Bonjour tout le monde,
J'ai quelque soucis avec la configuration d'alfresco. J'ai configuré alfresco pour qu'il s'authentifie avec l'Active Directory. L'authentification fonctionne très bien par contre j'ai un problème avec cifs.
Les répertoires personnel se crée de façon aléatoire j'ai l'impression. Pour mon login il est présent et j'y est accès en ouvrant directement le lien du chemin réseau via l'interface. Pour d'autre, il est existant via l'interface web mais lorsque je veux le voir grave au partage réseau ou en ouvrant le chemin en web, le répertoire n'existe pas.
De plus dans les log je me connecte avec le user "alfresco" par exemple et il essaye d'ouvrir le partage CIFS avec un autre user… je ne comprends pas trop la 😕
Voici les différents élément de configuration :
- Serveur Debian
- Alfresco 3c Labs
- Seveur Active Directory
fichier ldap-authentication.properties
fichier ldap-synchronisation.properties
fichier ntlm-authentication-context.xml
fichier file-servers.xml
Fichier alfresco.log
Image de l'erreur
http://www.easy-upload.net/fichiers/Image_6.200926161637.jpg
Merci d'avance pour votre aide
J'ai quelque soucis avec la configuration d'alfresco. J'ai configuré alfresco pour qu'il s'authentifie avec l'Active Directory. L'authentification fonctionne très bien par contre j'ai un problème avec cifs.
Les répertoires personnel se crée de façon aléatoire j'ai l'impression. Pour mon login il est présent et j'y est accès en ouvrant directement le lien du chemin réseau via l'interface. Pour d'autre, il est existant via l'interface web mais lorsque je veux le voir grave au partage réseau ou en ouvrant le chemin en web, le répertoire n'existe pas.
De plus dans les log je me connecte avec le user "alfresco" par exemple et il essaye d'ouvrir le partage CIFS avec un autre user… je ne comprends pas trop la 😕
Voici les différents élément de configuration :
- Serveur Debian
- Alfresco 3c Labs
- Seveur Active Directory
fichier ldap-authentication.properties
# This properties file brings together the common options for LDAP authentication rather than editing the bean definitions
#
ldap.authentication.userNameFormat=%s
# The LDAP context factory to use
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
# The URL to connect to the LDAP server
ldap.authentication.java.naming.provider.url=ldap://ad.mondomaine.com:389
# The authentication mechanism to use
ldap.authentication.java.naming.security.authentication=simple
# The default principal to use (only used for LDAP sync)
ldap.authentication.java.naming.security.principal=alfresco
# The password for the default principal (only used for LDAP sync)
ldap.authentication.java.naming.security.credentials=alfresco
# Escape commas entered by the user at bind time
# Useful when using simple authentication and the CN is part of the DN and contains commas
ldap.authentication.escapeCommasInBind=false
# Escape commas entered by the user when setting the authenticated user
# Useful when using simple authentication and the CN is part of the DN and contains commas, and the escaped \, is
# pulled in as part of an LDAP sync
# If this option is set to true it will break the default home folder provider as space names can not contain \
ldap.authentication.escapeCommasInUid=false
~
fichier ldap-synchronisation.properties
#
# This properties file is used to configure LDAP syncronisation
#
# The query to find the people to import
ldap.synchronisation.personQuery=(objectclass=inetOrgPerson)
# The search base of the query to find people to import
ldap.synchronisation.personSearchBase=dc=starlog,dc=com
# The attribute name on people objects found in LDAP to use as the uid in Alfresco
ldap.synchronisation.userIdAttributeName=sAMAccountName
# The attribute on person objects in LDAP to map to the first name property in Alfresco
ldap.synchronisation.userFirstNameAttributeName=givenName
# The attribute on person objects in LDAP to map to the last name property in Alfresco
ldap.synchronisation.userLastNameAttributeName=name
# The attribute on person objects in LDAP to map to the email property in Alfresco
ldap.synchronisation.userEmailAttributeName=mail
# The attribute on person objects in LDAP to map to the organizational id property in Alfresco
ldap.synchronisation.userOrganizationalIdAttributeName=o
# The default home folder provider to use for people created via LDAP import
ldap.synchronisation.defaultHomeFolderProvider=personalHomeFolderProvider
# The query to find group objects
ldap.synchronisation.groupQuery=(objectclass=groupOfNames)
# The search base to use to find group objects
ldap.synchronisation.groupSearchBase=dc=mondomaine,dc=com
# The attribute on LDAP group objects to map to the gid property in Alfrecso
ldap.synchronisation.groupIdAttributeName=cn
# The group type in LDAP
ldap.synchronisation.groupType=group
# The person type in LDAP
ldap.synchronisation.personType=user
# The attribute in LDAP on group objects that defines the DN for its members
ldap.synchronisation.groupMemberAttributeName=member
# The cron expression defining when people imports should take place
ldap.synchronisation.import.person.cron=0 0 * * * ?
# The cron expression defining when group imports should take place
ldap.synchronisation.import.group.cron=0 30 * * * ?
# Should all groups be cleared out at import time?
# - this is safe as groups are not used in Alfresco for other things (unlike person objects which you should never clear out during an import)
# - setting this to true means old group definitions will be tidied up.
ldap.synchronisation.import.group.clearAllChildren=true
fichier ntlm-authentication-context.xml
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
<bean id="authenticationDao" class="org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao" >
<property name="allowSetEnabled" value="true" />
<property name="allowGetEnabled" value="true" />
<property name="allowDeleteUser" value="true" />
<property name="allowCreateUser" value="true" />
</bean>
<!– The authentication component. –>
<!– Use the passthru authentication component to authenticate using –>
<!– user accounts on one or more Windows servers. –>
<!– Properties that specify the server(s) to use for passthru –>
<!– authentication :- –>
<!– useLocalServer use the local server for authentication –>
<!– domain use domain controllers from the specified domain–>
<!– servers comma delimted list of server addresses or –>
<!– names –>
<bean id="authenticationComponent"
class="org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl"
parent="authenticationComponentBase">
<property name="servers">
<value>monserveurAD</value>
</property>
<property name="personService">
<ref bean="personService" />
</property>
<property name="nodeService">
<ref bean="nodeService" />
</property>
<property name="transactionService">
<ref bean="transactionComponent" />
</property>
<property name="guestAccess">
<value>false</value>
</property>
</bean>
</beans>
fichier file-servers.xml
<alfresco-config area="file-servers">
<config evaluator="string-compare" condition="CIFS Server">
<serverEnable enabled="true"/>
<host name="ALFRESCO" domain="STARLOG"/>
<comment>Alfresco CIFS Server</comment>
<!– Set to the broadcast mask for the subnet –>
<broadcast>${cifs.broadcast}</broadcast>
<!– Use Java socket based NetBIOS over TCP/IP and native SMB on linux –>
<tcpipSMB platforms="linux,solaris,macosx"/>
<netBIOSSMB platforms="linux,solaris,macosx"/>
<!– Can be mapped to non-privileged ports, then use firewall rules to forward
requests from the standard ports –>
<!–
<tcpipSMB port="1445" platforms="linux,solaris,macosx"/>
<netBIOSSMB sessionPort="1139" namePort="1137" datagramPort="1138" platforms="linux,solaris,macosx"/>
–>
<hostAnnounce interval="5"/>
<!– Use Win32 NetBIOS interface on Windows –>
<Win32NetBIOS/>
<Win32Announce interval="5"/>
<!– CIFS authentication –>
<authenticator type="alfresco">
#<Server>192.168.2.254</Server>
</authenticator>
<!–
<WINS>
<primary>1.2.3.4</primary>
<secondary>5.6.7.8</secondary>
</WINS>
–>
<sessionDebug flags="Negotiate,Socket"/>
</config>
<config evaluator="string-compare" condition="FTP Server">
<serverEnable enabled="true"/>
<!– Run on a non-privileged port –>
<!–
<port>1121</port>
–>
<!– FTP authentication –>
<authenticator type="alfresco"/>
<!– <debug flags="File,Search,Error,Directory,Info,DataPort"/> –>
</config>
<config evaluator="string-compare" condition="NFS Server">
<serverEnable enabled="false"/>
</config>
<config evaluator="string-compare" condition="Filesystems">
<filesystems>
<!– Alfresco repository access shared filesystem –>
<filesystem name="Alfresco">
<store>workspace://SpacesStore</store>
<rootPath>/app:company_home</rootPath>
<!– Add a URL file to each folder that links back to the web client –>
<urlFile>
<filename>__AlfrescoClient.url</filename>
<webpath>http://${localname}:8080/alfresco/</webpath>
</urlFile>
<!– Mark locked files as offline –>
<offlineFiles/>
<!– Desktop actions –>
<!– Uses a client-side application to trigger a server-side action –>
<!– Echo - displays a message echoed from the server –>
<!– URL - launches a URL via the Windows shell –>
<!– CmdLine - launches the Notepad application –>
<!– CheckInOut - checks files in/out, drag and drop files onto the application –>
<!– JavaScript - run a server-side script –>
<!– JavaScriptURL - server-side script that generates a URL to the folder using a ticket –>
<!– to avoid having to logon –>
<!–
<desktopActions>
<global>
<path>alfresco/desktop/Alfresco.exe</path>
<webpath>http://${localname}:8080/alfresco/</webpath>
</global>
<action>
<class>org.alfresco.filesys.repo.desk.EchoDesktopAction</class>
<name>Echo</name>
<filename>__AlfrescoEcho.exe</filename>
</action>
<action>
<class>org.alfresco.filesys.repo.desk.URLDesktopAction</class>
<name>URL</name>
<filename>__AlfrescoURL.exe</filename>
</action>
<action>
<class>org.alfresco.filesys.repo.desk.URLDesktopAction</class>
<name>URL</name>
<filename>__AlfrescoURL.exe</filename>
</action>
<action>
<class>org.alfresco.filesys.repo.desk.CmdLineDesktopAction</class>
<name>CmdLine</name>
<filename>__AlfrescoCmd.exe</filename>
</action>
<action>
<class>org.alfresco.filesys.repo.desk.CheckInOutDesktopAction</class>
<name>CheckInOut</name>
<filename>__AlfrescoCheckInOut.exe</filename>
</action>
<action>
<class>org.alfresco.filesys.repo.desk.JavaScriptDesktopAction</class>
<name>JavaScript</name>
<filename>__AlfrescoScript.exe</filename>
<script>alfresco/desktop/dumpRequest.js</script>
<attributes>anyFiles, multiplePaths , allowNoParams</attributes>
<preprocess>confirm, copyToTarget</preprocess>
</action>
<action>
<class>org.alfresco.filesys.repo.desk.JavaScriptDesktopAction</class>
<name>JavaScriptURL</name>
<filename>__AlfrescoDetails.exe</filename>
<script>alfresco/desktop/showDetails.js</script>
<attributes>anyFiles</attributes>
<preprocess>copyToTarget</preprocess>
</action>
</desktopActions>
–>
<!–
<accessControl default="Write">
<user name="admin" access="Write"/>
<address subnet="90.1.0.0" mask="255.255.0.0" access="Write"/>
</accessControl>
–>
</filesystem>
<!– AVM virtualization view of all stores/versions for WCM –>
<!– virtual view can be any of the following: normal, site, staging, author, preview –>
<avmfilesystem name="AVM">
<virtualView stores="site,staging,author" />
</avmfilesystem>
</filesystems>
</config>
<config evaluator="string-compare" condition="Filesystem Security">
<!– Domain mappings used for passthri authentication routing –>
<!–
<DomainMappings>
<Domain name="ALFRESCO" subnet="192.168.1.0" mask="192.168.1.255"/>
</DomainMappings>
–>
<!– Custom share mapper when multi-tenancy is enabled –>
<!–
<shareMapper type="multi-tenant">
<debug/>
</shareMapper>
–>
<!–
<globalAccessControl default="None">
<user name="admin" access="Write"/>
<address ip="90.1.0.90" access="Write"/>
</globalAccessControl>
–>
</config>
</alfresco-config>
Fichier alfresco.log
11:10:20,044 INFO [org.alfresco.repo.domain.schema.SchemaBootstrap] No changes were made to the schema.
11:10:30,712 INFO [org.alfresco.repo.admin.ConfigurationChecker] The Alfresco root data directory ('dir.root') is: /opt/Alfresco/alf_data
11:10:30,954 INFO [org.alfresco.repo.admin.patch.PatchExecuter] Checking for patches to apply …
11:10:31,475 INFO [org.alfresco.repo.admin.patch.PatchExecuter] No patches were required.
11:10:31,617 INFO [org.alfresco.repo.module.ModuleServiceImpl] Found 0 module(s).
11:10:31,782 DEBUG [org.alfresco.smb.protocol] Added desktop action CheckInOut
11:10:31,794 DEBUG [org.alfresco.smb.protocol] Added desktop action JavaScriptURL
11:10:31,893 INFO [org.alfresco.smb.protocol] CIFS server started
11:10:31,920 INFO [org.alfresco.smb.protocol] FTP server started
11:10:31,921 INFO [org.alfresco.smb.protocol] NFS server NOT started
11:10:32,212 WARN [org.alfresco.util.OpenOfficeConnectionTester] An initial OpenOffice connection could not be established.
11:10:32,530 INFO [org.alfresco.service.descriptor.DescriptorService] Alfresco JVM - v1.6.0_11-b03; maximum heap size 506.313MB
11:10:32,532 INFO [org.alfresco.service.descriptor.DescriptorService] Alfresco started (Labs): Current version 3.0.0 (Stable 1526) schema 1002 - Installed version 3.0.0 (Stable 1526) schema 1002
11:11:20,562 INFO [org.alfresco.web.site.FrameworkHelper] Successfully Initialized Web Framework
11:12:26,972 DEBUG [org.alfresco.passthru.auth] Authenticate user=alfresco via local credentials
11:12:26,973 DEBUG [org.alfresco.passthru.auth] Authenticate org.alfresco.repo.security.authentication.ntlm.NTLMLocalToken@3929c7: Username: alfresco; Password: [PROTECTED]; Authenticated: false; Details: null; Not granted any authorities via token
11:12:27,875 DEBUG [org.alfresco.passthru.auth] Authenticated token=org.alfresco.repo.security.authentication.ntlm.NTLMLocalToken@3929c7: Username: alfresco; Password: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_AUTHENTICATED
11:12:41,170 DEBUG [org.alfresco.passthru.auth] Authenticate org.alfresco.repo.security.authentication.ntlm.NTLMPassthruToken@1aaa484: Username: null; Password: [PROTECTED]; Authenticated: false; Details: null; Not granted any authorities via token
11:12:41,405 DEBUG [org.alfresco.passthru.auth] Passthru stage 1 token org.alfresco.repo.security.authentication.ntlm.NTLMPassthruToken@1aaa484: Username: null; Password: [PROTECTED]; Authenticated: false; Details: mondomaine\AD,TCP/IP NetBIOS; Not granted any authorities
11:12:41,415 DEBUG [org.alfresco.smb.protocol.auth] Null CIFS logon allowed
11:12:41,443 DEBUG [org.alfresco.passthru.auth] Authenticate org.alfresco.repo.security.authentication.ntlm.NTLMPassthruToken@1aaa484: Username: cd; Password: [PROTECTED]; Authenticated: false; Details: mondomaine\AD,TCP/IP NetBIOS; Not granted any authorities via token
11:12:41,552 DEBUG [org.alfresco.smb.protocol.auth] Auth token net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@15db116: Username: net.sf.acegisecurity.providers.dao.User@154d4a: Username: cd; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_AUTHENTICATED; Password: [PROTECTED]; Authenticated: true; Details: net.sf.acegisecurity.providers.dao.User@154d4a: Username: cd; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_AUTHENTICATED; Granted Authorities: ROLE_AUTHENTICATED
11:12:41,555 DEBUG [org.alfresco.smb.protocol.auth] Authenticated user cdsts=Allow via Passthru
Image de l'erreur
http://www.easy-upload.net/fichiers/Image_6.200926161637.jpg
Merci d'avance pour votre aide
Effectivement, les infos de Nicolas m'ont permis ed régler mon problème CIFS de la version 3.0. 
Alors que CIFS fonctionnait bien avec un poste XP, je n'arrivai pas à me connecter avec mon poste en Vista.
Pour que cela fonctionne, j'ai dû arrêter le partage windows sur mon serveur windows Alfresco.
En effet, celui-ci assurait des partages via son propre nom et aussi via le nom crée par le serveur CIFS d'Alfresco.
J'ai dû arréter le premier en allant sur les propriétés IP et en décochant la case "File and Printer Sharing for Microsoft Networks"
Après, tout fonctionne comme attendu !
Alors que CIFS fonctionnait bien avec un poste XP, je n'arrivai pas à me connecter avec mon poste en Vista.
Pour que cela fonctionne, j'ai dû arrêter le partage windows sur mon serveur windows Alfresco.
En effet, celui-ci assurait des partages via son propre nom et aussi via le nom crée par le serveur CIFS d'Alfresco.
J'ai dû arréter le premier en allant sur les propriétés IP et en décochant la case "File and Printer Sharing for Microsoft Networks"
Après, tout fonctionne comme attendu !
