Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

NTLM and CIFS configuration

stastsarevsky
Champ in-the-making
Champ in-the-making

‎07-27-2007 07:03 AM

Hi,

i'm fully confused with configuring ntlm authentication and CIFS. Version of Alfresco is 2.1 Community Edition on Windows 2003 server/Tomcat. So far I tried 2 ways:

1) Configuring NTLM for webaccess. As described in "Configuring NTLM" in Wiki. Work perfectly fine. I was able access http://servername:8080/alfresco with domain user. IE automatically log me in. For cifs i've tried to follow "Configuring the CIFS server for Kerberos/Active Directory integration" but i can't access my server. I don't have any exceptions in tomcat log. I have successfull logon in security event viewer both on computer alfresco installed and on domain controller. But still when i'm trying to access servername_a it shows login dialog and said login failed.


2) Tried to configure jaas authentication for CIFS. At the end i'm getting same results as in previous example.

My question is what exactly need to be configured if i'm using NTLM authentication for web access and like to use AD users to access CIFS.
Labels:
0 Kudos
49 REPLIES 49

mindthegab
Champ in-the-making
Champ in-the-making

‎12-06-2007 07:26 AM

I updated the post. Thx!
Gonna put it into the wiki
0 Kudos

gabehb
Champ in-the-making
Champ in-the-making

‎12-12-2007 07:12 PM

i followed the instructions for SSO/NTLM, and in firefox, after typing in credentials the first time, it works like the post explained  – but in IE, it does not let me past  the pop-up.  it does not single sign on, rather it prompts me with the windows user/password window and no combination of username/password will let me in (though it went through just fine in firefox)

does that sound like anything you have seen?
0 Kudos

bjoern
Champ in-the-making
Champ in-the-making

‎01-06-2008 08:21 AM

Hi,

I have configured Alfresco according to this manual.

It seems to work fine. I can log in ok.

But:

using the webclient i get the following error:

javax.faces.el.EvaluationException: Cannot get value for expression '#{!NavigationBean.isGuest && NavigationBean.guestHomeVisible}'
caused by:
javax.servlet.jsp.el.ELException: An error occurred while getting property "guestHomeVisible" from an instance of class org.alfresco.web.bean.NavigationBean


starting the server i get the following error:

13:19:49,536 User:System ERROR [alfresco.smb.protocol] Failed to get local domain/workgroup name, using default of WORKGROUP
13:19:49,537 User:System ERROR [alfresco.smb.protocol] (This may be due to firewall settings or incorrect <broadcast> setting)
13:19:49,572 User:System ERROR [smb.protocol.auth] No valid CIFS authentication combination available
13:19:49,573 User:System ERROR [smb.protocol.auth] Either enable Kerberos support or use an authentication component that supports MD4 hashed passwords
13:19:49,575 User:System ERROR [alfresco.smb.protocol] CIFS server configuration error, Invalid CIFS authenticator configuration
org.alfresco.error.AlfrescoRuntimeException: Invalid CIFS authenticator configuration
   at org.alfresco.filesys.server.auth.EnterpriseCifsAuthenticator.initialize(EnterpriseCifsAuthenticator.java:378)
   at org.alfresco.filesys.server.config.ServerConfiguration.setAuthenticator(ServerConfiguration.java:3503)
   at org.alfresco.filesys.server.config.ServerConfiguration.processSecurityConfig(ServerConfiguration.java:2453)
   at org.alfresco.filesys.server.config.ServerConfiguration.init(ServerConfiguration.java:689)
   at org.alfresco.filesys.server.config.ServerConfiguration.onBootstrap(ServerConfiguration.java:4200)
   at org.alfresco.util.AbstractLifecycleBean.onApplicationEvent(AbstractLifecycleBean.java:62)
   at org.springframework.context.event.SimpleApplicationEventMulticaster$1.run(SimpleApplicationEventMulticaster.java:77)
   at org.springframework.core.task.SyncTaskExecutor.execute(SyncTaskExecutor.java:49)
   at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:75)
   at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:241)
   at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:349)
   at org.springframework.web.context.support.AbstractRefreshableWebApplicationContext.refresh(AbstractRefreshableWebApplicationContext.java:156)
   at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:246)
   at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:184)
   at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:49)
   at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3764)
   at org.apache.catalina.core.StandardContext.start(StandardContext.java:4216)
   at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
   at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
   at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
   at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:825)
   at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:714)
   at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:490)
   at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138)
   at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
   at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
   at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
   at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
   at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
   at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
   at org.apache.catalina.core.StandardService.start(StandardService.java:448)
   at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
   at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
   at java.lang.reflect.Method.invoke(Method.java:597)
   at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
   at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)

Thanx for any hints on what i did wrong…
Cheers Bjoern
0 Kudos

daniele001
Champ in-the-making
Champ in-the-making

‎02-06-2008 05:05 PM

Hi

your documentation is great, allowed me to have the AD authentication without any problem. I spent my last week trying to get it operational  Smiley Very Happy

Now the problem, SSO works great with Firefox or Opera, I tried SSO with Explorer 7 and I het error in passthrough function.
Looks like IE pass credentials after the web page has been displayed.
This happens JUST with IE7 !!!

On the IE browser I get thi eror:  

net.sf.acegisecurity.AuthenticationServiceException: Failed to open passthru auth session

and this is the log
23:10:49,612 WARN  [org.springframework.remoting.rmi.RmiRegistryFactoryBean] Could not detect RMI registry - creating new one
23:11:01,155 INFO  [org.alfresco.repo.domain.schema.SchemaBootstrap] Schema managed by database dialect org.hibernate.dialect.SQLServerDialect.
23:11:07,608 INFO  [org.alfresco.repo.domain.schema.SchemaBootstrap] No changes were made to the schema.
23:11:14,274 WARN  [org.alfresco.repo.admin.ConfigurationChecker] The Alfresco 'dir.root' property is set to a relative path './alf_data'.  'dir.root' should be overridden to point to a specific folder.
23:11:14,275 INFO  [org.alfresco.repo.admin.ConfigurationChecker] The Alfresco root data directory ('dir.root') is: ./alf_data
23:11:14,357 INFO  [org.alfresco.repo.admin.patch.PatchExecuter] Checking for patches to apply …
23:11:16,620 INFO  [org.alfresco.repo.module.ModuleServiceImpl] Found 0 module(s).
23:11:17,239 INFO  [org.alfresco.service.descriptor.DescriptorService] Alfresco JVM - v1.6.0_04-b12; maximum heap size 506.313MB
23:11:17,240 INFO  [org.alfresco.service.descriptor.DescriptorService] Alfresco started (Community Network): Current version 2.9.0 (B 683) schema 116 - Installed version 2.9.0 (B 683) schema 116
23:12:05,730 ERROR [org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/alfresco].[Faces Servlet]] Servlet.service() for servlet Faces Servlet threw exception
net.sf.acegisecurity.AuthenticationServiceException: Failed to open passthru auth session
   at org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.authenticatePassthru(NTLMAuthenticationComponentImpl.java:793)
   at org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.authenticate(NTLMAuthenticationComponentImpl.java:550)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
   at java.lang.reflect.Method.invoke(Method.java:597)
   at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:281)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:187)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:154)
   at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:107)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)
   at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:210)
   at $Proxy17.authenticate(Unknown Source)
   at org.alfresco.web.app.servlet.NTLMAuthenticationFilter.processType1(NTLMAuthenticationFilter.java:523)
   at org.alfresco.web.app.servlet.NTLMAuthenticationFilter.doFilter(NTLMAuthenticationFilter.java:395)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
   at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
   at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
   at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
   at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
   at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
   at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
   at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870)
   at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
   at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
   at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
   at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
   at java.lang.Thread.run(Thread.java:619)


Any idea? evantually I I need to swith off SSO keeping operational the AD authentication, what's I've to modify?

Thnks in advance

Regards

Daniele
0 Kudos

durianwool
Champ in-the-making
Champ in-the-making

‎03-12-2008 04:07 AM

Hi,

I've the same problem - did anyone managed to get around the problem. Can you please share the solution? Actually, I don't even need passthru - it is fine that IE prompts for the AD username and password, but this is not working. I'm using IE6.


15:57:48,572 ERROR [org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/alfresco].[Faces Servlet]] Servlet.service() for servlet Faces Servlet threw exception
net.sf.acegisecurity.AuthenticationServiceException: Failed to open passthru auth session
        at org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.authenticatePassthru(NTLMAuthenticationComponentImpl.java:793)
        at org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.authenticate(NTLMAuthenticationComponentImpl.java:550)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:585)
        at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:281)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:187)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:154)
        at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:107)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)
        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:210)
        at $Proxy18.authenticate(Unknown Source)
        at org.alfresco.web.app.servlet.NTLMAuthenticationFilter.processType1(NTLMAuthenticationFilter.java:523)
        at org.alfresco.web.app.servlet.NTLMAuthenticationFilter.doFilter(NTLMAuthenticationFilter.java:395)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870)
        at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
        at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
        at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
        at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
        at java.lang.Thread.run(Thread.java:595)

BR,

Durian
0 Kudos

mindthegab
Champ in-the-making
Champ in-the-making

‎03-20-2008 12:47 PM

Guys:
Alfresco forum migration broken my post.
So now we only have until step A while there were 4 steps and the complete configuration.
I'm discussing this with Alfresco privately, but otherwise I'll try to found some time to rewrite the post (and save it myself…)


Hateful Smiley Sad
0 Kudos

duxtinto
Champ in-the-making
Champ in-the-making

‎03-31-2008 04:55 AM

I'm facing just now this problem, and it's a pity we can't count on your post.

Do you have any news about this topic?

Thanks.
0 Kudos

mindthegab
Champ in-the-making
Champ in-the-making

‎03-31-2008 06:11 AM

I'm discussing the topic with Alfresco, we will restore it ASAP.

I'll come back to you,
Gab
0 Kudos

mindthegab
Champ in-the-making
Champ in-the-making

‎03-31-2008 06:14 AM

Old post (before migration) can be found here:

link removed by admin - this post has been restored

I'm asking Alfresco to restore this one, please report it in case you see other problems like this one.

Ciao and HTH,
Gab
0 Kudos

duxtinto
Champ in-the-making
Champ in-the-making

‎03-31-2008 10:02 PM

Thanks so much.

By the way, do you know if it is still working on Alfresco 2.9?

Regards.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2026 Khoros, LLC