Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Content Management
- Alfresco
- Alfresco Archive
- Re: I have access problem on CIFS
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
I have access problem on CIFS
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-02-2007 05:25 AM
Hi!
I have access problem on CIFS. The problem can be re-produced as the following scenario:
1. Start alfresco 2.0
2. net use \\xxxx_a\alfresco password /user:xxx\richard
4. Stop Alfresco 2.0
5. Start Alfresco 2.0
6. start \\xxxx_a\alfresco. oops…
Windows XP pops up a window to show
"\\xxxx_a is not accessiable. You may not have permission…., access denied"
start \\xxxx_a. Windows XP pops up a logon challenge window.
7. net use \\xxxx_a\alfresco /delete
Windows XP pops up window showing "The device is being accessed by an active process.
More help is available by typing NET HELPMSG 2404."
ps. my ntlm-authentication-context.xml
I have access problem on CIFS. The problem can be re-produced as the following scenario:
1. Start alfresco 2.0
2. net use \\xxxx_a\alfresco password /user:xxx\richard
17:00:48,500 DEBUG [smb.protocol.auth] NT Session setup from user=htcmfgadmin, p
assword=52bc052828c501b0ce0b7b5fd4a34160dbe89c18fa2a0080, ANSIpwd=49d8e43d3d9072
3193ef2239a8408083707ee6cd50c14f02, domain=htctaoyuan, os=Windows 2002 Service P
ack 2 2600, VC=0, maxBuf=61440, maxMpx=4, authCtx=[NTLM,Challenge=25a58a919db113
24]
4. Stop Alfresco 2.0
5. Start Alfresco 2.0
6. start \\xxxx_a\alfresco. oops…
Windows XP pops up a window to show
"\\xxxx_a is not accessiable. You may not have permission…., access denied"
start \\xxxx_a. Windows XP pops up a logon challenge window.
17:01:02,328 DEBUG [smb.protocol.auth] NT Session setup from user=, password=non
e, ANSIpwd=00, domain=, os=Windows 2002 Service Pack 2 2600, VC=0, maxBuf=61440,
maxMpx=4, authCtx=[NTLM,Challenge=25a58a919db11324]
17:01:02,328 DEBUG [smb.protocol.auth] MID=13384, UID=0, PID=65279
17:01:02,328 DEBUG [smb.protocol.auth] Null CIFS logon allowed
17:01:02,328 DEBUG [smb.protocol.auth] User logged on (type Null)
17:01:02,328 DEBUG [smb.protocol.auth] Allocated UID=2 for VC=[0:2,[:null,,Windo
ws 2002 Service Pack 2 2600],Tree=0,Searches=0]
17:01:02,328 DEBUG [alfresco.smb.protocol] Logoff vc=[0:2,[:null,,Windows 2002 S
ervice Pack 2 2600],Tree=0,Searches=0]
7. net use \\xxxx_a\alfresco /delete
Windows XP pops up window showing "The device is being accessed by an active process.
More help is available by typing NET HELPMSG 2404."
ps. my ntlm-authentication-context.xml
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
<bean id="authenticationDao" class="org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticationDao" />
<!– The authentication component. –>
<!– Use the passthru authentication component to authenticate using –>
<!– user accounts on one or more Windows servers. –>
<!– Properties that specify the server(s) to use for passthru –>
<!– authentication :- –>
<!– useLocalServer use the local server for authentication –>
<!– domain use domain controllers from the specified domain–>
<!– servers comma delimted list of server addresses or –>
<!– names –>
<!–<bean id="authenticationComponentImpl" class="org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl">
–>
<bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl">
<!–
<property name="useLocalServer">
<value>true</value>
</property>
–>
<property name="servers">
<value>site1dc1,site2dc1</value>
</property>
<!–
<property name="domain">
<value>htctaoyuan</value>
</property>
–>
<property name="personService">
<ref bean="personService" />
</property>
<property name="nodeService">
<ref bean="nodeService" />
</property>
<property name="guestAccess">
<value>false</value>
</property>
</bean>
</beans>
Labels:
- Labels:
-
Archive
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-02-2007 10:17 AM
Greetings,
I am having a similar issue. Could you please post your file-servers.xml file.
I'd like to see how you have it configured. I have :
Its not working out too well for me.
Thanks,
Jim
*EDIT TYPO*
I am having a similar issue. Could you please post your file-servers.xml file.
I'd like to see how you have it configured. I have :
<config evaluator="string-compare" condition="Filesystem Security">
<authenticator type="alfresco">
</authenticator>
</config>Its not working out too well for me.
Thanks,
Jim
*EDIT TYPO*
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-02-2007 11:04 PM
Hi!
Yes. I configured it to use AlfrescoAuthenticator
Yes. I configured it to use AlfrescoAuthenticator
<alfresco-config area="file-servers">
<config evaluator="string-compare" condition="CIFS Server">
<serverEnable enabled="true"/>
<host name="${localname}_A"/>
<comment>Alfresco CIFS Server</comment>
<!– Set to the broadcast mask for the subnet –>
<!– <broadcast>255.255.255.255</broadcast> –>
<broadcast>255.255.248.0</broadcast>
<!– Use Java socket based NetBIOS over TCP/IP and native SMB on linux –>
<tcpipSMB platforms="linux,solaris,macosx"/>
<netBIOSSMB platforms="linux,solaris,macosx"/>
<!– Can be mapped to non-privileged ports, then use firewall rules to forward
requests from the standard ports –>
<!–
<tcpipSMB port="1445" platforms="linux,solaris,macosx"/>
<netBIOSSMB sessionPort="1139" namePort="1137" datagramPort="1138" platforms="linux,solaris,macosx"/>
–>
<hostAnnounce interval="5"/>
<!– Use Win32 NetBIOS interface on Windows –>
<Win32NetBIOS/>
<Win32Announce interval="5"/>
<WINS>
<primary>10.9.128.51</primary>
<secondary>10.9.128.52</secondary>
</WINS>
<sessionDebug flags="Negotiate,Socket"/>
</config>
<config evaluator="string-compare" condition="FTP Server">
<serverEnable enabled="true"/>
<!– <debug flags="File,Search,Error,Directory,Info,DataPort"/> –>
</config>
<config evaluator="string-compare" condition="NFS Server">
<serverEnable enabled="false"/>
</config>
<config evaluator="string-compare" condition="Filesystems">
<filesystems>
<!– Alfresco repository access shared filesystem –>
<filesystem name="Alfresco">
<store>workspace://SpacesStore</store>
<rootPath>/app:company_home</rootPath>
<!– Add a URL file to each folder that links back to the web client –>
<urlFile>
<filename>__AlfrescoClient.url</filename>
<webpath>http://${localname}:8080/alfresco/</webpath>
</urlFile>
<!– Mark locked files as offline –>
<offlineFiles/>
<!– Desktop actions –>
<!– Uses a client-side application to trigger a server-side action –>
<!– Echo - displays a message echoed from the server –>
<!– URL - launches a URL via the Windows shell –>
<!– CmdLine - launches the Notepad application –>
<!– CheckInOut - checks files in/out, drag and drop files onto the application –>
<!– JavaScript - run a server-side script –>
<!– JavaScriptURL - server-side script that generates a URL to the folder using a ticket –>
<!– to avoid having to logon –>
<!–
<desktopActions>
<global>
<path>alfresco/desktop/Alfresco.exe</path>
<webpath>http://${localname}:8080/alfresco/</webpath>
</global>
<action>
<class>org.alfresco.filesys.smb.server.repo.desk.EchoDesktopAction</class>
<name>Echo</name>
<filename>__AlfrescoEcho.exe</filename>
</action>
<action>
<class>org.alfresco.filesys.smb.server.repo.desk.URLDesktopAction</class>
<name>URL</name>
<filename>__AlfrescoURL.exe</filename>
</action>
<action>
<class>org.alfresco.filesys.smb.server.repo.desk.CmdLineDesktopAction</class>
<name>CmdLine</name>
<filename>__AlfrescoCmd.exe</filename>
</action>
<action>
<class>org.alfresco.filesys.smb.server.repo.desk.CheckInOutDesktopAction</class>
<name>CheckInOut</name>
<filename>__AlfrescoCheckInOut.exe</filename>
</action>
<action>
<class>org.alfresco.filesys.smb.server.repo.desk.JavaScriptDesktopAction</class>
<name>JavaScript</name>
<filename>__AlfrescoScript.exe</filename>
<script>alfresco/desktop/dumpRequest.js</script>
<attributes>anyFiles, multiplePaths , allowNoParams</attributes>
<preprocess>confirm, copyToTarget</preprocess>
</action>
<action>
<class>org.alfresco.filesys.smb.server.repo.desk.JavaScriptDesktopAction</class>
<name>JavaScriptURL</name>
<filename>__AlfrescoDetails.exe</filename>
<script>alfresco/desktop/showDetails.js</script>
<attributes>anyFiles</attributes>
<preprocess>copyToTarget</preprocess>
</action>
</desktopActions>
–>
<!–
<accessControl default="Write">
<user name="admin" access="Write"/>
<address subnet="90.1.0.0" mask="255.255.0.0" access="Write"/>
</accessControl>
–>
</filesystem>
<!– AVM virtualization view of all stores/versions for WCM –>
<avmfilesystem name="AVM">
<virtualView/>
</avmfilesystem>
</filesystems>
</config>
<config evaluator="string-compare" condition="Filesystem Security">
<authenticator type="alfresco">
</authenticator>
<!–
<globalAccessControl default="None">
<user name="admin" access="Write"/>
<address ip="90.1.0.90" access="Write"/>
</globalAccessControl>
<users>
<localuser name="user">
<password>user</password>
<comment>Normal user account</comment>
</localuser>
<localuser name="administrator">
<password>admin</password>
<administrator/>
<comment>Administrator account</comment>
</localuser>
</users>
–>
</config>
</alfresco-config>
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-02-2007 11:28 PM
I get the feeling that configuration doesn't work (its the same as mine). When I get some time during the day (when I get paid to look at this stuff), I'll post a link to how I think it is 'supposed' to be, although I could never get that working.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-04-2007 02:15 AM
Since I configured multiple domain servers to authenticate users, I think that's why my CIFS didn't work.
After I removed xxxdc2 in servers property, CIFS works fine.
ntlm-authentication-context.xml
We have multiple domains in my company, so I modified NTLMAuthenticationComponentImpl to
authenticate users. If user login Alfresco via browser, Alfresco will authenticate by invocation of authenticateLocal()
and it works fine for user from different domains. If user login Alfresco by windows file explorer,
Alfresco will authenticate user by authentePassthru(), but it failed to authenticate user.
I tried to open new sessions from PassthruServers and created new authentication token, but it's useless.
Anyway, I'm still investigating this issue. However, I just wonder if I'm doing simple thing by complex way.
It should be very common to have multiple domains in a company.
After I removed xxxdc2 in servers property, CIFS works fine.
ntlm-authentication-context.xml
…
<property name="servers">
<value>xxxdc1,xxxdc2</value>
</property>
….
We have multiple domains in my company, so I modified NTLMAuthenticationComponentImpl to
authenticate users. If user login Alfresco via browser, Alfresco will authenticate by invocation of authenticateLocal()
and it works fine for user from different domains. If user login Alfresco by windows file explorer,
Alfresco will authenticate user by authentePassthru(), but it failed to authenticate user.
I tried to open new sessions from PassthruServers and created new authentication token, but it's useless.
Anyway, I'm still investigating this issue. However, I just wonder if I'm doing simple thing by complex way.
It should be very common to have multiple domains in a company.
org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.java
public Authentication authenticate(Authentication auth) throws AuthenticationException
{
// DEBUG
if ( logger.isDebugEnabled())
logger.debug("Authenticate " + auth + " via token");
// Check if the token is for passthru authentication
if( auth instanceof NTLMPassthruToken)
{
// Access the NTLM passthru token
NTLMPassthruToken ntlmToken = (NTLMPassthruToken) auth;
// Authenticate using passthru
authenticatePassthru(ntlmToken);
}
// Check for a local authentication token
else if( auth instanceof NTLMLocalToken)
{
AuthenticateSession authSess = null;
// HTC Customization
for (int i=0; i<m_passthruServers.getOnlineServerCount(); i++) {
try {
// Access the NTLM token
NTLMLocalToken ntlmToken = (NTLMLocalToken) auth;
// Open a session to an authentication server
authSess = m_passthruServers.openSession(0, i);
if ( authSess == null)
throw new AuthenticationException("Failed to open session to passthru server");
// Authenticate using the credentials supplied`
try {
authenticateLocal(ntlmToken, authSess);
} catch(Exception e) {
if ( i==(m_passthruServers.getOnlineServerCount()-1) ) {
throw new AuthenticationException(e.getMessage());
}
}
if (ntlmToken.isAuthenticated()) {
break;
}
} finally {
// Make sure the authentication session is closed
if ( authSess != null) {
try {
authSess.CloseSession();
} catch ( Exception ex) {
}
}
}
}
// end of HTC Customization
}
else
{
// Unsupported authentication token
throw new AuthenticationException("Unsupported authentication token type");
}
// Return the updated authentication token
return getCurrentAuthentication();
}
private void authenticatePassthru(NTLMPassthruToken ntlmToken)
{
// Check if the token has an authentication session, if not then it is either a new token
// or the session has been timed out
AuthenticateSession authSess = m_passthruSessions.get(ntlmToken);
// HTC Customization
AuthenticateSession authSessOrg = m_passthruSessions.get(ntlmToken);
// End of HTC Customization
if ( authSess == null)
{
// Check if the token has a challenge, if it does then the associated session has been
// timed out
if ( ntlmToken.getChallenge() != null)
throw new CredentialsExpiredException("Authentication session expired");
// Open an authentication session for the new token and add to the active session list
authSess = m_passthruServers.openSession();
// Check if the session was opened to the passthru server
if ( authSess == null)
throw new AuthenticationServiceException("Failed to open passthru auth session");
ntlmToken.setAuthenticationExpireTime(System.currentTimeMillis() + getSessionTimeout());
// Get the challenge from the initial session negotiate stage
ntlmToken.setChallenge(new NTLMChallenge(authSess.getEncryptionKey()));
StringBuilder details = new StringBuilder();
// Build a details string with the authentication session details
details.append(authSess.getDomain());
details.append("\\");
details.append(authSess.getPCShare().getNodeName());
details.append(",");
details.append(authSess.getSession().getProtocolName());
ntlmToken.setDetails(details.toString());
// Put the token/session into the active session list
m_passthruSessions.put(ntlmToken, authSess);
// Debug
if ( logger.isDebugEnabled())
logger.debug("Passthru stage 1 token " + ntlmToken);
}
else
{
try
{
// Stage two of the authentication, send the hashed password to the authentication server
byte[] lmPwd = null;
byte[] ntlmPwd = null;
if ( ntlmToken.getPasswordType() == PasswordEncryptor.LANMAN)
lmPwd = ntlmToken.getHashedPassword();
else if ( ntlmToken.getPasswordType() == PasswordEncryptor.NTLM1)
ntlmPwd = ntlmToken.getHashedPassword();
String username = (String) ntlmToken.getPrincipal();
//authSess.doSessionSetup(username, lmPwd, ntlmPwd);
// HTC Customization
try {
// Alfresco original implementaion
authSess.doSessionSetup(username, lmPwd, ntlmPwd);
} catch (Exception exception) {
for (int i=0; i<m_passthruServers.getOnlineServerCount(); i++) {
// Open a session to an authentication server
// Make sure the authentication session is closed
if ( authSess != null) {
try {
authSess.CloseSession();
} catch ( Exception ex) {
}
}
authSess = m_passthruServers.openSession(0, i);
// Authenticate using the credentials supplied`
try {
authSess.setEncryptionKey(authSessOrg.getEncryptionKey());
// Send the logon request to the authentication server
//
// Note: Only use the stronger NTLM hash, we do not send the LM hash
ntlmToken.setAuthenticationExpireTime(System.currentTimeMillis() + getSessionTimeout());
// Get the challenge from the initial session negotiate stage
ntlmToken.setChallenge(new NTLMChallenge(authSess.getEncryptionKey()));
StringBuilder details = new StringBuilder();
// Build a details string with the authentication session details
details.append(authSess.getPCShare().getDomain());
details.append("\\");
details.append(authSess.getPCShare().getNodeName());
details.append(",");
details.append(authSess.getSession().getProtocolName());
ntlmToken.setDetails(details.toString());
m_passthruSessions.put(ntlmToken, authSess);
authSess.doSessionSetup(username, lmPwd, ntlmPwd);
} catch(Exception e) {
if ( i==(m_passthruServers.getOnlineServerCount()-1) ) {
throw e;
}
}
}
}
//End of HTC Customization
// Check if the session has logged on as a guest
if ( authSess.isGuest() || username.equalsIgnoreCase("GUEST"))
{
// If guest access is enabled add a guest authority to the token
if ( allowsGuest())
{
// Set the guest authority
GrantedAuthority[] authorities = new GrantedAuthority[1];
authorities[0] = new GrantedAuthorityImpl(NTLMAuthorityGuest);
ntlmToken.setAuthorities(authorities);
}
else
{
// Guest access not allowed
throw new BadCredentialsException("Guest logons disabled");
}
}
// Indicate that the token is authenticated
ntlmToken.setAuthenticated(true);
// Map the passthru username to an Alfresco person
NodeRef userNode = m_personService.getPerson(username);
if ( userNode != null)
{
// Get the person name and use that as the current user to line up with permission checks
String personName = (String) m_nodeService.getProperty(userNode, ContentModel.PROP_USERNAME);
setCurrentUser(personName);
// DEBUG
if ( logger.isDebugEnabled())
logger.debug("Setting current user using person " + personName + " (username " + username + ")");
}
else
{
// Set using the user name
setCurrentUser( username);
// DEBUG
if ( logger.isDebugEnabled())
logger.debug("Setting current user using username " + username);
}
}
catch (IOException ex)
{
// Error connecting to the authentication server
throw new AuthenticationServiceException("I/O error", ex);
}
catch (SMBException ex)
{
// Debug
if ( logger.isDebugEnabled())
logger.debug("Passthru exception, " + ex);
// Check the returned status code to determine why the logon failed and throw an appropriate exception
if ( ex.getErrorClass() == SMBStatus.NTErr)
{
AuthenticationException authEx = null;
switch( ex.getErrorCode())
{
case SMBStatus.NTLogonFailure:
authEx = new AuthenticationException("Logon failure");
break;
case SMBStatus.NTAccountDisabled:
authEx = new AuthenticationException("Account disabled");
break;
default:
authEx = new AuthenticationException("Logon failure");
break;
}
throw authEx;
}
else
throw new BadCredentialsException("Logon failure");
// HTC Customization
} catch (Exception e) {
throw new AuthenticationServiceException("Session Setup Exception", e);
}
// End of HTC Customization
finally
{
// Make sure the authentication session is closed
if ( authSess != null)
{
try
{
// Remove the session from the active list
m_passthruSessions.remove(ntlmToken);
// Close the session to the authentication server
authSess.CloseSession();
}
catch (Exception ex)
{
}
}
}
}
}
add the following methods in org.alfresco.filesys.server.auth.passthru.PassthruServers.java
protected PassthruServerDetails getAuthenticationServer(int serverIdx)
{
return ( (serverIdx<m_onlineList.size()) ? m_onlineList.get(serverIdx) : null);
}
public final AuthenticateSession openSession(int extFlags, int serverIdx)
{
// Get the details of an authentication server to connect to
PassthruServerDetails passthruServer = getAuthenticationServer(serverIdx);
if ( passthruServer == null)
return null;
// Debug
if ( logger.isDebugEnabled())
logger.debug("Open authenticate session to " + passthruServer);
// Open a new authentication session to the server
PCShare authShare = new PCShare(passthruServer.getAddress().getHostAddress(), "IPC$", "", "");
authShare.setExtendedSecurityFlags( extFlags);
AuthenticateSession authSess = null;
while ( authSess == null && passthruServer != null && hasOnlineServers()) {
try
{
// Open a session to the current authentication server
authSess = AuthSessionFactory.OpenAuthenticateSession( authShare, getConnectionTimeout());
// Update the passthru statistics
passthruServer.incrementAuthenticationCount();
}
catch ( Exception ex)
{
// Debug
if ( logger.isDebugEnabled())
logger.debug("Failed to connect to " + passthruServer + " : " + ex.getMessage());
// Failed to connect to the current authentication server, mark the server as offline
serverOffline(passthruServer);
}
// Check if we have a valid session
if ( authSess == null)
{
// Try another authentication server
passthruServer = getAuthenticationServer();
// Debug
if(logger.isDebugEnabled())
logger.debug("Trying authentication server " + passthruServer);
}
}
// Return the authentication session
return authSess;
}
// end of HTC Customization
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-04-2007 07:02 AM
Hi!
Per Andy's comment:
It looks like, currently, Alfresco cannot authenticate multiple domain users for CIFS. Could any Alfresco folks confirm this? We do need this feature in our Alfresco system.
BTW, there's an alternative to replace my customization in NTLMAuthenticationComponentImpl.java by chaining authentication.
Per Andy's comment:
http://forums.alfresco.com/viewtopic.php?t=4329
The chaining authentication does not handle CIFS and MD4 hashes at the moment. It could find the first implementation that supports MD4 and report that hash. CIFS only tries agaisnt one hash.
An LDAP implementation could provide the MD4 hash …. but do you want to make password hashes readable by anyone/guest from your LDAP server (as you have not authenticated when you need to go and get them - or you would need to use the default ldap username and credentials). It is possible to implement the appropriate methods on top of the LDAP auth impl if you want.
The only other alternative is to keep hashes after people log in (in memory or persisted). But this requires a good login to build the cache (CIFS access only is not allowed) and the potential for the hash to go out of sync.
Overall it is best if CIFS can validate a Kerberos ticket at the moment.
It could useMD4 hash (from plain text would be possible) + NTLM, Kerberos, NTLM passthrough.
It is possible we could support Kerberos against other kerberos servers but I do not know the details here.
Basically NTLM is a bit of a pain.
It looks like, currently, Alfresco cannot authenticate multiple domain users for CIFS. Could any Alfresco folks confirm this? We do need this feature in our Alfresco system.
BTW, there's an alternative to replace my customization in NTLMAuthenticationComponentImpl.java by chaining authentication.
{tomat-home}/shared/classes/alfresco/extension/chaining-authentication-context.xml
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
<!– Chaining –>
<bean id="authenticationService" class="org.alfresco.repo.security.authentication.ChainingAuthenticationServiceImpl">
<property name="authenticationServices">
<list>
<ref bean="authenticationServiceImplNTLM"/>
<ref bean="authenticationServiceImplNTLM2"/>
</list>
</property>
</bean>
<bean id="authenticationServiceImplNTLM" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
<property name="authenticationDao">
<ref bean="authenticationDaoNTLM"/>
</property>
<property name="ticketComponent">
<ref bean="ticketComponent"/>
</property>
<property name="authenticationComponent">
<ref bean="authenticationComponent"/>
</property>
</bean>
<bean id="authenticationDaoNTLM" class="org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticationDao" />
<!– The authentication component. –>
<!– Use the passthru authentication component to authenticate using –>
<!– user accounts on one or more Windows servers. –>
<!– Properties that specify the server(s) to use for passthru –>
<!– authentication :- –>
<!– useLocalServer use the local server for authentication –>
<!– domain use domain controllers from the specified domain–>
<!– servers comma delimted list of server addresses or –>
<!– names –>
<bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl">
<property name="servers">
<value>xxxdc1</value>
</property>
<property name="useLocalServer">
<value>false</value>
</property>
<property name="personService">
<ref bean="personService" />
</property>
<property name="nodeService">
<ref bean="nodeService" />
</property>
<property name="guestAccess">
<value>false</value>
</property>
</bean>
<bean id="authenticationServiceImplNTLM2" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
<property name="authenticationDao">
<ref bean="authenticationDaoNTLM2"/>
</property>
<property name="ticketComponent">
<ref bean="ticketComponent"/>
</property>
<property name="authenticationComponent">
<ref bean="authenticationComponent2"/>
</property>
</bean>
<bean id="authenticationDaoNTLM2" class="org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticationDao" />
<!– The authentication component. –>
<!– Use the passthru authentication component to authenticate using –>
<!– user accounts on one or more Windows servers. –>
<!– Properties that specify the server(s) to use for passthru –>
<!– authentication :- –>
<!– useLocalServer use the local server for authentication –>
<!– domain use domain controllers from the specified domain–>
<!– servers comma delimted list of server addresses or –>
<!– names –>
<bean id="authenticationComponent2" class="org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl">
<property name="servers">
<value>xxxdc2</value>
</property>
<property name="useLocalServer">
<value>false</value>
</property>
<property name="personService">
<ref bean="personService" />
</property>
<property name="nodeService">
<ref bean="nodeService" />
</property>
<property name="guestAccess">
<value>false</value>
</property>
</bean>
</beans>
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-16-2007 04:18 AM
Hi
NTLM authentication on its ownw supports multiple domains.
Chaining authentication does not support NTLM. It could support using the first NTLM instance in the chain: it could not try more than one as far as I undrestand it.
Andy
NTLM authentication on its ownw supports multiple domains.
Chaining authentication does not support NTLM. It could support using the first NTLM instance in the chain: it could not try more than one as far as I undrestand it.
Andy
Related Content
- Alfresco Developer Resources in Alfresco Blog
- Feedback - Could not refresh JMS Connection fo r destination 'acs-repo-transform-request' in Alfresco Forum
- Getting "Node does not exist" when creating new version via CMIS concurrently. in Alfresco Forum
- [community edition] Solr doesn't start after migration from 7.3.0 to 23.4.1 in Alfresco Forum
- Cannot find Alfresco Repository on this server in Alfresco Forum
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
