Hyland Connect

lgr · ‎02-06-2007

Hi,

With the old versions of Alfresco, adding these lines in shared/file-servers-custom.xml worked.

   
   <config evaluator="string-compare" condition="Filesystem Security" replace="true">
       <authenticator type="passthru">
          <Server>192.168.0.1</Server>
       </authenticator>
   </config>‍‍‍‍‍‍

Since v2.0 preview, i've got an error under windows 2k3 FR:

14:03:52,828 ERROR [alfresco.smb.protocol] CIFS server configuration error, Wrong authentication setup for passthru authenticator (can only be used with LDAP/JAAS auth component)
org.alfresco.error.AlfrescoRuntimeException: Wrong authentication setup for passthru authenticator (can only be used with LDAP/JAAS auth component)
        at org.alfresco.filesys.server.config.ServerConfiguration.processSecurit
yConfig(ServerConfiguration.java:2247)
        at org.alfresco.filesys.server.config.ServerConfiguration.init(ServerCon
figuration.java:626)
        at org.alfresco.filesys.server.config.ServerConfiguration.onBootstrap(Se
rverConfiguration.java:3985)‍‍‍‍‍‍‍‍

I haven't found any change documented since v1.4 in the forum, documentation (wiki), nor the jira issues.

Is there a bug or something i did not notice ?

Laurent.

aznk · ‎02-26-2007

I've got exactly the same error, I've enabled successfully LDAP in Alfresco 1.4 and it doesn't work anymore in 2.0 preview and final.
I've followed the instructions in the wiki to enable NTLM authentication :
- rename and edit ldap-authentication-context.xml.sample to ldap-authentication-context.xml
- rename ntlm-authentication-context.xml.sample to tlm-authentication-context.xml
- comment and uncomment lines relevant to NTLM according to the wiki page
after adding these lines I still got the same error :

<config evaluator="string-compare" condition="Filesystem Security">
  <authenticator type="alfresco">
  </authenticator>
</config>‍‍‍‍

hsantander · ‎02-26-2007

Hi Andy

Well, I have this configuration in custom-file-servers.xml:

   <config evaluator="string-compare" condition="Filesystem Security" replace="true">
        <authenticator type="passthru">
                <Server>10.226.128.113</Server>
                <Domain>TTTTHACIENDA_DO</Domain>
        </authenticator>
   </config>
‍‍‍‍‍‍‍

which it's supposed to replace the original configuration and hasn't any reference to Enterprise Authenticator, so if you are right, why still use the entrerprise? Why CIFS configuration that works on the preview and before on 1.4 doesn't work on 2.0?

When I change the file file-servers.xml at WEB-INF/classes/alfresco/ with alfresco instead of enterprise I got this errors:

16:50:35,212 ERROR [alfresco.smb.protocol] Failed to get local domain/workgroup name, using default of WORKGROUP
16:50:35,212 ERROR [alfresco.smb.protocol] (This may be due to firewall settings or incorrect <broadcast> setting)
16:50:35,223 ERROR [alfresco.smb.protocol] CIFS server configuration error, Wrong authentication setup for alfresco authenticator
org.alfresco.error.AlfrescoRuntimeException: Wrong authentication setup for alfresco authenticator
        at org.alfresco.filesys.server.config.ServerConfiguration.processSecurityConfig(ServerConfiguration.java:2282)
        at org.alfresco.filesys.server.config.ServerConfiguration.init(ServerConfiguration.java:634)
        at org.alfresco.filesys.server.config.ServerConfiguration.onBootstrap(ServerConfiguration.java:4007)
        at org.alfresco.util.AbstractLifecycleBean.onApplicationEvent(AbstractLifecycleBean.java:62)
        at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:45)
        at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:225)
        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:323)
        at org.springframework.web.context.support.AbstractRefreshableWebApplicationContext.refresh(AbstractRefreshableWebApplicationContext.java:134)
        at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:246)
        at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:184)
        at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:49)
        at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3763)
        at org.apache.catalina.core.StandardContext.start(StandardContext.java:4211)
        at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:759)
        at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:739)
        at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:524)
        at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:809)
        at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:698)
        at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:472)
        at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1122)
        at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:310)
        at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1021)
        at org.apache.catalina.core.StandardHost.start(StandardHost.java:718)
        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1013)
        at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:442)
        at org.apache.catalina.core.StandardService.start(StandardService.java:450)
        at org.apache.catalina.core.StandardServer.start(StandardServer.java:709)
        at org.apache.catalina.startup.Catalina.start(Catalina.java:551)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:585)
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:294)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432)
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

And, what about the other errors? They apeared when I uncommented the NTLM configuration on web.xml, which references to Enterprise version. What is the configuration for the community? I didn't see any changes in the wiki about NTLM configuration and this configuration in the wiki it's for the 1.4 version.

I'm getting nuts with alll those undocumented changes.

All the problems with the bug with NTLM it's supposed to be solved with version 1.4.1E. I'm thinking about passing to the Enterprise license but I'm afraid I will get other errors like it's happening with the Community version.

So, Andy, could you give me more detailed help, please?

Thanks

aznk · ‎02-26-2007

I also get the same errors with a passthru configuration, which used to work in 1.4 but doesn't work either in 2.0.
Would the fact that I set password to simple change anything in ldap-authentication-context.xml, supposing that we have to use MD4 :

<entry key="java.naming.security.authentication">
                    <!–value>DIGEST-MD5</value–>
               <value>simple</value>
                </entry>‍‍‍‍

simple worked for me in 1.4 but not DIGEST-MD5.

hsantander · ‎02-26-2007

Hi again

Well I'm not alone with this problem.

Now I have the CIFS correctly working modifying WEB-INF/classes/alfresco/file-servers.xml. I change :

   <config evaluator="string-compare" condition="Filesystem Security">
        <authenticator type="enterprise">
        </authenticator>
‍‍‍‍

and use this definition:

   <config evaluator="string-compare" condition="Filesystem Security">
        <authenticator type="passthru">
                <Server>10.226.128.113</Server>
                <Domain>TTTTHACIENDA_DO</Domain>
        </authenticator>
‍‍‍‍‍‍

I don't know why doesn't work when I use the following on the custom-file-servers.xml in the extension directory:

   <config evaluator="string-compare" condition="Filesystem Security" replace="true">
        <authenticator type="passthru">
                <Server>10.226.128.113</Server>
                <Domain>TTTTHACIENDA_DO</Domain>
        </authenticator>
   </config>‍‍‍‍‍‍

Now CIFS seems to work. I use a win2000 logged in the domain and access to the Alfresco CIFS.

The problem now is getting the web client login to work for a NTLM passthru.

Modify the web.xml doesn't work as it's comment in this file. What are the modifications to web.xml for getting NTLM working on the web client?

Thanks

aznk · ‎02-27-2007

With the same configuration as you that is to say :
- ntlm-authentication-context.xml not modified
- web.xml not modified (as uncommenting lines related to NTLM makes tomcat crash)
- ldap-authentication-context.xml : same configuration that I used in Alfresco 1.4 and that worked
- file-servers.xml : added these lines

<authenticator type="passthru">
   <Server>192.168.0.102,192.168.0.1,adsrv.alfresco.org</Server>
  </authenticator>‍‍‍

Tomcat doesn't crash anymore but I can't authenticate anymore in the web interface, neither as admin/admin nor any windows login (imported from ldap, which worked in 1.4), and CIFS doesn't work either, every time I try to access it via the LAN, path is not found.
Here is my log :

11:50:32,731 DEBUG [org.alfresco.smb.protocol.auth] New auth session from DEV04_10 to \\192.168.0.1\IPC$\
11:50:35,700 DEBUG [org.alfresco.smb.protocol.auth] Passthru offline check failed for 192.168.0.1
11:50:43,686 DEBUG [org.alfresco.smb.protocol] Winsock NetBIOS session request received, caller=[DEV04:WorkStation,Unique,]
11:50:43,686 DEBUG [org.alfresco.smb.protocol] Waiting for Win32 NetBIOS session request (Winsock) …
11:50:43,686 DEBUG [org.alfresco.smb.protocol] Server session started
11:50:43,686 DEBUG [org.alfresco.smb.protocol] Winsock NetBIOS session request received, caller=[DEV04:WorkStation,Unique,]
11:50:43,686 DEBUG [org.alfresco.smb.protocol] Waiting for Win32 NetBIOS session request (Winsock) …
11:50:43,686 DEBUG [org.alfresco.smb.protocol] Server session started
11:50:43,717 DEBUG [org.alfresco.smb.protocol] Winsock NetBIOS session request received, caller=[DEV04:WorkStation,Unique,]
11:50:43,717 DEBUG [org.alfresco.smb.protocol] Waiting for Win32 NetBIOS session request (Winsock) …
11:50:43,717 DEBUG [org.alfresco.smb.protocol] Server session started
11:50:43,717 DEBUG [org.alfresco.smb.protocol] Negotiated SMB dialect - NT LM 0.12
11:50:43,717 DEBUG [org.alfresco.smb.protocol] Assigned protocol handler - org.alfresco.filesys.smb.server.NTProtocolHandler
11:50:43,717 DEBUG [org.alfresco.smb.protocol.auth] Open authenticate session to [dev01.gva.ch.net:192.168.0.102:Online:7,Tue Feb 27 11:45:46 CET 2007]
11:50:43,717 DEBUG [org.alfresco.smb.protocol.auth] New auth session from DEV04_11 to \\192.168.0.102\IPC$\
11:50:43,717 DEBUG [org.alfresco.smb.protocol.auth] Trying address 192.168.0.102
11:50:43,717 DEBUG [org.alfresco.smb.protocol.auth] Connected to address 192.168.0.102
11:50:43,717 DEBUG [org.alfresco.smb.protocol.auth] Connected session, protocol : TCP/IP NetBIOS
11:50:43,717 DEBUG [org.alfresco.smb.protocol.auth] SessionFactory: Negotiated SMB dialect NT LM 0.12
11:50:43,717 DEBUG [org.alfresco.smb.protocol.auth] Passthru sessId=9, auth ctx=[NTLM,Challenge=56af0a7ffdec9dac]
11:50:44,670 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup from user=, password=none, ANSIpwd=00, domain=, os=Windows 2002 Service Pack 2 2600, VC=0, maxBuf=61440, maxMpx=4, authCtx=[NTLM,Challenge=56af0a7ffdec9dac]
11:50:44,670 DEBUG [org.alfresco.smb.protocol.auth]   MID=8, UID=0, PID=65279
11:50:44,670 DEBUG [org.alfresco.smb.protocol.auth] Null CIFS logon allowed
11:50:44,670 DEBUG [org.alfresco.smb.protocol.auth] User  logged on  (type Null)
11:50:44,670 DEBUG [org.alfresco.smb.protocol.auth] Allocated UID=0 for VC=[0:0,[:null,,Windows 2002 Service Pack 2 2600],Tree=0,Searches=0]
11:50:44,670 DEBUG [org.alfresco.smb.protocol] Winsock NetBIOS session request received, caller=[DEV04:WorkStation,Unique,]
11:50:44,670 DEBUG [org.alfresco.smb.protocol] Waiting for Win32 NetBIOS session request (Winsock) …
11:50:44,670 DEBUG [org.alfresco.smb.protocol] Server session started
11:50:44,670 DEBUG [org.alfresco.smb.protocol] Negotiated SMB dialect - NT LM 0.12
11:50:44,670 DEBUG [org.alfresco.smb.protocol] Assigned protocol handler - org.alfresco.filesys.smb.server.NTProtocolHandler
11:50:44,670 DEBUG [org.alfresco.smb.protocol.auth] Open authenticate session to [dev01.gva.ch.net:192.168.0.102:Online:8,Tue Feb 27 11:50:43 CET 2007]
11:50:44,670 DEBUG [org.alfresco.smb.protocol.auth] New auth session from DEV04_12 to \\192.168.0.102\IPC$\
11:50:44,670 DEBUG [org.alfresco.smb.protocol.auth] Trying address 192.168.0.102
11:50:44,670 DEBUG [org.alfresco.smb.protocol.auth] Connected to address 192.168.0.102
11:50:44,670 DEBUG [org.alfresco.smb.protocol.auth] Connected session, protocol : TCP/IP NetBIOS
11:50:44,670 DEBUG [org.alfresco.smb.protocol.auth] SessionFactory: Negotiated SMB dialect NT LM 0.12
11:50:44,670 DEBUG [org.alfresco.smb.protocol.auth] Passthru sessId=10, auth ctx=[NTLM,Challenge=850935b3df15f44b]
11:50:47,077 DEBUG [org.alfresco.smb.protocol] Winsock NetBIOS session request received, caller=[DEV04:WorkStation,Unique,]
11:50:47,077 DEBUG [org.alfresco.smb.protocol] Waiting for Win32 NetBIOS session request (Winsock) …
11:50:47,077 DEBUG [org.alfresco.smb.protocol] Winsock NetBIOS session request received, caller=[DEV04:WorkStation,Unique,]
11:50:47,077 DEBUG [org.alfresco.smb.protocol] Server session started
11:50:47,077 DEBUG [org.alfresco.smb.protocol] Waiting for Win32 NetBIOS session request (Winsock) …
11:50:47,077 DEBUG [org.alfresco.smb.protocol] Server session started
11:50:47,077 DEBUG [org.alfresco.smb.protocol] Winsock NetBIOS session request received, caller=[DEV04:WorkStation,Unique,]
11:50:47,077 DEBUG [org.alfresco.smb.protocol] Waiting for Win32 NetBIOS session request (Winsock) …
11:50:47,077 DEBUG [org.alfresco.smb.protocol] Server session started
11:50:47,077 DEBUG [org.alfresco.smb.protocol] Negotiated SMB dialect - NT LM 0.12
11:50:47,077 DEBUG [org.alfresco.smb.protocol] Assigned protocol handler - org.alfresco.filesys.smb.server.NTProtocolHandler
11:50:47,077 DEBUG [org.alfresco.smb.protocol.auth] Open authenticate session to [dev01.gva.ch.net:192.168.0.102:Online:9,Tue Feb 27 11:50:44 CET 2007]
11:50:47,077 DEBUG [org.alfresco.smb.protocol.auth] New auth session from DEV04_13 to \\192.168.0.102\IPC$\
11:50:47,077 DEBUG [org.alfresco.smb.protocol.auth] Trying address 192.168.0.102
11:50:47,077 DEBUG [org.alfresco.smb.protocol.auth] Connected to address 192.168.0.102
11:50:47,077 DEBUG [org.alfresco.smb.protocol.auth] Connected session, protocol : TCP/IP NetBIOS
11:50:47,077 DEBUG [org.alfresco.smb.protocol.auth] SessionFactory: Negotiated SMB dialect NT LM 0.12
11:50:47,077 DEBUG [org.alfresco.smb.protocol.auth] Passthru sessId=11, auth ctx=[NTLM,Challenge=4e8a2991865734c7]
11:50:47,093 DEBUG [org.alfresco.smb.protocol] Winsock NetBIOS session request received, caller=[DEV04:WorkStation,Unique,]
11:50:47,093 DEBUG [org.alfresco.smb.protocol] Waiting for Win32 NetBIOS session request (Winsock) …
11:50:47,093 DEBUG [org.alfresco.smb.protocol] Server session started
11:50:48,171 DEBUG [org.alfresco.smb.protocol] Winsock NetBIOS session request received, caller=[DEV04:WorkStation,Unique,]
11:50:48,171 DEBUG [org.alfresco.smb.protocol] Waiting for Win32 NetBIOS session request (Winsock) …
11:50:48,171 DEBUG [org.alfresco.smb.protocol] Server session started
11:50:48,171 DEBUG [org.alfresco.smb.protocol] Negotiated SMB dialect - NT LM 0.12
11:50:48,171 DEBUG [org.alfresco.smb.protocol] Assigned protocol handler - org.alfresco.filesys.smb.server.NTProtocolHandler
11:50:48,171 DEBUG [org.alfresco.smb.protocol.auth] Open authenticate session to [dev01.gva.ch.net:192.168.0.102:Online:10,Tue Feb 27 11:50:47 CET 2007]
11:50:48,171 DEBUG [org.alfresco.smb.protocol.auth] New auth session from DEV04_14 to \\192.168.0.102\IPC$\
11:50:48,171 DEBUG [org.alfresco.smb.protocol.auth] Trying address 192.168.0.102
11:50:48,171 DEBUG [org.alfresco.smb.protocol.auth] Connected to address 192.168.0.102
11:50:48,171 DEBUG [org.alfresco.smb.protocol.auth] Connected session, protocol : TCP/IP NetBIOS
11:50:48,171 DEBUG [org.alfresco.smb.protocol.auth] SessionFactory: Negotiated SMB dialect NT LM 0.12
11:50:48,171 DEBUG [org.alfresco.smb.protocol.auth] Passthru sessId=12, auth ctx=[NTLM,Challenge=b03f35239772935a]
11:50:48,171 DEBUG [org.alfresco.smb.protocol] Winsock NetBIOS session request received, caller=[DEV04:WorkStation,Unique,]
11:50:48,186 DEBUG [org.alfresco.smb.protocol] Waiting for Win32 NetBIOS session request (Winsock) …
11:50:48,186 DEBUG [org.alfresco.smb.protocol] Winsock NetBIOS session request received, caller=[DEV04:WorkStation,Unique,]
11:50:48,186 DEBUG [org.alfresco.smb.protocol] Server session started
11:50:48,186 DEBUG [org.alfresco.smb.protocol] Waiting for Win32 NetBIOS session request (Winsock) …
11:50:48,186 DEBUG [org.alfresco.smb.protocol] Server session started
11:50:48,186 DEBUG [org.alfresco.smb.protocol] Negotiated SMB dialect - NT LM 0.12
11:50:48,186 DEBUG [org.alfresco.smb.protocol] Assigned protocol handler - org.alfresco.filesys.smb.server.NTProtocolHandler
11:50:48,186 DEBUG [org.alfresco.smb.protocol.auth] Open authenticate session to [dev01.gva.ch.net:192.168.0.102:Online:11,Tue Feb 27 11:50:48 CET 2007]
11:50:48,186 DEBUG [org.alfresco.smb.protocol.auth] New auth session from DEV04_15 to \\192.168.0.102\IPC$\
11:50:48,186 DEBUG [org.alfresco.smb.protocol.auth] Trying address 192.168.0.102
11:50:48,186 DEBUG [org.alfresco.smb.protocol.auth] Connected to address 192.168.0.102
11:50:48,186 DEBUG [org.alfresco.smb.protocol.auth] Connected session, protocol : TCP/IP NetBIOS
11:50:48,186 DEBUG [org.alfresco.smb.protocol.auth] SessionFactory: Negotiated SMB dialect NT LM 0.12
11:50:48,186 DEBUG [org.alfresco.smb.protocol.auth] Passthru sessId=13, auth ctx=[NTLM,Challenge=599eb51b3b3c4c07]
11:50:49,374 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup from user=, password=none, ANSIpwd=00, domain=, os=Windows 2002 Service Pack 2 2600, VC=0, maxBuf=61440, maxMpx=4, authCtx=[NTLM,Challenge=599eb51b3b3c4c07]
11:50:49,374 DEBUG [org.alfresco.smb.protocol.auth]   MID=8, UID=0, PID=65279
11:50:49,374 DEBUG [org.alfresco.smb.protocol.auth] Null CIFS logon allowed
11:50:49,374 DEBUG [org.alfresco.smb.protocol.auth] User  logged on  (type Null)
11:50:49,374 DEBUG [org.alfresco.smb.protocol.auth] Allocated UID=0 for VC=[0:0,[:null,,Windows 2002 Service Pack 2 2600],Tree=0,Searches=0]
11:50:49,390 DEBUG [org.alfresco.smb.protocol] Winsock NetBIOS session request received, caller=[DEV04:WorkStation,Unique,]
11:50:49,390 DEBUG [org.alfresco.smb.protocol] Waiting for Win32 NetBIOS session request (Winsock) …
11:50:49,390 DEBUG [org.alfresco.smb.protocol] Server session started
11:50:49,390 DEBUG [org.alfresco.smb.protocol] Winsock NetBIOS session request received, caller=[DEV04:WorkStation,Unique,]
11:50:49,390 DEBUG [org.alfresco.smb.protocol] Waiting for Win32 NetBIOS session request (Winsock) …
11:50:49,390 DEBUG [org.alfresco.smb.protocol] Server session started
11:50:50,781 DEBUG [org.alfresco.smb.protocol.mailslot] HostAnnouncer: Announced host DEV04_A
11:50:56,766 DEBUG [org.alfresco.smb.protocol.mailslot] HostAnnouncer: Announced host DEV04_A
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Any ideas why it was working in 1.4 and no more in 2.0 ?

luker0 · ‎02-27-2007

According to the wiki

"The correct bean to over-ride for NTLM LDAP etc is now "authenticationComponent". See the sample files which have been updated to reflect this."

Where are these sample files that have been updated. In a clean install downloaded yesterday the sample files still contain the wrong bean reference.

aznk · ‎02-28-2007

in the <TOMCAT_HOME>/shared/classes/alfresco/extension directory.
here you can see that bean id="authenticationComponent" replaced the bean id="authenticationComponentImpl" (previous versions in alfresco)

luker0 · ‎03-01-2007

in the <TOMCAT_HOME>/shared/classes/alfresco/extension directory.
here you can see that bean id="authenticationComponent" replaced the bean id="authenticationComponentImpl" (previous versions in alfresco)

Ok well the 2.0 version I downloaded on Feb 23 does not have updated sample files. I download a new one and see.

BTW I am using the AlfrescoCommunity-2.0-Linux-x86-Install files.

andy · ‎03-07-2007

Hi

Apologies, the config examples were updated after 2.0 community final.

When I last tested this I used the following config with variations:

alfresco\extension\ntlm-authentication-context.xml


<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>

<beans>

    <bean id="authenticationDao" class="org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticationDao" />

    <!– The authentication component.                                      –>

    <!– Use the passthru authentication component to authenticate using    –>
    <!– user accounts on one or more Windows servers.                      –>
    
    <!– Properties that specify the server(s) to use for passthru          –>
    <!– authentication :-                                                  –>
    <!–   useLocalServer   use the local server for authentication         –>
    <!–   domain           use domain controllers from the specified domain–>
    <!–   servers          comma delimted list of server addresses or      –>
    <!–                    names                                           –>
       
    <bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl">
        ……. various options
        <property name="personService">
            <ref bean="personService" />
        </property>
        <property name="nodeService">
            <ref bean="nodeService" />
        </property>
        <property name="guestAccess">
            <value>…..</value>
        </property>
    </bean>
    
</beans>
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

alfresco\extension\file-servers-custom.xml


<alfresco-config area="file-servers">

   <!– To override the default Alfresco filesystem use replace="true", to –>
   <!– add additional filesystems remove the replace="true" attribute     –>
   
   <config evaluator="string-compare" condition="Filesystems" replace="true">

      <filesystems>
      
          <!– Default share –>
         <filesystem name="Alfresco">
   
            <store>workspace://SpacesStore</store>
            <rootPath>/app:company_home</rootPath>
   
            <!– Enable Web client launch shortcut in all folders –>
            <urlFile>
   
               <!– Change the filename as required, keeping the .url extension –>
               <filename>_Alfresco.url</filename>
   
               <!– Change 'localhost' to the name or IP of the Alfresco server –>
               <webpath>http://localhost:8080/alfresco/</webpath>
   
            </urlFile>
   
         </filesystem>
      </filesystems>
      
   </config>

   <!– Allow guest access to file systems –>
   <config evaluator="string-compare" condition="Filesystem Security" replace="true">

      <authenticator type="alfresco">
         …..
      </authenticator>

   </config>

</alfresco-config>


‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Make sure you can not find this file (file-servers-custom.xml) any where else on the class path - it should be in extensions and not in the expanded web inf directory for example.

If you have trouble you can specify an alternate file location by replacing the fileServersConfigSource bean - normally in alfresco\network-protocol-context.xml.

The CIFS configuration needs to match the aurthentication config


Auth                                     CIFS
——                                     —–

Alfresco                                alfrecso
   "                                    enterprise
NTLM                                    alfresco   
LDAP                                    passthru
JAAS/Kerberos                           passthru
*                                       enterprise+kerberos
‍‍‍‍‍‍‍‍‍‍‍

You can use LDAP to load users for any of these except alfresco auth.

Make sure you have a guest user if you have guest access.

Do not clear out users when importing people via LDAP.

Issues can arise from the AD configuration, firewalls etc. We can not really support setting up and fixing all these combinations via the forums.

If this does not sort out your problem then you may beed more specific support.

Cheers

Andy

hsantander · ‎03-08-2007

Andy, thanks for the configuration files, but they are almost the same than mine.

The problem with NTLM authentication has nothing to do with a particular AD configuration in the system I'm using. Remenber that it works on 1.4.0 with the problem documented in the bug about lower cases users, but even with the bug the NTLM authentication works OK. This discard any problem with AD configuration, or Firewall, etc. In my opinion that points to the Alfresco 2.0 NTLM beans related with NTLM authentication.

The error I get is about a problem with this configuration (NTLM authentication) on Alfresco 2.0. The CIFS works perfectly and authenticates whithout problems. The error messages are:


09:34:02,102 DEBUG [app.servlet.NTLMAuthenticationFilter] Sending NTLM type2 to client - [Type2:0x201,Target:HSANTANDER_A,Ch:2c5745ba67743d95]
09:34:02,122 DEBUG [app.servlet.NTLMAuthenticationFilter] Received type3 [Type3:,LM:<Null>,NTLM:601c60d1cf13443514bc6ae8e104c191abad29b083d3ad25,Dom:HSANTANDER_A,User:sbh000,Wks:]
09:34:02,181 ERROR [[localhost].[/alfresco].[Faces Servlet]] Servlet.service() para servlet Faces Servlet lanzÃ³ excepciÃ³norg.alfresco.error.AlfrescoRuntimeException: Transaction must be active and synchronization is required
        at org.alfresco.repo.transaction.AlfrescoTransactionSupport.registerSynchronizations(AlfrescoTransactionSupport.java:371)
        at org.alfresco.repo.transaction.AlfrescoTransactionSupport.getSynchronization(AlfrescoTransactionSupport.java:356)
        at org.alfresco.repo.transaction.AlfrescoTransactionSupport.bindDaoService(AlfrescoTransactionSupport.java:210)
        at org.alfresco.repo.transaction.TransactionalDaoInterceptor.invoke(TransactionalDaoInterceptor.java:66)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:170)
        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:176)
        at $Proxy1.getNode(Unknown Source)
        at org.alfresco.repo.node.db.DbNodeServiceImpl.exists(DbNodeServiceImpl.java:160)
        at sun.reflect.GeneratedMethodAccessor138.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:585)
        at org.alfresco.repo.service.StoreRedirectorProxyFactory$RedirectorInvocationHandler.invoke(StoreRedirectorProxyFactory.java:221)
        at $Proxy2.exists(Unknown Source)
        at sun.reflect.GeneratedMethodAccessor138.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:585)
        at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:335)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:181)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:148)
        at org.alfresco.repo.node.MLPropertyInterceptor.invoke(MLPropertyInterceptor.java:227)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:170)
        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:176)
        at $Proxy3.exists(Unknown Source)
        at org.alfresco.repo.security.person.PersonServiceImpl.getPersonOrNull(PersonServiceImpl.java:202)
        at org.alfresco.repo.security.person.PersonServiceImpl.getPerson(PersonServiceImpl.java:155)
        at org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.authenticatePassthru(NTLMAuthenticationComponentImpl.java:840)
        at org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.authenticate(NTLMAuthenticationComponentImpl.java:521)
        at org.alfresco.web.app.servlet.NTLMAuthenticationFilter.processType3(NTLMAuthenticationFilter.java:727)
        at org.alfresco.web.app.servlet.NTLMAuthenticationFilter.doFilter(NTLMAuthenticationFilter.java:400)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
        at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
        at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
        at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
        at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
        at java.lang.Thread.run(Thread.java:595)
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

As you said the Alfresco 2.0 release for downloading has configuration files that are not correct and you just post the good ones. Maybe some of the java classes are not working properly. Do you know if NTLMAuthenticationComponentImpl has changed in the same way the authenticationComponentImpl? It seems the problem is with this bean.

Thanks

Hyland Connect

NTLM configuration problem with WCM2.0preview