Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Enterprise Platforms
- Alfresco
- Alfresco Archive
- NTLM authentication and upgrade woes.
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
NTLM authentication and upgrade woes.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-27-2006 06:21 AM
I managed after a lot of headscratching to get the 1.4 preview to have LDAP synchronization to a Active Directory server, NTLM authentication for the web client and top the whole thing with getting the NTLM passthrough to work for the CIFS server. When the release of 1.4 came out I happily downloaded the WAR-release and put it in my deployment directory in the tomcat, modified the config templates to contain more or less the same things which worked with the last release only to discover that the NTLM authentication has been broken again.
When I start the server it gives me:
My ntlm-authentication-context.xml contains:
Strangely enough, when I snoop the packages going to the network, no attempt is made to access vt-winsrv-004.visionten.locala (except from when the LDAP synchronization starts), but the server tries to lookup the DNS name localhost., localhost.(none) and localhost.(none).visionten.locala
I'll post a followup if I discover what was wrong…
When I start the server it gives me:
17:42:52,575 ERROR [org.alfresco.smb.protocol] CIFS server configuration error, No valid authentication servers found for passthru
org.alfresco.error.AlfrescoRuntimeException: No valid authentication servers found for passthru
at org.alfresco.filesys.server.auth.passthru.PassthruAuthenticator.initialize(PassthruAuthenticator.java:515)
My ntlm-authentication-context.xml contains:
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
<bean id="authenticationDao" class="org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticationDao" />
<!– The authentication component. –>
<!– Use the passthru authentication component to authenticate using –>
<!– user accounts on one or more Windows servers. –>
<!– Properties that specify the server(s) to use for passthru –>
<!– authentication :- –>
<!– useLocalServer use the local server for authentication –>
<!– domain use domain controllers from the specified domain–>
<!– servers comma delimted list of server addresses or –>
<!– names –>
<bean id="authenticationComponentImpl" class="org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl">
<property name="servers">
<value>vt-winsrv-004.visionten.locala</value>
</property>
<!– Servers already specified
<property name="domain">
<value>visionten.locala</value>
</property>
–>
<property name="useLocalServer">
<value>false</value>
</property>
<property name="personService">
<ref bean="personService" />
</property>
<property name="nodeService">
<ref bean="nodeService" />
</property>
<property name="guestAccess">
<value>true</value>
</property>
</bean>
</beans>
Strangely enough, when I snoop the packages going to the network, no attempt is made to access vt-winsrv-004.visionten.locala (except from when the LDAP synchronization starts), but the server tries to lookup the DNS name localhost., localhost.(none) and localhost.(none).visionten.locala
I'll post a followup if I discover what was wrong…
Labels:
- Labels:
-
Archive
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-01-2006 10:21 PM
I managed to find out that the passthru isn't supported anymore and that you are supposed to use the enterprise authenticator together with Kerberos instead.
I have now at least got NTLM and Kerberos tickets working in the web-client without problems, but the CIFS server is still giving me problems.
I have configured the system according to http://wiki.alfresco.com/wiki/Configuring_the_CIFS_server_for_Kerberos/Active_Directory_integration
but it still doesn't work. No other error messages except the ones below are in the log:
And I get a error message that the username/password might be wrong.
When accessing the web client though I get:
and the single sign-on works as expected.
Anyone have any idea of what might be wrong?
I have now at least got NTLM and Kerberos tickets working in the web-client without problems, but the CIFS server is still giving me problems.
I have configured the system according to http://wiki.alfresco.com/wiki/Configuring_the_CIFS_server_for_Kerberos/Active_Directory_integration
but it still doesn't work. No other error messages except the ones below are in the log:
10:59:16,977 DEBUG [smb.protocol.mailslot] Send NetBIOS host announcement to 192.168.0.255, port 138
10:59:40,241 DEBUG [alfresco.smb.protocol] TCP-SMB session request received from 192.168.0.40
10:59:40,252 DEBUG [alfresco.smb.protocol] Waiting for TCP-SMB session request …
10:59:40,253 DEBUG [alfresco.smb.protocol] Server session started
10:59:40,253 DEBUG [alfresco.smb.protocol] Negotiated SMB dialect - NT LM 0.12
10:59:40,525 DEBUG [alfresco.smb.protocol] Assigned protocol handler - org.alfresco.filesys.smb.server.NTProtocolHandler
10:59:40,717 DEBUG [smb.protocol.auth] NT Session setup SPNEGO, MID=20376, UID=0, PID=65279
10:59:40,974 DEBUG [smb.protocol.auth] User logged on (type Normal)
10:59:41,058 DEBUG [smb.protocol.auth] NT Session setup SPNEGO, MID=20384, UID=0, PID=65279
10:59:41,062 WARN [smb.protocol.auth] Authentication component does not support MD4 password hashes
10:59:41,356 DEBUG [smb.protocol.auth] NT Session setup SPNEGO, MID=20392, UID=0, PID=65279
10:59:41,356 DEBUG [smb.protocol.auth] User logged on (type Normal)
10:59:41,937 DEBUG [smb.protocol.auth] NT Session setup SPNEGO, MID=20400, UID=0, PID=65279
10:59:41,939 WARN [smb.protocol.auth] Authentication component does not support MD4 password hashes
10:59:42,051 DEBUG [smb.protocol.auth] NT Session setup SPNEGO, MID=20408, UID=0, PID=65279
10:59:42,051 DEBUG [smb.protocol.auth] User logged on (type Normal)
10:59:42,183 DEBUG [smb.protocol.auth] NT Session setup SPNEGO, MID=20416, UID=0, PID=65279
10:59:42,184 WARN [smb.protocol.auth] Authentication component does not support MD4 password hashes
10:59:42,340 DEBUG [smb.protocol.auth] NT Session setup SPNEGO, MID=20424, UID=0, PID=65279
10:59:42,340 DEBUG [smb.protocol.auth] User logged on (type Normal)
10:59:42,497 DEBUG [smb.protocol.auth] NT Session setup SPNEGO, MID=20432, UID=0, PID=65279
10:59:42,499 WARN [smb.protocol.auth] Authentication component does not support MD4 password hashes
10:59:42,774 DEBUG [smb.protocol.auth] NT Session setup SPNEGO, MID=20440, UID=0, PID=65279
10:59:42,775 DEBUG [smb.protocol.auth] User logged on (type Normal)
10:59:42,804 DEBUG [smb.protocol.auth] NT Session setup SPNEGO, MID=20448, UID=0, PID=65279
10:59:42,805 WARN [smb.protocol.auth] Authentication component does not support MD4 password hashes
And I get a error message that the username/password might be wrong.
When accessing the web client though I get:
11:00:22,373 DEBUG [app.servlet.NTLMAuthenticationFilter] New NTLM auth request from 192.168.0.40 (192.168.0.40:4944)
11:00:22,400 DEBUG [app.servlet.NTLMAuthenticationFilter] Received type1 [Type1:0xa208b207,Domain:VISIONTEN,Wks:VTWKS-0011]
11:00:22,404 DEBUG [smb.protocol.auth] Open authenticate session to [vt-winsrv-004.visionten.locala:192.168.0.249:Online:0,0]
11:00:22,405 DEBUG [smb.protocol.auth] New auth session from cms.visionten.locala_2 to \\192.168.0.249\IPC$\
11:00:22,406 DEBUG [smb.protocol.auth] Trying address 192.168.0.249
11:00:22,407 DEBUG [smb.protocol.auth] Connected to address 192.168.0.249
11:00:22,407 DEBUG [smb.protocol.auth] Connected session, protocol : TCP/IP NetBIOS
11:00:22,408 DEBUG [smb.protocol.auth] SessionFactory: Negotiated SMB dialect NT LM 0.12
11:00:22,524 DEBUG [app.servlet.NTLMAuthenticationFilter] Sending NTLM type2 to client - [Type2:0x80000203,Target:CMS,Ch:7d4ff7cf6aaf4802]
11:00:22,565 DEBUG [app.servlet.NTLMAuthenticationFilter] Received type3 Type3:,LM:2a6cadc2798b44f848fb716c6d18a646f9e6db5265086dd5,NTLM:507c9dc1f5cde826f0c2a5
66b4b455ada72ad1a61b67cfe8,Dom:VISIONTEN,User:marcus,Wks:VTWKS-0011]
11:00:22,658 DEBUG [app.servlet.NTLMAuthenticationFilter] Updated cached NTLM details
11:00:22,659 DEBUG [app.servlet.NTLMAuthenticationFilter] User logged on via NTLM, [marcus,Wks:VTWKS-0011,Dom:VISIONTEN,AuthSrv:CMS,Thu Nov 02 11:00:22 CST 2006]
11:00:39,573 DEBUG [app.servlet.NTLMAuthenticationFilter] User marcus validate ticket
11:00:39,575 DEBUG [app.servlet.NTLMAuthenticationFilter] Authentication not required, chaining …
11:00:53,047 DEBUG [app.servlet.NTLMAuthenticationFilter] User marcus validate ticket
11:00:53,049 DEBUG [app.servlet.NTLMAuthenticationFilter] Authentication not required, chaining …
and the single sign-on works as expected.
Anyone have any idea of what might be wrong?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-31-2008 09:38 AM
Authentication component does not support MD4 password hashes
I am also getting the above error. I am using: org.alfresco.web.app.servlet.KerberosAuthenticationFilter
Any solutions, ideas?
Related Content
- Alfresco Community Edition 23.4 Release Notes in Alfresco Blog
- Fresh installation fails with "02110002 Required people system path not found: sys:system" in Alfresco Forum
- Alfresco Community Edition 23.2 Release Notes in Alfresco Blog
- Work flow deployment failed error during when upgrading the alf data from 5.2 to 7 in Alfresco Forum
- Alfresco Community Edition 23.1 Release Notes in Alfresco Blog
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
