Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Content Management
- Alfresco
- Alfresco Archive
- NTLM and Guest
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
NTLM and Guest
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-15-2007 07:38 PM
With out-of-the-box version 2.0.0, there was an admin and a guest account, and I had to manually add users. I could however, 'invite' the guest as a consumer for a space, which would then allow "anonymous" access to the content in that space with the URI for that content, w/out a need for a login.
I've now spent two days and finally got LDAP user/group sync to work, and NTLM login authentication and CIFS (!). Seems chaining does not work with NTLM (from various posts), so my admin and guest accounts are gone. I can get back an admin capability with custom-authority-services-context.xml. I can even "see" a guest user if I <allowGuest/> in file-servers-custom.xml.
But still, any "anonymous" attempt to fetch content thru URI gets me the login screen. Why?
I would also like to create non-ldap users local to the alfresco database, so I can allow external folks access to content. I think this means "chaining". How can this be done with NTLM?
I've now spent two days and finally got LDAP user/group sync to work, and NTLM login authentication and CIFS (!). Seems chaining does not work with NTLM (from various posts), so my admin and guest accounts are gone. I can get back an admin capability with custom-authority-services-context.xml. I can even "see" a guest user if I <allowGuest/> in file-servers-custom.xml.
But still, any "anonymous" attempt to fetch content thru URI gets me the login screen. Why?
I would also like to create non-ldap users local to the alfresco database, so I can allow external folks access to content. I think this means "chaining". How can this be done with NTLM?
Labels:
- Labels:
-
Archive
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-16-2007 02:28 AM
Hi
I did managed to make chaining work for NTLM Web Client auth (but CIFS only uses NTLM) , have a look here:
http://wiki.alfresco.com/wiki/Talk:Enterprise_Security_and_Authentication_Configuration
If you like, I can send you prepared .class that is tested with 2.0
Thanks
Alexander
I did managed to make chaining work for NTLM Web Client auth (but CIFS only uses NTLM) , have a look here:
http://wiki.alfresco.com/wiki/Talk:Enterprise_Security_and_Authentication_Configuration
If you like, I can send you prepared .class that is tested with 2.0
Thanks
Alexander
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-17-2007 06:32 PM
This solution worked great for me. With out-of-the-box NTLM, which is (apparently) needed for CIFS work work, chaining is not supported. If you cannot chain, then you loose admin, guest and the ability to have "external" users in your system that are not in AD/LDAP. If you, like me, needs this combination then Alexander's NTLMAuthenticationFilter.class is just the ticket. Get his NTLMAuthenticationFilter.class from his post, and then here are the installation instructions:
1) Stop Alfresco and go to /afresco/tomcat/webapps
2) Delete .war file (it is already deployed)
3) go to alfresco/WEB_INF/lib
4) rename web-client.jar to .zip
5) right-click and select "Explore"
6) inside zip find org/alfresco/web/app/servlet/NTLMAuthenticationFilter.class and replace it
7) rename jar back
😎 start alfresco
You will also need a tomcat/shared/classes/alfresco/extension/chaining-authentication-context.xml file that looks something like:
1) Stop Alfresco and go to /afresco/tomcat/webapps
2) Delete .war file (it is already deployed)
3) go to alfresco/WEB_INF/lib
4) rename web-client.jar to .zip
5) right-click and select "Explore"
6) inside zip find org/alfresco/web/app/servlet/NTLMAuthenticationFilter.class and replace it
7) rename jar back
😎 start alfresco
You will also need a tomcat/shared/classes/alfresco/extension/chaining-authentication-context.xml file that looks something like:
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
<!– Chaining –>
<bean id="authenticationService" class="org.alfresco.repo.security.authentication.ChainingAuthenticationServiceImpl">
<property name="authenticationServices">
<list>
<ref bean="authenticationServiceImplNTLM"/>
</list>
</property>
<property name="mutableAuthenticationService">
<ref bean="authenticationServiceImplAlfresco"/>
</property>
</bean>
<!– Alfresco Auth –>
<bean id="authenticationServiceImplAlfresco" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
<property name="authenticationDao">
<ref bean="authenticationDaoAlfresco"/>
</property>
<property name="ticketComponent">
<ref bean="ticketComponent"/>
</property>
<property name="authenticationComponent">
<ref bean="authenticationComponentImplAlfresco"/>
</property>
</bean>
<bean id="authenticationDaoAlfresco" class="org.alfresco.repo.security.authentication.RepositoryAuthenticationDao">
<property name="nodeService">
<ref bean="nodeService"/>
</property>
<property name="dictionaryService">
<ref bean="dictionaryService"/>
</property>
<property name="namespaceService">
<ref bean="namespaceService"/>
</property>
<property name="searchService">
<ref bean="searchService"/>
</property>
<property name="userNamesAreCaseSensitive">
<value>${user.name.caseSensitive}</value>
</property>
<property name="passwordEncoder">
<ref bean="passwordEncoder"/>
</property>
</bean>
<bean id="authenticationComponentImplAlfresco" class="org.alfresco.repo.security.authentication.AuthenticationComponentImpl">
<property name="authenticationDao">
<ref bean="authenticationDaoAlfresco"/>
</property>
<property name="authenticationManager">
<ref bean="authenticationManager"/>
</property>
<property name="allowGuestLogin">
<value>true</value>
</property>
</bean>
<!– NTLM –>
<bean id="authenticationServiceImplNTLM" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
<property name="authenticationDao">
<ref bean="authenticationDaoNTLM"/>
</property>
<property name="ticketComponent">
<ref bean="ticketComponent"/>
</property>
<property name="authenticationComponent">
<ref bean="authenticationComponent"/>
</property>
</bean>
<bean id="authenticationDaoNTLM" class="org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticationDao" />
<!– The authentication component. –>
<!– Use the passthru authentication component to authenticate using –>
<!– user accounts on one or more Windows servers. –>
<!– Properties that specify the server(s) to use for passthru –>
<!– authentication :- –>
<!– useLocalServer use the local server for authentication –>
<!– domain use domain controllers from the specified domain–>
<!– servers comma delimted list of server addresses or –>
<!– names –>
<bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl">
<property name="servers">
<value>your_server(s)_here</value>
</property>
<property name="useLocalServer">
<value>false</value>
</property>
<property name="personService">
<ref bean="personService" />
</property>
<property name="nodeService">
<ref bean="nodeService" />
</property>
<property name="guestAccess">
<value>true</value>
</property>
</bean>
</beans>
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-24-2007 05:22 AM
Hi! peebles,
I followed your steps and modified server name in your chaining-authentication-context.xml. I got exception as following:
Do I miss something?
I followed your steps and modified server name in your chaining-authentication-context.xml. I got exception as following:
Do I miss something?
………..
Caused by: javax.faces.el.EvaluationException: Exception while invoking expressi
on #{LoginBean.login}
at org.apache.myfaces.el.MethodBindingImpl.invoke(MethodBindingImpl.java
:153)
at org.apache.myfaces.application.ActionListenerImpl.processAction(Actio
nListenerImpl.java:63)
… 23 more
Caused by: org.alfresco.error.AlfrescoRuntimeException: Not implemented
at org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticat
ionDao.loadUserByUsername(NullMutableAuthenticationDao.java:316)
at net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider.getUserF
romBackend(DaoAuthenticationProvider.java:390)
at net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider.authenti
cate(DaoAuthenticationProvider.java:225)
at net.sf.acegisecurity.providers.ProviderManager.doAuthentication(Provi
derManager.java:159)
at net.sf.acegisecurity.AbstractAuthenticationManager.authenticate(Abstr
actAuthenticationManager.java:49)
at org.alfresco.repo.security.authentication.AuthenticationComponentImpl
.authenticate(AuthenticationComponentImpl.java:74)
at org.alfresco.repo.security.authentication.AuthenticationServiceImpl.a
uthenticate(AuthenticationServiceImpl.java:112)
at org.alfresco.repo.security.authentication.ChainingAuthenticationServi
ceImpl.authenticate(ChainingAuthenticationServiceImpl.java:164)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
…………….
at $Proxy20.authenticate(Unknown Source)
at org.alfresco.web.bean.LoginBean.login(LoginBean.java:243)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.myfaces.el.MethodBindingImpl.invoke(MethodBindingImpl.java
:129)
… 24 more
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-24-2007 11:50 AM
I am a newbee at this game. I just posted the instructions that alexander mailed me that worked. I will say that, getting all of this authentication stuff to work is very painful.
Even now, all my problems are not solved. With my current setup, the CIFS interface kinda works, except the drag-n-drop on the Details.exe or CheckInOut.exe fail. I am still trying to get that resolved.
Even now, all my problems are not solved. With my current setup, the CIFS interface kinda works, except the drag-n-drop on the Details.exe or CheckInOut.exe fail. I am still trying to get that resolved.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-24-2007 06:21 AM
Hi all
can u pls send the instructions to me
can u pls send the instructions to me
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-25-2007 09:09 PM
H! Dalia,
Please see my tomcat\shared\classes\alfresco\extension\chainging-authentication-context.xml.
In my company, our users are located in different Microsoft AD domains
I configured it to authenticate two domain controllers. It solves my cross domains authentication problem partially, because it works on web client, but not CIFS.
Please see my tomcat\shared\classes\alfresco\extension\chainging-authentication-context.xml.
In my company, our users are located in different Microsoft AD domains
I configured it to authenticate two domain controllers. It solves my cross domains authentication problem partially, because it works on web client, but not CIFS.
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
<!– Chaining –>
<bean id="authenticationService" class="org.alfresco.repo.security.authentication.ChainingAuthenticationServiceImpl">
<property name="authenticationServices">
<list>
<ref bean="authenticationServiceImplNTLM2"/>
<ref bean="authenticationServiceImplNTLM"/>
</list>
</property>
</bean>
<bean id="authenticationServiceImplNTLM" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
<property name="authenticationDao">
<ref bean="authenticationDaoNTLM"/>
</property>
<property name="ticketComponent">
<ref bean="ticketComponent"/>
</property>
<property name="authenticationComponent">
<ref bean="authenticationComponent"/>
</property>
</bean>
<bean id="authenticationDaoNTLM" class="org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticationDao" />
<!– The authentication component. –>
<!– Use the passthru authentication component to authenticate using –>
<!– user accounts on one or more Windows servers. –>
<!– Properties that specify the server(s) to use for passthru –>
<!– authentication :- –>
<!– useLocalServer use the local server for authentication –>
<!– domain use domain controllers from the specified domain–>
<!– servers comma delimted list of server addresses or –>
<!– names –>
<bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl">
<property name="servers">
<value>xxxtaodc1</value>
</property>
<property name="useLocalServer">
<value>false</value>
</property>
<property name="personService">
<ref bean="personService" />
</property>
<property name="nodeService">
<ref bean="nodeService" />
</property>
<property name="guestAccess">
<value>false</value>
</property>
</bean>
<bean id="authenticationServiceImplNTLM2" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
<property name="authenticationDao">
<ref bean="authenticationDaoNTLM2"/>
</property>
<property name="ticketComponent">
<ref bean="ticketComponent"/>
</property>
<property name="authenticationComponent">
<ref bean="authenticationComponent2"/>
</property>
</bean>
<bean id="authenticationDaoNTLM2" class="org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticationDao" />
<!– The authentication component. –>
<!– Use the passthru authentication component to authenticate using –>
<!– user accounts on one or more Windows servers. –>
<!– Properties that specify the server(s) to use for passthru –>
<!– authentication :- –>
<!– useLocalServer use the local server for authentication –>
<!– domain use domain controllers from the specified domain–>
<!– servers comma delimted list of server addresses or –>
<!– names –>
<bean id="authenticationComponent2" class="org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl">
<property name="servers">
<value>xxxtpedc1</value>
</property>
<property name="useLocalServer">
<value>false</value>
</property>
<property name="personService">
<ref bean="personService" />
</property>
<property name="nodeService">
<ref bean="nodeService" />
</property>
<property name="guestAccess">
<value>false</value>
</property>
</bean>
</beans>
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-02-2008 04:01 PM
Hello, I'm a newbie on java so if someone could please help me on how to compile NTLMAuthenticationFilter.java into NTLMAuthenticationFilter.class, I appriciate it very much. I try to compile using javac but keep getting lots of compiling error about package not exist.
Related Content
- Specific groups login in Alfresco Forum
- Tech Talk Live #161 - Live from Lisbon's TechQuest and Hackaton in Alfresco Blog
- Login Screen of share is now shown as Community after update of Enterprise 23.1 to 23.2 in Alfresco Forum
- TTL #160 - TechQuest and Hackaton in Alfresco Blog
- Use a different Authentication Method for AOS in alfresco in Alfresco Forum
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
