Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Passthru Authentication on Ubuntu Server 12.04

theoribeiro
Champ in-the-making
Champ in-the-making

‎11-13-2012 12:01 AM

Hey everybody,

I'm having trouble setting up passthru authentication on my Ubuntu box. I'm using Alfresco Community 4.2a.

Passthru is not working, every time I try to login using a valid username and password I get an Invalid User Name/Password error both on /alfresco and /share.

Here is catalina.out:

 2012-11-13 03:00:46,334  DEBUG [alfresco.passthru.auth] [http-apr-8080-exec-8] Authenticate user=Administrator via local credentials
 2012-11-13 03:00:46,381  DEBUG [alfresco.passthru.auth] [http-apr-8080-exec-8] Authenticate org.alfresco.repo.security.authentication.ntlm.NTLMLocalToken@330fc66: Username: administrator; Password: [PROTECTED]; Authenticated: false; Details: null; Not granted any authorities via token

And that's it. This is everything I have from Alfresco. No errors, no nothing. The only thing I suspect that could be a problem is that it is saying that it's authenticating via local credentials. Googling for this error and checking out Alfresco's source code I found out that this object should be a NTLMPassthruToken, is this right? Maybe that's normal behaviour, I don't know because this is my first Alfresco experience.

And my auth settings on alfresco-global:

### Authentication ###
authentication.chain=alfrescoNtlm1:alfrescoNtlm,passthru1:passthru

ntlm.authentication.sso.enabled=false
ntlm.authentication.authenticateCIFS=false
passthru.authentication.allowGuestLogin=false

passthru.authentication.servers=MYDOMAIN\\10.0.0.124
passthru.authentication.domain=
passthru.authentication.useLocalServer=false
passthru.authentication.defaultAdministratorUserNames=Administrator
passthru.authentication.connectTimeout=5000
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=TCPIP,NETBIOS
passthru.authentication.authenticateCIFS=true
passthru.authentication.authenticateFTP=true

So, where am I going wrong here? What else could I check for misconfigurations or errors? Any other important logs I should be setting? I must be missing something, I don't know.

Any help will be much appreciated.

Best regards,

Theo
Labels:
0 Kudos
5 REPLIES 5

sasquatch58
Champ in-the-making
Champ in-the-making

‎11-13-2012 02:57 AM

There's a couple of good areas to look at for information.
http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems
and
http://docs.alfresco.com/4.0/index.jsp?topic=%2Fcom.alfresco.enterprise.doc%2Ftasks%2Fauth-subsystem...
These say pretty much the same thing - pass through authentication is not just an entry in Alfresco-global.properties.
How does your system line up with these?
Cheers, Sasquatch
0 Kudos

theoribeiro
Champ in-the-making
Champ in-the-making

‎11-13-2012 08:58 AM

Hi Sasquatch,

Thank you for your reply.

AFAIK passthru is an Authentication Subsystem used to pass all authentication requests directly to a Domain Controller using NTLM, which means the DC should support NTLM. All in all, the DC must be an Active Directory controller, am I right?
The thing is that my AD DC is not being reached by Alfresco. I have two different DCs here, on different networks, one AD running on Windows Server 2008 R2 and one Samba4 provisioned as an AD running on Ubuntu Server 12.04. I tried configuring passthru to reach both of them, without success. Watching the logs at both servers I can't see any signs of an authentication request coming from the Alfresco server.

Best regards,

Theo
0 Kudos

theoribeiro
Champ in-the-making
Champ in-the-making

‎11-13-2012 01:25 PM

I stand corrected, even though I cannot see authentications in any logs at our DC, by using TShark I was able to trace the SMB packets reaching with authentication information and all responses when the credentials are correct and when they are wrong.
This means that the DC is authenticating correctly, now I have to find out why isn't Alfresco accepting the authentication.
0 Kudos

theoribeiro
Champ in-the-making
Champ in-the-making

‎11-14-2012 10:01 AM

Smiley Surprisedops:
Remote Debugging my Alfresco instance I found out what I was doing wrong. As I was only using passthru in my authentication chain, my users were being authenticated by the DC but their corresponding users didn't exist in Alfresco! All because I forgot to set ldap synchronization! After setting it up correctly, login worked just fine.

For users with the same problem as me, remember: Passthru alone doesn't sync accounts, either you have to set ldap synchronization or create the corresponding accounts in Alfresco.
0 Kudos

jonvargas
Confirmed Champ
Confirmed Champ

‎11-16-2012 01:28 AM

I think something changed in this behaviour.

I am already using Passthru authentication on Alfresco 4.0.d and also Alfresco 4.1.1, and there is no need to create an account before or perform LDAP syncronization. The account seems to be created when the user logs in for the first time.

But when I use the same configuration with Alfresco 4.2.b, an account is required as you are pointing.

Is this behaviour by design on 4.2 branch?
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC