.COM
tomcat/webapps/alfresco/WEB-INF/classes/alfresco/file-servers.xml:
<alfresco-config area="file-servers">
<config evaluator="string-compare" condition="CIFS Server">
<serverEnable enabled="true"/>
<host name="${localname}" domain="amalfilg"/>
<comment>Alfresco CIFS Server</comment>
<!– Set to the broadcast mask for the subnet –>
<broadcast>255.255.255.255</broadcast>
<!– Use Java socket based NetBIOS over TCP/IP and native SMB on linux –>
<tcpipSMB platforms="linux,solaris,macosx"/>
<netBIOSSMB platforms="linux,solaris,macosx"/>
<!– Can be mapped to non-privileged ports, then use firewall rules to forward
requests from the standard ports –>
<!–
<tcpipSMB port="1445" platforms="linux,solaris,macosx"/>
<netBIOSSMB sessionPort="1139" namePort="1137" datagramPort="1138" platforms="linux,solaris,macosx"/>
–>
<!–
<hostAnnounce interval="5"/>
–>
<!– Use Win32 NetBIOS interface on Windows –>
<Win32NetBIOS/>
<Win32Announce interval="5"/>
<!–
<WINS>
<primary>1.2.3.4</primary>
<secondary>5.6.7.8</secondary>
</WINS>
–>
<sessionDebug flags="Negotiate,Socket"/>
</config>
<config evaluator="string-compare" condition="FTP Server">
<serverEnable enabled="true"/>
<!– <debug flags="File,Search,Error,Directory,Info,DataPort"/> –>
</config>
<config evaluator="string-compare" condition="NFS Server">
<serverEnable enabled="false"/>
</config>
<config evaluator="string-compare" condition="Filesystems">
<filesystems>
<!– Alfresco repository access shared filesystem –>
<filesystem name="Alfresco">
<store>workspace://SpacesStore</store>
<rootPath>/app:company_home</rootPath>
<!– Add a URL file to each folder that links back to the web client –>
<urlFile>
<filename>__AlfrescoClient.url</filename>
<webpath>http://${localname}:8080/alfresco/</webpath>
</urlFile>
<!– Mark locked files as offline –>
<offlineFiles/>
<!– Desktop actions –>
<!– Uses a client-side application to trigger a server-side action –>
<!– Echo - displays a message echoed from the server –>
<!– URL - launches a URL via the Windows shell –>
<!– CmdLine - launches the Notepad application –>
<!– CheckInOut - checks files in/out, drag and drop files onto the application –>
<!– JavaScript - run a server-side script –>
<!– JavaScriptURL - server-side script that generates a URL to the folder using a ticket –>
<!– to avoid having to logon –>
<!–
<desktopActions>
<global>
<path>alfresco/desktop/Alfresco.exe</path>
<webpath>http://${localname}:8080/alfresco/</webpath>
</global>
<action>
<class>org.alfresco.filesys.smb.server.repo.desk.EchoDesktopAction</class>
<name>Echo</name>
<filename>__AlfrescoEcho.exe</filename>
</action>
<action>
<class>org.alfresco.filesys.smb.server.repo.desk.URLDesktopAction</class>
<name>URL</name>
<filename>__AlfrescoURL.exe</filename>
</action>
<action>
<class>org.alfresco.filesys.smb.server.repo.desk.CmdLineDesktopAction</class>
<name>CmdLine</name>
<filename>__AlfrescoCmd.exe</filename>
</action>
<action>
<class>org.alfresco.filesys.smb.server.repo.desk.CheckInOutDesktopAction</class>
<name>CheckInOut</name>
<filename>__AlfrescoCheckInOut.exe</filename>
</action>
<action>
<class>org.alfresco.filesys.smb.server.repo.desk.JavaScriptDesktopAction</class>
<name>JavaScript</name>
<filename>__AlfrescoScript.exe</filename>
<script>alfresco/desktop/dumpRequest.js</script>
<attributes>anyFiles, multiplePaths , allowNoParams</attributes>
<preprocess>confirm, copyToTarget</preprocess>
</action>
<action>
<class>org.alfresco.filesys.smb.server.repo.desk.JavaScriptDesktopAction</class>
<name>JavaScriptURL</name>
<filename>__AlfrescoDetails.exe</filename>
<script>alfresco/desktop/showDetails.js</script>
<attributes>anyFiles</attributes>
<preprocess>copyToTarget</preprocess>
</action>
</desktopActions>
–>
<!–
<accessControl default="Write">
<user name="admin" access="Write"/>
<address subnet="90.1.0.0" mask="255.255.0.0" access="Write"/>
</accessControl>
–>
</filesystem>
<!– AVM virtualization view of all stores/versions for WCM –>
<avmfilesystem name="AVM">
<virtualView/>
</avmfilesystem>
</filesystems>
</config>
<config evaluator="string-compare" condition="Filesystem Security">
<authenticator type="passthru">
<Server>ssvrc14,srv-lg3</Server>
</authenticator>
<!–
<globalAccessControl default="None">
<user name="admin" access="Write"/>
<address ip="90.1.0.90" access="Write"/>
</globalAccessControl>
<users>
<localuser name="user">
<password>user</password>
<comment>Normal user account</comment>
</localuser>
<localuser name="administrator">
<password>admin</password>
<administrator/>
<comment>Administrator account</comment>
</localuser>
</users>
–>
</config>
</alfresco-config>
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-08-2009 09:35 AM
jmeehan - So, if I understand correctly, you now have Alfresco Community Labs 2.1 running on a CentOS 4.6 Linux server, authenticating via Kerberos against an Active Directory server for BOTH CIFS AND the Web UI?
And you accomplished this by following the directions in the JAAS section of the Enterprise Security and Authentication Wiki for the Web UI configuration and the directions in the CIFS Server Authentication Wiki for the CIFS server configuration?
Had you tried these exact same configurations with Alfresco Community Labs 3c?
And you accomplished this by following the directions in the JAAS section of the Enterprise Security and Authentication Wiki for the Web UI configuration and the directions in the CIFS Server Authentication Wiki for the CIFS server configuration?
Had you tried these exact same configurations with Alfresco Community Labs 3c?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-08-2009 12:15 PM
Yes, Community 2.1 (Not Labs), CentOS4.6, Kerberos authentication via AD for both CIFS and Web UI.
We're using Community 2.1 since desktop actions didn't work in Labs 3 B.
I haven't tried the same configuration for Labs 3 B. If you try, and it doesn't work, you may try using the Kerberos authentication web filter, in web.xml, from 'Configuring the CIFS and web servers for Kerberos/AD integration', which is not available in Community 2.1.
We're using Community 2.1 since desktop actions didn't work in Labs 3 B.
I haven't tried the same configuration for Labs 3 B. If you try, and it doesn't work, you may try using the Kerberos authentication web filter, in web.xml, from 'Configuring the CIFS and web servers for Kerberos/AD integration', which is not available in Community 2.1.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-13-2009 03:31 PM
I have started a thread that I hope to eventually turn into a AlfrescoWiki page for how to configure Active Directory authentication for both CIFS and the Web Interface in Alfresco Labs 3c.
Please see my thread:
[ERROR]Alfresco Engineers: CIFS auth does not work. Sugg?
Please come join in the discussion, or at least subscribe to the thread. I want to try to get everyone having these types of issues into the thread so that we can get a large collection of experiences and configurations.
We WILL find the answer for how to enable Active Directory authentication with CIFS in Alfresco!!
Please see my thread:
[ERROR]Alfresco Engineers: CIFS auth does not work. Sugg?
Please come join in the discussion, or at least subscribe to the thread. I want to try to get everyone having these types of issues into the thread so that we can get a large collection of experiences and configurations.
We WILL find the answer for how to enable Active Directory authentication with CIFS in Alfresco!!
Related Content
- ldapS configuration for samba-ad in Alfresco Forum
- How to enable Ticket base authentication ? in Alfresco Forum
- Authentication and synchronisation of Alfresco 23 with Active Directory in Alfresco Forum
- Indexing and solr search problems for large amount of data in Alfresco Forum
- Indexing and search problems for large amount of data in Alfresco Forum
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
