Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Ldap and Cifs

janvg
Champ in-the-making
Champ in-the-making

‎11-28-2006 03:37 AM

Is it true that if we enable LDAP authentication and synchronisation on 1.4  CIFS will not work ? Or are we missing something in the setup ?
Labels:
0 Kudos
3 REPLIES 3

andy
Champ on-the-rise
Champ on-the-rise

‎12-01-2006 08:17 AM

Hi

Yes and No.

CIFS can try and use the authentication component wired up in Alfresco.
The LDAP version can not support CIFS - it would have to be able to get hold of the MD4 hash for the password.

CIFS can go direct to Active Directory to validate kerberos tickets So CIFS and LDAP can work together with Active Directory.

Regards

Andy
0 Kudos

rdanner
Champ in-the-making
Champ in-the-making

‎12-17-2006 07:48 PM

Hi

Yes and No.

CIFS can try and use the authentication component wired up in Alfresco.
The LDAP version can not support CIFS - it would have to be able to get hold of the MD4 hash for the password.

CIFS can go direct to Active Directory to validate kerberos tickets So CIFS and LDAP can work together with Active Directory.

Regards

Andy

Andy can you use chaining/referal to solve for something like this? where Alfresco goes to a single LDAP and that LDAP goes after that value pair from AD?

OR can the CIFS implementation use a combo of authentication solutions IE go to AD first, if it cant find the DN there look to the second source?

Lastly if the MD4 has was in the LDAP server would there be an issue?  I think a product like centrify may be able to push the hashed password out to the LDAP

any of the above would work for me but I dont have any idea if any of them are possible.
0 Kudos

andy
Champ on-the-rise
Champ on-the-rise

‎12-22-2006 11:34 AM

Hi

The chaining authentication does not handle CIFS and MD4 hashes at the moment. It could find the first implementation that supports MD4 and report that hash. CIFS only tries agaisnt one hash.

An LDAP implementation could provide the MD4 hash …. but do you want to make password hashes readable by anyone/guest from your LDAP server (as you have not authenticated when you need to go and get them - or you would need to use the default ldap username and credentials). It is possible to implement the appropriate  methods on top of the LDAP auth  impl if you want.

The only other alternative is to keep hashes after people log in (in memory or persisted). But this requires a good login to build the cache (CIFS access only is not allowed) and the potential for the hash to go out of sync.

Overall it is best if CIFS can validate a Kerberos ticket at the moment.
It could useMD4 hash (from plain text would be possible) + NTLM, Kerberos, NTLM passthrough.

It is possible we could support Kerberos against other kerberos servers but I do not know the details here.

Basically NTLM is a bit of a pain.

Regards

Andy
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC