Hyland Connect

[root@vslnamdev004 ~]# mount -t cifs \\\\127.0.0.1\\alfresco /mnt/Isis -o port=1445,uid=root,gid=root,username=admin,file_mode=0644,dir_mode=0755
Password:
mount error 111 = Connection refused
Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)
[root@vslnamdev004 ~]#

Running SMB/CIFS from a normal user account
On Unix-like systems such as linux, Solaris, Mac OS X, the default Alfresco setup must be run using the root user account so that the CIFS server can bind to the privileged ports (TCP 139/445 UDP 137/138). The CIFS server can be configured to run using non-privileged ports and then use firewall rules to forward requests from the privileged ports to the non-privileged ports.

To configure the CIFS server to use non-privileged ports use the following in the file-servers.xml or file-servers-custom.xml configuration files :-

     <tcpipSMB port="1445" platforms="linux,solaris,macosx"/>
     <netBIOSSMB sessionPort="1139" namePort="1137" datagramPort="1138" platforms="linux,solaris,macosx"/>
Other port numbers can be used but must be above 1024 to be in the non-privileged range.

The firewall rules should then be setup to forward requests on TCP ports 139/445 to TCP 1139/1445 and UDP ports 137/138 to UDP 1137/1138.

Les règles iptables sont bien configurées

# Generated by iptables-save v1.3.5 on Mon May  3 09:43:19 2010
*filter
:INPUT ACCEPT [863696:204953621]
:FORWARD ACCEPT [0:0]
UTPUT ACCEPT [718999:156637037]
COMMIT
# Completed on Mon May  3 09:43:19 2010
# Generated by iptables-save v1.3.5 on Mon May  3 09:43:19 2010
*nat
REROUTING ACCEPT [25912:4556568]
OSTROUTING ACCEPT [6429:394675]
UTPUT ACCEPT [6425:394435]
-A PREROUTING -p tcp -m tcp –dport 445 -j REDIRECT –to-ports 1445
-A PREROUTING -p tcp -m tcp –dport 139 -j REDIRECT –to-ports 1139
-A PREROUTING -p udp -m udp –dport 137 -j REDIRECT –to-ports 1137
-A PREROUTING -p udp -m udp –dport 138 -j REDIRECT –to-ports 1138
-A PREROUTING -p tcp -m tcp –dport 445 -j REDIRECT –to-ports 1445
-A PREROUTING -p tcp -m tcp –dport 139 -j REDIRECT –to-ports 1139
-A PREROUTING -p tcp -m tcp –dport 137 -j REDIRECT –to-ports 1137
-A PREROUTING -p tcp -m tcp –dport 138 -j REDIRECT –to-ports 1138
-A PREROUTING -p tcp -m tcp –dport 80 -j REDIRECT –to-ports 8080
-A PREROUTING -p tcp -m tcp –dport 21 -j REDIRECT –to-ports 1024
-A OUTPUT -d 127.0.0.1 -p tcp -m tcp –dport 445 -j REDIRECT –to-ports 1445
-A OUTPUT -d 127.0.0.1 -p tcp -m tcp –dport 139 -j REDIRECT –to-ports 1139
-A OUTPUT -d 127.0.0.1 -p tcp -m tcp –dport 137 -j REDIRECT –to-ports 1137
-A OUTPUT -d 127.0.0.1 -p tcp -m tcp –dport 138 -j REDIRECT –to-ports 1138
COMMIT
# Completed on Mon May  3 09:43:19 2010

#!/bin/bash

#for outside connections
iptables -t nat -A PREROUTING -p tcp –dport 445 -j REDIRECT –to-ports 1445
iptables -t nat -A PREROUTING -p tcp –dport 139 -j REDIRECT –to-ports 1139
iptables -t nat -A PREROUTING -p udp –dport 138 -j REDIRECT –to-ports 1138
iptables -t nat -A PREROUTING -p udp –dport 137 -j REDIRECT –to-ports 1137

#for local connections (do not go through prerouting)
iptables -t nat -A OUTPUT -p tcp –dport 445 -j REDIRECT –to-ports 1445
iptables -t nat -A OUTPUT -p tcp –dport 139 -j REDIRECT –to-ports 1139
iptables -t nat -A OUTPUT -p udp –dport 138 -j REDIRECT –to-ports 1138
iptables -t nat -A OUTPUT -p udp –dport 137 -j REDIRECT –to-ports 1137

service iptables save
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍