Hyland Connect

lgr · ‎02-06-2007

Hi,

With the old versions of Alfresco, adding these lines in shared/file-servers-custom.xml worked.

   
   <config evaluator="string-compare" condition="Filesystem Security" replace="true">
       <authenticator type="passthru">
          <Server>192.168.0.1</Server>
       </authenticator>
   </config>‍‍‍‍‍‍

Since v2.0 preview, i've got an error under windows 2k3 FR:

14:03:52,828 ERROR [alfresco.smb.protocol] CIFS server configuration error, Wrong authentication setup for passthru authenticator (can only be used with LDAP/JAAS auth component)
org.alfresco.error.AlfrescoRuntimeException: Wrong authentication setup for passthru authenticator (can only be used with LDAP/JAAS auth component)
        at org.alfresco.filesys.server.config.ServerConfiguration.processSecurit
yConfig(ServerConfiguration.java:2247)
        at org.alfresco.filesys.server.config.ServerConfiguration.init(ServerCon
figuration.java:626)
        at org.alfresco.filesys.server.config.ServerConfiguration.onBootstrap(Se
rverConfiguration.java:3985)‍‍‍‍‍‍‍‍

I haven't found any change documented since v1.4 in the forum, documentation (wiki), nor the jira issues.

Is there a bug or something i did not notice ?

Laurent.

hsantander · ‎02-06-2007

Hi
I have problems with NTLM and CIFS authentication on Alfresco 2.0 preview too. They are detailed at http://forums.alfresco.com/viewtopic.php?t=5040, but haven't news from Alfresco engineers for several days.
What are your ntlm-authentication-context.xml, ldap-authentication-context.xml, authentication-services-context.xml and file-servers.xml configuration files?

Thanks

hazzanz · ‎02-06-2007

I also get the Null Pointer exception EXCEPT when debug is enabled. In which case it works just fine!

That should make it fun to debug……

lgr · ‎02-07-2007

Yes, i've browsed all posts related to ntlm and cifs, including yours.
My configuration files are the default one, with a few modifications :

In /opt/alfresco/tomcat/webapps/alfresco/WEB-INF/web.xml, comment of:

<filter-class>org.alfresco.web.app.servlet.AuthenticationFilter</filter-class>‍

In the same file, uncomment of:

<filter-class>org.alfresco.web.app.servlet.NTLMAuthenticationFilter</filter-class>
‍‍

   <filter-mapping>
        <filter-name>Authentication Filter</filter-name>
        <url-pattern>/navigate/*</url-pattern>
     </filter-mapping>‍‍‍‍

Rename of /opt/alfresco/tomcat/shared/classes/alfresco/extension/ntlm-authentication-context.xml.sample
in
/opt/alfresco/tomcat/shared/classes/alfresco/extension/ntlm-authentication-context.xml

And replace in /opt/alfresco/tomcat/shared/classes/alfresco/extension/ntlm-authentication-context.xml
of:

        <property name="useLocalServer">
            <value>true</value>
        </property>‍‍‍

by

        <property name="servers">
            <value>192.168.2.2</value>
        </property>‍‍‍

I've done some other changes in other files, that shouldn't have any impact on ntlm authentication (like defining a windows domain in CIFS or adding administrative rights to a specific user).

But none of these modifications does make Alfresco bug.

An error is generated only by adding the passthru authenticator (as specified in my previous post).

If i remove this passthru definition, Alfresco behaves well.

Laurent.

hsantander · ‎02-07-2007

Hello again

First of all, I'm not sure if you use LDAP sync for users. Please tell me.

The difference between your web.xml and mine is that I uncommented all the references to NTLM and commented the previous deffinitions. Your way of modifying the web.xml now only gives me the second error:

org.alfresco.error.AlfrescoRuntimeException: Not implemented
 at org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticationDao.getMD4HashedPassword(NullMutableAuthenticationDao.java:293)
 at org.alfresco.repo.security.authentication.AuthenticationComponentImpl.getMD4HashedPassword(AuthenticationComponentImpl.java:99)
 at org.alfresco.web.app.servlet.NTLMAuthenticationFilter.processType3(NTLMAuthenticationFilter.java:658)
 at org.alfresco.web.app.servlet.NTLMAuthenticationFilter.doFilter(NTLMAuthenticationFilter.java:392)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
 at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
 at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
 at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
 at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
 at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
 at java.lang.Thread.run(Thread.java:595)‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Anyway, could you send me your configuration files on the extension configuration? (I supposed you didn't modifyed the original in the alfresco deplay) and I'll send you mine If you want to see the differences. I only configured in the extension directory:

custom-file-servers.xml
custom-ntlm-authentication-context.xml
custom-authentication-services-context.xml
custom-ldap-authentication-context.xml‍‍‍‍

Thanks

lgr · ‎02-07-2007

No, i only use ntlm authentication.

About config files, here is my file-servers-custom.xml :

<alfresco-config area="file-servers">

   <!– To override the default Alfresco filesystem use replace="true", to –>
   <!– add additional filesystems remove the replace="true" attribute     –>
   
   <config evaluator="string-compare" condition="Filesystem Security" replace="true">
       <authenticator type="passthru">
          <Server>192.168.2.2</Server>
       </authenticator>
   </config>

   <config evaluator="string-compare" condition="Filesystems" replace="true">
      <filesystems>

         <filesystem name="Alfresco">
            <store>workspace://SpacesStore</store>
            <rootPath>/app:company_home</rootPath>

            <!– Add a URL file to each folder that links back to the web client –>
            <urlFile>
               <filename>__Alfresco.url</filename>
               <webpath>http://${localname}/alfresco/</webpath>
            </urlFile>

            <!– Mark locked files as offline –>
            <offlineFiles/>

            <!– Desktop actions –>

            <desktopActions>
               <global>
                  <path>alfresco/desktop/Alfresco.exe</path>
                  <webpath>http://${localname}/alfresco/</webpath>
               </global>
               <action>
                  <class>org.alfresco.filesys.smb.server.repo.desk.CheckInOutDesktopAction</class>
                  <name>CheckInOut</name>
                  <filename>__CheckInOut.exe</filename>
               </action>
               <action>
                  <class>org.alfresco.filesys.smb.server.repo.desk.JavaScriptDesktopAction</class>
                  <name>JavaScriptURL</name>
                  <filename>__ShowDetails.exe</filename>
                  <script>alfresco/desktop/showDetails.js</script>
                  <attributes>anyFiles</attributes>
                  <preprocess>copyToTarget</preprocess>
               </action>

            </desktopActions>

<!–
            <accessControl default="Write">
               <user name="admin" access="Write"/>
               <address subnet="90.1.0.0" mask="255.255.0.0" access="Write"/>
            </accessControl>
–>
         </filesystem>
      </filesystems>
   </config>

</alfresco-config>
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

My ntlm-authentication-context.xml :

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>

<beans>
    <bean id="authenticationDao" class="org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticationDao" />

    <bean id="authenticationComponentImpl" class="org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl">
        <property name="servers">
            <value>192.168.2.2</value>
        </property>
        <property name="personService">
            <ref bean="personService" />
        </property>
        <property name="nodeService">
            <ref bean="nodeService" />
        </property>
        <property name="guestAccess">
            <value>false</value>
        </property>
    </bean>
    
</beans>
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

The two other don't exist in the shared folder, but are located in the web-inf/classes folder where they are unchanged since the first installation.

In fact, this is a rather simple installation, and i've used the same procedure since v1.0 at least. It did always work, except for this version. And my knowledge about java and beans is too tiny to diagnose anything. So, i'm embarrassed, and don't know what to think about that situation.

Anyway, i greatly thank you for your help,

Laurent.

hsantander · ‎02-07-2007

Hi Laurent

Thanks for your quick reply.

I have almost the same configuration the only difference is that I use ldap sync of users (but if I disable got the same error) and the custom-file-server.xml:

<alfresco-config area="file-servers">

   <!– To override the default Alfresco filesystem use replace="true", to –>
   <!– add additional filesystems remove the replace="true" attribute     –>

   <config evaluator="string-compare" condition="CIFS Server" replace="true">
      <host name="${localname}_A"/>
      <comment>Alfresco CIFS Server</comment>

      <!– Set to the broadcast mask for the subnet –>
      <broadcast>255.255.255.255</broadcast>

      <!– Use Java socket based NetBIOS over TCP/IP and native SMB on linux –>
      <tcpipSMB platforms="linux,solaris,macosx"/>
      <netBIOSSMB platforms="linux,solaris,macosx"/>
      <hostAnnounce interval="5"/>

      <!– Use Win32 NetBIOS interface on Windows –>
      <Win32NetBIOS/>
      <Win32Announce interval="5"/>

      <WINS>
         <primary>10.226.128.46</primary>
      </WINS>

      <sessionDebug flags="Negotiate,Socket"/>
   </config>
   <config evaluator="string-compare" condition="Filesystems" replace="true">
      <filesystems>

         <filesystem name="Alfresco">
            <store>workspace://SpacesStore</store>
            <rootPath>/app:company_home</rootPath>

            <!– Add a URL file to each folder that links back to the web client –>
            <urlFile>
               <filename>__Alfresco.url</filename>
               <webpath>http://${localname}:8080/alfresco/</webpath>
            </urlFile>

            <!– Mark locked files as offline –>
            <offlineFiles/>
         </filesystem>
      </filesystems>
   </config>

   <config evaluator="string-compare" condition="Filesystem Security" replace="true">
        <authenticator type="passthru">
                <Server>10.226.128.113</Server>
                <Domain>MYDOMAIN</Domain>
        </authenticator>
   </config>
</alfresco-config>

‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

As you can see the only difference is that I include the configuration for CIFS Server at the begining.

It's quite embarrasing that the configuration that works on 1.4 doesn't on 2.0preview. Maybe this will be solved on 2.0 final. Maybe Alfresco engineers could tell us something about it, even just "We are working on it".

Anyway Laurent, it's a weird thing that we got different erros with almost the same configuration.

Hugo

Thanks, again

andy · ‎02-07-2007

Hi

We removed some transactional wrappers that were not required.
I think this is a Spring config issue from this.

The authenticationComponentImpl bean is now deprecated; you should now be replacing the definition for the bean authenticationComponent. It looks like the alias for this is not doing what we expected in this case and finding the default bean from the alias.

I will be checking through this stuff again.

Regards

Andy

hsantander · ‎02-07-2007

Hi Andy

Good news have news from you.

If I understand what you say I have to change authenticationComponent where is authenticationComponentImpl. I made those changes and I got another error:

17:13:51,406 DEBUG [web.app.ContextListener] HTTP session created: 21192A55E2C1EFD9B5D7830B2A2F508A
17:13:51,453 DEBUG [app.servlet.NTLMAuthenticationFilter] New NTLM auth request from 10.226.138.237 (10.226.138.237:55652)
17:13:58,565 DEBUG [app.servlet.NTLMAuthenticationFilter] Received type1 [Type1:0x205,Domain:<NotSet>,Wks:<NotSet>]
17:13:58,566 DEBUG [smb.protocol.auth] Open authenticate session to [sfha00n2.ceh.junta-andalucia.es:10.226.128.113:Online:0,0]
17:13:58,567 DEBUG [smb.protocol.auth] New auth session from hsantander.ceh.junta-andalucia.es_2 to \\10.226.128.113\IPC$\
17:13:58,571 DEBUG [smb.protocol.auth] Trying address 10.226.128.113
17:13:58,608 DEBUG [smb.protocol.auth] Connected to address 10.226.128.113
17:13:58,608 DEBUG [smb.protocol.auth] Connected session, protocol : TCP/IP NetBIOS
17:13:58,612 DEBUG [smb.protocol.auth] SessionFactory: Negotiated SMB dialect NT LM 0.12
17:13:58,689 DEBUG [app.servlet.NTLMAuthenticationFilter] Sending NTLM type2 to client - [Type2:0x201,Target:HSANTANDER_A,Ch:00312106fb66aef3]
17:13:58,752 DEBUG [app.servlet.NTLMAuthenticationFilter] Received type3 [Type3:,LM:<Null>,NTLM:c3b3be67683a053ca50559e5d839e43915acc6b94e42ae50,Dom:HSANTANDER_A,User:hugo,Wks:]
17:13:58,776 ERROR [[localhost].[/alfresco].[Faces Servlet]] Servlet.service() para servlet Faces Servlet lanzÃ³ excepciÃ³n
org.alfresco.error.AlfrescoRuntimeException: Transaction must be active and synchronization is required
        at org.alfresco.repo.transaction.AlfrescoTransactionSupport.registerSynchronizations(AlfrescoTransactionSupport.java:363)
        at org.alfresco.repo.transaction.AlfrescoTransactionSupport.getSynchronization(AlfrescoTransactionSupport.java:348)
        at org.alfresco.repo.transaction.AlfrescoTransactionSupport.bindDaoService(AlfrescoTransactionSupport.java:202)
        at org.alfresco.repo.transaction.TransactionalDaoInterceptor.invoke(TransactionalDaoInterceptor.java:58)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:170)
        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:176)
        at $Proxy3.getNode(Unknown Source)
        at org.alfresco.repo.node.db.DbNodeServiceImpl.exists(DbNodeServiceImpl.java:152)
        at sun.reflect.GeneratedMethodAccessor137.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:585)
        at org.alfresco.repo.service.StoreRedirectorProxyFactory$RedirectorInvocationHandler.invoke(StoreRedirectorProxyFactory.java:213)
        at $Proxy4.exists(Unknown Source)
        at sun.reflect.GeneratedMethodAccessor137.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:585)
        at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:335)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:181)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:148)
        at org.alfresco.repo.node.MLPropertyInterceptor.invoke(MLPropertyInterceptor.java:111)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:170)
        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:176)
        at $Proxy5.exists(Unknown Source)
        at org.alfresco.repo.security.person.PersonServiceImpl.getPersonOrNull(PersonServiceImpl.java:194)
        at org.alfresco.repo.security.person.PersonServiceImpl.getPerson(PersonServiceImpl.java:147)
        at org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.authenticatePassthru(NTLMAuthenticationComponentImpl.java:832)
        at org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.authenticate(NTLMAuthenticationComponentImpl.java:513)
        at org.alfresco.web.app.servlet.NTLMAuthenticationFilter.processType3(NTLMAuthenticationFilter.java:719)
        at org.alfresco.web.app.servlet.NTLMAuthenticationFilter.doFilter(NTLMAuthenticationFilter.java:392)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
        at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
        at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
        at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
        at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
        at java.lang.Thread.run(Thread.java:595)
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

The configuration files I have changed with references to authenticationComponentImpl are:

custom-authority-services-context.xml
custom-ldap-authentication-context.xml
custom-ntlm-authentication-context.xml
‍‍‍‍

I read the forum and discover a topic with the same error http://forums.alfresco.com/viewtopic.php?t=4970. You said it's a bug http://issues.alfresco.com/browse/AR-1183, maybe this bug not only affect FTP and affects CIFS and NTLM authentication. Could be the same bug masked with the alias problem?

Thanks for your reply andy

Hugo

hazzanz · ‎02-11-2007

As already mentioned I have a working config with LDAP for the web client and NTLM for CIFS on 2.0preview provided debug is enabled for cifs auth otherwise I see similar errors to you guys. ie

log4j.logger.org.alfresco.smb.protocol.auth=debug

in log4j.properties. It would be interesting if you could give it a try…

Cheers

Hyland Connect

NTLM configuration problem with WCM2.0preview