Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Kerboros, LDAP, lost primordial admin account access

deisenlord
Champ in-the-making
Champ in-the-making

‎12-23-2013 01:00 PM

I've updated to 4.2.e and it has fixed the Kerberos SSO problems which is working fine now.  However I've lost access to the built-in "admin" user.
I don't get a peep in the alfresco or share logs but this shows up in the catalina.out log.    My authentication chain is now limited to kerberos and ldap, am I require to include something else for the built in account?   I'm able to work around the problem by using a kerberos key which specifies admin users but would like to resolve this.   I'm positive that I know the password,  the alfresco_user_store.adminpassword key has the same value as my old 4.2d install so I would assume this verifies I do know the password. 

Any ideas on what could be wrong.
<code>
Dec 23, 2013 11:44:13 AM org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet [wcapiServlet] in context with path [/alfresco] threw exception
java.lang.IllegalStateException: Cannot create a session after the response has been committed
        at org.apache.catalina.connector.Request.doGetSession(Request.java:2886)
        at org.apache.catalina.connector.Request.getSession(Request.java:2316)
        at org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.java:898)
        at org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.java:910)
        at org.alfresco.web.app.servlet.AuthenticationHelper.setupThread(AuthenticationHelper.java:116)
        at org.alfresco.web.app.servlet.WebscriptCookieAuthenticationFilter.doFilter(WebscriptCookieAuthenticationFilter.java:56)
        at sun.reflect.GeneratedMethodAccessor454.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)
        at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:125)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
        at com.sun.proxy.$Proxy297.doFilter(Unknown Source)
        at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:82)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
        at org.alfresco.web.app.servlet.GlobalLocalizationFilter.doFilter(GlobalLocalizationFilter.java:61)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
        at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
        at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023)
        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
        at org.apache.tomcat.util.net.AprEndpoint$SocketWithOptionsProcessor.run(AprEndpoint.java:1810)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:724)
<code>
Labels:
0 Kudos
2 REPLIES 2

deisenlord
Champ in-the-making
Champ in-the-making

‎12-23-2013 02:22 PM

Simply adding AlfrescoNtlm back into my chain at the end resolved my problem.  I assume this is by design?
0 Kudos

scouil
Star Contributor
Star Contributor

‎01-02-2014 09:20 AM

Hi,

Sorry to only drop by after your problem have already been solved.
And yes, you guessed right, it's by design.
AlfrescoNTLM is to handle some users locally in Alfresco. And the built-in admin user is one of them.
So if you take NTLM out of your chain, it will try to authenticate the "admin" user in your other systems but will never fallback to NTLM where the built-in admin user is stored.
0 Kudos
Related Content
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC