Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Enterprise Platforms
- Alfresco
- Alfresco Archive
- JLan Config Question
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
JLan Config Question
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-20-2011 03:37 PM
Hi
I have recently been looking into using JLan to present a custom virtual file system. It has been very successful so far and I would like to highlight that I have been extremely impressed with the JLan server, there does not seem to be anything quite like it on the market, so thank you (esp to Gary).
The problem I am having is enabling SSO authentication for the end user of the JLan share in a windows domain environment. It may be that I have a simple misunderstanding.
Config file:
Unsuccessful session log:
Successful session log
Thank you for looking at this, I hope you can point me to somewhere in the config I'm being stupid! I have been bashing away at this for some time and could really use a helping hand.
Thanks,
Pete
I have recently been looking into using JLan to present a custom virtual file system. It has been very successful so far and I would like to highlight that I have been extremely impressed with the JLan server, there does not seem to be anything quite like it on the market, so thank you (esp to Gary).
The problem I am having is enabling SSO authentication for the end user of the JLan share in a windows domain environment. It may be that I have a simple misunderstanding.
- I have successfully followed the steps to use the EnterpriseCifsAuthenticator, and set up kerberos tokens etc.
- The server starts up successfully, which I believe validates much of the EnterpriseCifsAuthenticator and kerberos config.
- The problem I have is when i then connect to the share with a logged in windows user 'mydomain\myuser'. The access is denied and the log file says 'myuser does not exist'.
- However if I enter the 'myuser' and 'mypassword' details into the jlan server's <user> config section everthing works fine
Config file:
<?xml version="1.0" standalone="no"?>
<!– <!DOCTYPE jlanserver SYSTEM "jlanserver.dtd"> –>
<jlanserver>
<servers>
<SMB/>
<noFTP/>
<noNFS/>
</servers>
<SMB>
<host name="myhost" domain="DOMAIN">
<broadcast>192.168.1.1</broadcast>
<smbdialects>LanMan,NT</smbdialects>
<comment>Alfresco JLAN Server</comment>
<Win32NetBIOS/>
<Win32Announce interval="5"/>
<tcpipSMB platforms="windows"/>
</host>
<sessionDebug flags="Negotiate,Socket,Tree"/>
<authenticator type="enterprise">
<class>org.alfresco.jlan.server.auth.EnterpriseCifsAuthenticator</class>
<mode>USER</mode>
<Debug/>
<KDC>dc1.domain.net</KDC>
<Realm>DOMAIN.NET</Realm>
<Password>apassword</Password>
<Principal>cifs/myhost.domain.net</Principal>
<kerberosDebug/>
<allowGuest />
</authenticator>
</SMB>
<debug>
<output>
<class>org.alfresco.jlan.debug.ConsoleDebug</class>
<logFile>jlansrv.log</logFile>
<append/>
</output>
</debug>
<shares>
<diskshare name="JLAN" comment="Test share">
<driver>
<class>dom.vfs.VfsDriver</class>
<LocalPath>C:\VfsDataFiles</LocalPath>
</driver>
</diskshare>
</shares>
<security>
<JCEProvider>cryptix.jce.provider.CryptixCrypto</JCEProvider>
<authenticator type="enterprise">
<class>org.alfresco.jlan.server.auth.EnterpriseCifsAuthenticator</class>
<mode>USER</mode>
<Debug/>
<KDC>dc1.domain.net</KDC>
<Realm>DOMAIN.NET</Realm>
<Password>apassword</Password>
<Principal>cifs/myhost.domain.net</Principal>
<kerberosDebug/>
<allowGuest />
</authenticator>
<!– Everything works for 'myuser' if I uncomment this section –>
<!–users>
<user name="myuser">
<password>mypass</password>
</user>
</users–>
</security>
</jlanserver>
Unsuccessful session log:
c:\build\Vfs>java -Dsun.security.krb5.debug=true -cp dom.vfs.core\bin;.\dom.vfs.core\lib\alfresco-jlan.jar;.\dom.vfs.core\lib\cryptix-jce-provider.jar org.alfresco.jlan.app.JLANServer jlanConfig.xml
Using older Netbios() API code, Winsock NetBIOS not available on x64
[SMB] Using principal - cifs/myhost.domain.net@DOMAIN.NET
Config name: C:\Windows\krb5.ini
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
>>> KrbAsReq calling createMessage
>>> KrbAsReq in createMessage
>>> KrbKdcReq send: kdc=dc1.domain.net UDP:88, timeout=30000, number of retries =3, #bytes=167
>>> KDCCommunication: kdc=dc1.domain.net UDP:88, timeout=30000,Attempt =1, #bytes=167
>>> KrbKdcReq send: #bytes read=597
>>> KrbKdcReq send: #bytes read=597
>>> KdcAccessibility: remove dc1.domain.net
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>> KrbAsRep cons in KrbAsReq.getReply cifs/myhost.domain.net
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
[SMB] Enabling mechTypes :-
Kerberos5
MS-Kerberos5
NTLMSSP
Starting server CIFS …
[SMB] CIFS Server MYHOST starting
[SMB] Version 6.0.0, Java VM 20.1-b02, OS Windows Server 2008, version 6.0
[SMB] Using authenticator org.alfresco.jlan.server.auth.EnterpriseCifsAuthenticator, mode=USER
[SMB] Server timezone offset = 0hrs
[SMB] Dialects enabled = [DOS LANMAN 1.0,LANMAN1.0,DOS LANMAN 2.1,LM1.2X002,LANMAN2.1,NT LM 0.12]
[SMB] Shares:
[SMB] [JLAN,DISK,,[C:\VfsDataFiles]] [C:\VfsDataFiles]
[SMB] Added NTServer flag to host announcement
[SMB] Binding TCP-SMB session handler to address : ALL
[SMB] Native SMB TCP session handler created
[SMB] Win32 NetBIOS Available LANAs: 6
[SMB] Win32 NetBIOS server MYHOST (using Netbios() API)
[SMB] Win32 NetBIOS failed to create session handler for LANA 6
Win32 NetBIOS AddName failed (workstation), status = 0xd, Duplicate name
[SMB] Win32 NetBIOS host announcer enabled on LANA 6
[SMB] Win32 NetBIOS register listener for LANA 6
[SMB] Created session handler thread CIFSSessHandler_TCP-SMB
[SMB] Waiting for session request …
[SMB] Started host announcer Win32HostAnnouncer_L6
[SMB] Session request received from 192.168.1.10
[SMB] Waiting for session request …
[T0] Server session started
[T0] Negotiated SMB dialect - NT LM 0.12
[T0] Assigned protocol handler - org.alfresco.jlan.smb.server.NTProtocolHandler
[SMB] NT Session setup SPNEGO, MID=33672, UID=0, PID=65279
[SMB] Two stage logon (SPNEGO)
[SMB] NT Session setup SPNEGO, MID=33680, UID=65535, PID=65279
[SMB] User does not exist, Myuser
[SMB] NT Session setup SPNEGO, MID=33688, UID=0, PID=65279
[SMB] Two stage logon (SPNEGO)
[SMB] NT Session setup SPNEGO, MID=33696, UID=65535, PID=65279
[SMB] User does not exist, Myuser
Successful session log
Using older Netbios() API code, Winsock NetBIOS not available on x64
[SMB] Using principal - cifs/myhost.domain.net@DOMAIN.NET
Config name: C:\Windows\krb5.ini
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
>>> KrbAsReq calling createMessage
>>> KrbAsReq in createMessage
>>> KrbKdcReq send: kdc=dc1.domain.net UDP:88, timeout=30000, number of retries =3, #bytes=167
>>> KDCCommunication: kdc=dc1.domain.net UDP:88, timeout=30000,Attempt =1, #bytes=167
>>> KrbKdcReq send: #bytes read=597
>>> KrbKdcReq send: #bytes read=597
>>> KdcAccessibility: remove dc1.domain.net
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>> KrbAsRep cons in KrbAsReq.getReply cifs/myhost.domain.net
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
[SMB] Enabling mechTypes :-
Kerberos5
MS-Kerberos5
NTLMSSP
Starting server CIFS …
[SMB] CIFS Server MYHOST starting
[SMB] Version 6.0.0, Java VM 20.1-b02, OS Windows Server 2008, version 6.0
[SMB] Using authenticator org.alfresco.jlan.server.auth.EnterpriseCifsAuthenticator, mode=USER
[SMB] Server timezone offset = 0hrs
[SMB] Dialects enabled = [DOS LANMAN 1.0,LANMAN1.0,DOS LANMAN 2.1,LM1.2X002,LANMAN2.1,NT LM 0.12]
[SMB] Shares:
[SMB] [JLAN,DISK,,[C:\VfsDataFiles]] [C:\VfsDataFiles]
[SMB] Added NTServer flag to host announcement
[SMB] Binding TCP-SMB session handler to address : ALL
[SMB] Native SMB TCP session handler created
[SMB] Win32 NetBIOS Available LANAs: 6
[SMB] Win32 NetBIOS server MYHOST (using Netbios() API)
[SMB] Win32 NetBIOS failed to create session handler for LANA 6
Win32 NetBIOS AddName failed (workstation), status = 0xd, Duplicate name
[SMB] Win32 NetBIOS host announcer enabled on LANA 6
[SMB] Win32 NetBIOS register listener for LANA 6
[SMB] Created session handler thread CIFSSessHandler_TCP-SMB
[SMB] Waiting for session request …
[SMB] Started host announcer Win32HostAnnouncer_L6
[SMB] Session request received from 192.168.1.10
[SMB] Waiting for session request …
[T0] Server session started
[T0] Negotiated SMB dialect - NT LM 0.12
[T0] Assigned protocol handler - org.alfresco.jlan.smb.server.NTProtocolHandler
[SMB] NT Session setup SPNEGO, MID=31592, UID=0, PID=65279
[SMB] Two stage logon (SPNEGO)
[SMB] NT Session setup SPNEGO, MID=31600, UID=65535, PID=65279
[SMB] Logged on using NTLMSSP/NTLMv2SessKey
[SMB] Two stage logon (SPNEGO)
[SMB] Allocated UID=1 for VC=[0:1,[Myuser:null,,,192.168.1.10,Normal],Tree=0,Searches=0]
[T0] NT Tree Connect AndX - \\MYHOST.DOMAIN.NET\IPC$, ?????, flags=ExtResponse/0x8
[T0] Tree Connect AndX - Allocated Tree Id = 1, Permission = Writeable, extendedResponse=true
[T0] NT Tree Connect AndX - \\MYHOST.DOMAIN.NET\JLAN, ?????, flags=ExtResponse/0x8
[T0] Tree Connect AndX - Allocated Tree Id = 2, Permission = Writeable, extendedResponse=true
Thank you for looking at this, I hope you can point me to somewhere in the config I'm being stupid! I have been bashing away at this for some time and could really use a helping hand.
Thanks,
Pete
Labels:
- Labels:
-
Archive
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-19-2011 12:15 PM
I have now successfully solved the issue. I discovered the following relevant points.
Pete
- The Kerberos authentication was failing because I had followed the PDF documentation that came with JLAN specifying that the service should use DES for the kerberos encryption. I found the following info indicating that HMAC can (should) be used for Java versions > 1.5 ( https://wiki.alfresco.com/wiki/File_Server_Subsystem ) after fixing this kerberos worked successfully
- The authentication was falling back to NTLM when kerberos failed, however JLAN's NTLM connector does not seem to integrate with active directory, but just uses the jlan config files to determines usersnames and passwords. So this was not expected to work.
Pete
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-15-2012 08:15 AM
Hi
I have recently been looking into using JLan to present a custom virtual file system. It has been very successful so far and I would like to highlight that I have been extremely impressed with the JLan server, there does not seem to be anything quite like it on the market, so thank you (esp to Gary).
The problem I am having is enabling SSO authentication for the end user of the JLan share in a windows domain environment. It may be that I have a simple misunderstanding.I have included my simple full config file below, as well as the logging for the unsuccessful and successful sessions
- I have successfully followed the steps to use the EnterpriseCifsAuthenticator, and set up kerberos tokens etc.
- The server starts up successfully, which I believe validates much of the EnterpriseCifsAuthenticator and kerberos config.
- The problem I have is when i then connect to the share with a logged in windows user 'mydomain\myuser'. The access is denied and the log file says 'myuser does not exist'.
- However if I enter the 'myuser' and 'mypassword' details into the jlan server's <user> config section everthing works fine
Config file:
<?xml version="1.0" standalone="no"?>
<!– <!DOCTYPE jlanserver SYSTEM "jlanserver.dtd"> –>
<jlanserver>
<servers>
<SMB/>
<noFTP/>
<noNFS/>
</servers>
<SMB>
<host name="myhost" domain="DOMAIN">
<broadcast>192.168.1.1</broadcast>
<smbdialects>LanMan,NT</smbdialects>
<comment>Alfresco JLAN Server</comment>
<Win32NetBIOS/>
<Win32Announce interval="5"/>
<tcpipSMB platforms="windows"/>
</host>
<sessionDebug flags="Negotiate,Socket,Tree"/>
<authenticator type="enterprise">
<class>org.alfresco.jlan.server.auth.EnterpriseCifsAuthenticator</class>
<mode>USER</mode>
<Debug/>
<KDC>dc1.domain.net</KDC>
<Realm>DOMAIN.NET</Realm>
<Password>apassword</Password>
<Principal>cifs/myhost.domain.net</Principal>
<kerberosDebug/>
<allowGuest />
</authenticator>
</SMB>
<debug>
<output>
<class>org.alfresco.jlan.debug.ConsoleDebug</class>
<logFile>jlansrv.log</logFile>
<append/>
</output>
</debug>
<shares>
<diskshare name="JLAN" comment="Test share">
<driver>
<class>dom.vfs.VfsDriver</class>
<LocalPath>C:\VfsDataFiles</LocalPath>
</driver>
</diskshare>
</shares>
<security>
<JCEProvider>cryptix.jce.provider.CryptixCrypto</JCEProvider>
<authenticator type="enterprise">
<class>org.alfresco.jlan.server.auth.EnterpriseCifsAuthenticator</class>
<mode>USER</mode>
<Debug/>
<KDC>dc1.domain.net</KDC>
<Realm>DOMAIN.NET</Realm>
<Password>apassword</Password>
<Principal>cifs/myhost.domain.net</Principal>
<kerberosDebug/>
<allowGuest />
</authenticator>
<!– Everything works for 'myuser' if I uncomment this section –>
<!–users>
<user name="myuser">
<password>mypass</password>
</user>
</users–>
</security>
</jlanserver>
Unsuccessful session log:
c:\build\Vfs>java -Dsun.security.krb5.debug=true -cp dom.vfs.core\bin;.\dom.vfs.core\lib\alfresco-jlan.jar;.\dom.vfs.core\lib\cryptix-jce-provider.jar org.alfresco.jlan.app.JLANServer jlanConfig.xml
Using older Netbios() API code, Winsock NetBIOS not available on x64
[SMB] Using principal - cifs/myhost.domain.net@DOMAIN.NET
Config name: C:\Windows\krb5.ini
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
>>> KrbAsReq calling createMessage
>>> KrbAsReq in createMessage
>>> KrbKdcReq send: kdc=dc1.domain.net UDP:88, timeout=30000, number of retries =3, #bytes=167
>>> KDCCommunication: kdc=dc1.domain.net UDP:88, timeout=30000,Attempt =1, #bytes=167
>>> KrbKdcReq send: #bytes read=597
>>> KrbKdcReq send: #bytes read=597
>>> KdcAccessibility: remove dc1.domain.net
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>> KrbAsRep cons in KrbAsReq.getReply cifs/myhost.domain.net
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
[SMB] Enabling mechTypes :-
Kerberos5
MS-Kerberos5
NTLMSSP
Starting server CIFS …
[SMB] CIFS Server MYHOST starting
[SMB] Version 6.0.0, Java VM 20.1-b02, OS Windows Server 2008, version 6.0
[SMB] Using authenticator org.alfresco.jlan.server.auth.EnterpriseCifsAuthenticator, mode=USER
[SMB] Server timezone offset = 0hrs
[SMB] Dialects enabled = [DOS LANMAN 1.0,LANMAN1.0,DOS LANMAN 2.1,LM1.2X002,LANMAN2.1,NT LM 0.12]
[SMB] Shares:
[SMB] [JLAN,DISK,,[C:\VfsDataFiles]] [C:\VfsDataFiles]
[SMB] Added NTServer flag to host announcement
[SMB] Binding TCP-SMB session handler to address : ALL
[SMB] Native SMB TCP session handler created
[SMB] Win32 NetBIOS Available LANAs: 6
[SMB] Win32 NetBIOS server MYHOST (using Netbios() API)
[SMB] Win32 NetBIOS failed to create session handler for LANA 6
Win32 NetBIOS AddName failed (workstation), status = 0xd, Duplicate name
[SMB] Win32 NetBIOS host announcer enabled on LANA 6
[SMB] Win32 NetBIOS register listener for LANA 6
[SMB] Created session handler thread CIFSSessHandler_TCP-SMB
[SMB] Waiting for session request …
[SMB] Started host announcer Win32HostAnnouncer_L6
[SMB] Session request received from 192.168.1.10
[SMB] Waiting for session request …
[T0] Server session started
[T0] Negotiated SMB dialect - NT LM 0.12
[T0] Assigned protocol handler - org.alfresco.jlan.smb.server.NTProtocolHandler
[SMB] NT Session setup SPNEGO, MID=33672, UID=0, PID=65279
[SMB] Two stage logon (SPNEGO)
[SMB] NT Session setup SPNEGO, MID=33680, UID=65535, PID=65279
[SMB] User does not exist, Myuser
[SMB] NT Session setup SPNEGO, MID=33688, UID=0, PID=65279
[SMB] Two stage logon (SPNEGO)
[SMB] NT Session setup SPNEGO, MID=33696, UID=65535, PID=65279
[SMB] User does not exist, Myuser
Successful session log
Using older Netbios() API code, Winsock NetBIOS not available on x64
[SMB] Using principal - cifs/myhost.domain.net@DOMAIN.NET
Config name: C:\Windows\krb5.ini
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
>>> KrbAsReq calling createMessage
>>> KrbAsReq in createMessage
>>> KrbKdcReq send: kdc=dc1.domain.net UDP:88, timeout=30000, number of retries =3, #bytes=167
>>> KDCCommunication: kdc=dc1.domain.net UDP:88, timeout=30000,Attempt =1, #bytes=167
>>> KrbKdcReq send: #bytes read=597
>>> KrbKdcReq send: #bytes read=597
>>> KdcAccessibility: remove dc1.domain.net
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>> KrbAsRep cons in KrbAsReq.getReply cifs/myhost.domain.net
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
[SMB] Enabling mechTypes :-
Kerberos5
MS-Kerberos5
NTLMSSP
Starting server CIFS …
[SMB] CIFS Server MYHOST starting
[SMB] Version 6.0.0, Java VM 20.1-b02, OS Windows Server 2008, version 6.0
[SMB] Using authenticator org.alfresco.jlan.server.auth.EnterpriseCifsAuthenticator, mode=USER
[SMB] Server timezone offset = 0hrs
[SMB] Dialects enabled = [DOS LANMAN 1.0,LANMAN1.0,DOS LANMAN 2.1,LM1.2X002,LANMAN2.1,NT LM 0.12]
[SMB] Shares:
[SMB] [JLAN,DISK,,[C:\VfsDataFiles]] [C:\VfsDataFiles]
[SMB] Added NTServer flag to host announcement
[SMB] Binding TCP-SMB session handler to address : ALL
[SMB] Native SMB TCP session handler created
[SMB] Win32 NetBIOS Available LANAs: 6
[SMB] Win32 NetBIOS server MYHOST (using Netbios() API)
[SMB] Win32 NetBIOS failed to create session handler for LANA 6
Win32 NetBIOS AddName failed (workstation), status = 0xd, Duplicate name
[SMB] Win32 NetBIOS host announcer enabled on LANA 6
[SMB] Win32 NetBIOS register listener for LANA 6
[SMB] Created session handler thread CIFSSessHandler_TCP-SMB
[SMB] Waiting for session request …
[SMB] Started host announcer Win32HostAnnouncer_L6
[SMB] Session request received from 192.168.1.10
[SMB] Waiting for session request …
[T0] Server session started
[T0] Negotiated SMB dialect - NT LM 0.12
[T0] Assigned protocol handler - org.alfresco.jlan.smb.server.NTProtocolHandler
[SMB] NT Session setup SPNEGO, MID=31592, UID=0, PID=65279
[SMB] Two stage logon (SPNEGO)
[SMB] NT Session setup SPNEGO, MID=31600, UID=65535, PID=65279
[SMB] Logged on using NTLMSSP/NTLMv2SessKey
[SMB] Two stage logon (SPNEGO)
[SMB] Allocated UID=1 for VC=[0:1,[Myuser:null,,,192.168.1.10,Normal],Tree=0,Searches=0]
[T0] NT Tree Connect AndX - \\MYHOST.DOMAIN.NET\IPC$, ?????, flags=ExtResponse/0x8
[T0] Tree Connect AndX - Allocated Tree Id = 1, Permission = Writeable, extendedResponse=true
[T0] NT Tree Connect AndX - \\MYHOST.DOMAIN.NET\JLAN, ?????, flags=ExtResponse/0x8
[T0] Tree Connect AndX - Allocated Tree Id = 2, Permission = Writeable, extendedResponse=true
Thank you for looking at this, I hope you can point me to somewhere in the config I'm being stupid! I have been bashing away at this for some time and could really use a helping hand.
Thanks,
Pete
Hi,
i am trying to run JLAN with the configuration file you provided but i get "unable to locate a login configuration" error. how could you get over this error?
thanks
Related Content
- EFS vs FSx storage options in Alfresco Forum
- For Alfresco Services Hosted in Docker Container - Use -Xmx vs - XX:MaxRAMPercentage ? in Alfresco Forum
- Best approach to configure/edit share-config.xml file deployed using helm in Alfresco Forum
- Document is not the latest version in Alfresco Forum
- How to add my own "delete site" dialog confirm on the site configuration options of alfresco share in Alfresco Forum
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
