Hyland Connect

aaroe · ‎11-26-2008

Hi there,

We're currently in the process of trying out Alfresco at my workplace to replace the small SharePoint we have going now which no one uses anyways.
I'm in the process of getting some basic configuration done to make it possible to let a few users lose on the thing and let them have their way with it and test it out. I'm managed to get an instance of AlfrescoLabs3 running on one of our Debian test servers and made check user credentials up against our ActiveDirectory. I'm currently trying to get the network share to work properly but it's not going as I'd like it to.

I had a look at the wiki and didn't really get much from that, so I tried to take what I could get and make the best use of it.

I copied the config block regarding CIFS from file-servers.xml and copied it into file-servers-custom.xml and changed the authentication block to:


<authenticator type="passthru">
    <Server>[b]DNS NAME OF OUR DOMAINCONTROLLER[/b]</Server>
</authenticator>
‍‍‍‍‍

I've assumed that the server told to link to on the wiki is our domain controller holding our ActiveDirectory with users. I then assumed that users should be able to log on to the share with the same AD credentials they use to log on to Alfresco with.

When trying to map the drive from one of our windows clients with \\10.0.1.20\alfresco (where 10.0.1.20 ofcourse is the ip of the server running Alfresco) I get prompted for username and logon but fail to login with my username and password. And yes, I've also tried with DOMAIN\username and so on. Nothing seems to work. I'd hoped that there would be some kind of debug information to follow in the /tomcat/logs/ dir but no errors seems to be triggered which leaves me a bit hopeless 😕

…and this is where you guys come into the picture. I'm hoping that someone out there might be able to help me out of this pinch. Any help is very much appreciated.

Thanks in advance
Christian Rasmussen

rxm307 · ‎12-01-2008

I'm having the same issue, NTLM passthru authentication works fine with the web interface, just not with CIFS.

aususer · ‎12-03-2008

I think you might be suffering the same problem that a few people are also having when configuring NTLM CIFS.. ie.. that we cannot get it to work.

symptom is:
You can use Passthru to authenticate your webfrontent without a problem.. however when you try to start|run|\\yoursever you will fail.
also trying a "net view \\<yourserver>" will come up with a "access is denied".

if you increase your error logging (/opt/Alfresco/tomcat/webapps/alfresco/WEB-INF/classes/log4j.properties and change the .smb and NTLM options to "debug), and restart alfresco - then look at the \opt\alfresco\tomcat\logs\catalina.out you will see
<time>227 DEBUG [smb.protocol.auth] Authenticated user <yourusername> sts=Disallow via Passthru

This is the reason why you are being prompted for the username and password..
you are not alone here..

here is a link to a thread that we have all been using describing the same problem and what we are finding…
http://forums.alfresco.com/en/viewtopic.php?f=14&t=13858

rxm307 · ‎12-03-2008

I've enabled those and all I'm getting is

16:45:51,790 DEBUG [org.alfresco.smb.protocol.auth] No PassthruDetails for T3
16:46:26,378 DEBUG [org.alfresco.smb.protocol.auth] No PassthruDetails for T9

rxm307 · ‎12-03-2008

and

16:55:22,962 DEBUG [smb.protocol.auth] Null CIFS logon allowed

aususer · ‎12-03-2008

Have a look at the link I put - I put a copy of my config that I used that got a little closer than you seem to be..
note: is linux-based, so paths will be different to windows (if that is what you are using).

aususer · ‎12-03-2008

OOPS :shock: don't know if this is a good or a bad thing..

I just downloaded a trial version of enterprise 3.0 - just to see -, set it up EXACTLY the same as the Labs 3b and 3c…

and it worked PERFECTLY first time!

ie..

Startup:
07:37:18,652 Userystem INFO [service.descriptor.DescriptorService] Alfresco license: Enterprise - v3.0 granted to Trial User limited to 30 days expiring Sat Jan 03 00:00:00 EST 2009 (30 days remaining)
07:37:18,654 Userystem INFO [service.descriptor.DescriptorService] Alfresco started (Enterprise): Current version 3.0.0 (r11498) schema 501 - Installed version 3.0.0 (r11498) schema 501
Dec 4, 2008 7:38:46 AM org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on http-8080
Dec 4, 2008 7:38:46 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in 368844 ms

Logfile when accessing webpage (modified to protect me)

07:38:59,391 DEBUG [app.servlet.NTLMAuthenticationFilter] New NTLM auth request from <mysubnet> (<mysubnet>:5432)
07:38:59,404 DEBUG [app.servlet.NTLMAuthenticationFilter] Received type1 [Type1:0xa208b207,Domain:<mydomain>,Wks:<mypc>]
07:38:59,405 DEBUG [app.servlet.NTLMAuthenticationFilter] Client domain <mydomain>
07:38:59,564 DEBUG [app.servlet.NTLMAuthenticationFilter] Sending NTLM type2 to client - [Type2:0x80000203,Target:ALFRESCOA,Ch:b67a1a5b5e8eec1e]
07:38:59,582 DEBUG [app.servlet.NTLMAuthenticationFilter] Received type3 [Type3:,LM:690f25986c591cf504dd0655caeb906cefea87bfcbd94c4d,NTLM:410cbc2c95a79569b080b7fbc50c52c9b7953a9c99644684,Dom:<mydomain>,User:<me>,Wks:<mypc>]
07:39:02,891 User:<me> DEBUG [app.servlet.NTLMAuthenticationFilter] Updated cached NTLM details
07:39:02,893 User:<me> DEBUG [app.servlet.NTLMAuthenticationFilter] User logged on via NTLM, [<me>,Wks:<mypc>,Dom:<mydomain>,AuthSrv:ALFRESCOA,Thu Dec 04 07:39:02 EST 2008]
07:39:11,145 DEBUG [app.servlet.NTLMAuthenticationFilter] User <me> validate ticket
07:39:11,295 User:<me> DEBUG [app.servlet.NTLMAuthenticationFilter] Authentication not required, chaining …

and when I access via XPSP3 Start|Run|\\alfresco

07:39:25,668 User:<me> DEBUG [smb.protocol.auth] Auth token net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@6f1597: Username: net.sf.acegisecurity.providers.dao.User@f27e2a: Username: <me>; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_AUTHENTICATED; Password: [PROTECTED]; Authenticated: true; Details: net.sf.acegisecurity.providers.dao.User@f27e2a: Username: <me>; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_AUTHENTICATED; Granted Authorities: ROLE_AUTHENTICATED
07:39:25,678 User:<me> DEBUG [smb.protocol.auth] Authenticated user <me> sts=Allow via Passthru
07:39:32,848 User:<me> DEBUG [smb.protocol.auth] Null CIFS logon allowed

Could this be a mismatch-difference between code in the labs3b/3c and enterprise?

Goes to show - paying certainly does help…
not sure where to go to from here.. we are not in a position to roll out the enterprise version just yet (if at all - not sure if will fit into our requirements just yet - thats why using the community version - it doesn't bind me to an "enddate" for business testing)..

reboot · ‎12-04-2008

we have the same problemes with NTLM - CFIS configuration.

on Version 2.9 it was all fine, but with upgrade to 3.0b the CFIS authentication will fail.

reboot · ‎12-04-2008

is there an idea when the problem is solved, or shall I step back to 2.9? :cry:

rxm307 · ‎12-04-2008

I Raised this bug report yesterday, no one has replied too it as yet…..

Hyland Connect

Problem with accessing CFIS share from windows