Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

NTLMv2?

paulweb
Champ in-the-making
Champ in-the-making

‎08-24-2009 06:15 AM

In alfresco-global.properties I have installed following chain
passthru1Smiley Tongueassthru, ldap1:ldap-ad
Has customised passthru and ldap-ad
Has as a result received automatic authentification in alfresco with ad
But it is all works if ntlmv1
How to make automatic authentification if are used ntlmv2?
In help pdf it is written that passthru does not support ntlmv2
For whom what ideas or solutions?

Whether there is a possibility to use ntlm_auth or pam?

  • I as have understood in AlfrescoNtlm the password is saved in the ciphered sort on a server of the such should not be
    • Labels:
    0 Kudos
    3 REPLIES 3

    dward
    Champ on-the-rise
    Champ on-the-rise

    ‎08-25-2009 06:00 AM

    NTLM v2 is designed to avoid man-in-the-middle attacks, so it's not possible to use pass through authentication.

    The alfrescoNtlm subsystem supports NTLM v2, but doesn't communicate with a Windows domain server. Instead, it has to store its own copy of your MD4 password hash, so you would have to create a user in Alfresco with the same username and password as your domain account.

    If none of this suits, you could always try Kerberos!
    0 Kudos

    paulweb
    Champ in-the-making
    Champ in-the-making

    ‎08-25-2009 06:42 PM

    We have customised through Kerberos and all works (Almost all Smiley Happy )

    but office addin 2003 when i try to authentication,does not wish to work
    in log 

    09:01:35,091  DEBUG [smb.protocol.auth] NT Session setup SPNEGO, MID=3896, UID=0, PID=65279
    09:01:35,091  DEBUG [smb.protocol.auth] Using Write transaction
    09:01:35,092  DEBUG [smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=967,Authenticator=EncType=3,Kvno=-1,Len=176]
    09:01:35,092  DEBUG [smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
    09:01:35,096  DEBUG [smb.protocol.auth] Using OID MS Kerberos5 for NegTokenTarg
    09:01:35,096  DEBUG [org.alfresco.fileserver] EncApRep bytes:
    09:01:35,096  DEBUG [org.alfresco.fileserver]     0 - 7b 23 30 21 a0 11 18 0f 32 30 30 39 30 38 32 35   - {#0! …20090825
    09:01:35,096  DEBUG [org.alfresco.fileserver]    16 - 32 32 30 31 33 35 5a a1 04 02 02 01 75 a3 06 02   - 220135Z¡….u£..
    09:01:35,096  DEBUG [org.alfresco.fileserver]    32 - 04 3d 3b 71 13 03 03 03   - .=;q….
    09:01:35,097  DEBUG [org.alfresco.fileserver] Re-encoded EncapRep bytes:
    09:01:35,097  DEBUG [org.alfresco.fileserver]     0 - 7b 38 30 36 a0 11 18 0f 32 30 30 39 30 38 32 35   - {806 …20090825
    09:01:35,097  DEBUG [org.alfresco.fileserver]    16 - 32 32 30 31 33 35 5a a1 04 02 02 01 75 a2 13 30   - 220135Z¡….u¢.0
    09:01:35,097  DEBUG [org.alfresco.fileserver]    32 - 11 a0 03 02 01 03 a1 0a 04 08 16 98 0d fe ce 7c   - . ….¡……þÎ|
    09:01:35,097  DEBUG [org.alfresco.fileserver]    48 - 52 ec a3 06 02 04 3d 3b 71 13   - R죅=;q.
    09:01:35,097  DEBUG [smb.protocol.auth] Created NegTokenTarg using updated AP-REP, added subkey
    09:01:35,097  DEBUG [smb.protocol.auth] Machine account logon, ITPROGVENG2$, as null logon
    09:01:35,098  DEBUG [smb.protocol.auth] Logged on using Kerberos, user ITPROGVENG2$
    09:01:35,098  DEBUG [smb.protocol.auth] Using Write transaction
    09:01:35,104 User:p.xxxxxxx DEBUG [webdav.auth.KerberosAuthenticationFilter] New Kerberos auth request from 10.1.0.80 (10.1.0.80:4648)
    09:01:35,109 User:p.xxxxxxx DEBUG [webdav.auth.KerberosAuthenticationFilter] New Kerberos auth request from 10.1.0.80 (10.1.0.80:4649)
    0 Kudos

    paulweb
    Champ in-the-making
    Champ in-the-making

    ‎08-27-2009 02:40 AM

    Ms office addine 2003 3.3 and kerberos
    code addin here
    http://svn.alfresco.com/repos/alfresco-open-mirror/alfresco/HEAD/root/projects/extensions/AlfrescoOf...
    Ms office addine 2003 do not work with kerberos if using webdav (I did not test on CIFS )
    because in
    WebDAVHelper.cs line 152  m_WebAuthenticationHeader = e.Response.Headers["WWW-Authenticate"];
    if using ntlm m_WebAuthenticationHeader="NTLM"
    if using kerberos m_WebAuthenticationHeader="Negotiate"
    line 45 function GetAuthenticationTicket
      if ((xmlResponse.InnerXml.Contains("<ntlm />")) || (m_WebAuthenticationHeader == "NTLM") )
    for testing i add following
    if ((xmlResponse.InnerXml.Contains("<ntlm />")) || (m_WebAuthenticationHeader == "NTLM") || (m_WebAuthenticationHeader == "Negotiate"))
    and addin earn, but when i have saved file, i have got error 501, but file have added to alfresco (chekin and checkout work normal)
    and still
    ThisAddIn.cs line 31 comment this  MessageBox.Show(m_DefaultTemplate, "m_DefaultTemplate"); else if you opened word, then you got message box.
    0 Kudos
    Getting started

    Tags

    Find what you came for

    We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

    Copyright © 2024 Khoros, LLC