Hyland Connect

wuff · ‎01-15-2009

I'm trying for some days to get the authentication with Kerberos to work with labs 3.0c on W2K3-Server.

Does anybody in the whole world have a running installation like this?

Nothing about CIFS-Access, or other configuration tasks - at the moment i would just like to be able to connect to Webclient using GSS Kerberos.

Following the instructions at http://wiki.alfresco.com/wiki/Configuring_the_CIFS_and_web_servers_for_Kerberos/AD_integration just didn't work.

During the last few days i tried to get this working, running from error to error.

I created serviceprincipals using ktutil and mapping them with adsiedit, adding other enc-types to the keytabs, trying to vary serviceaccountnames in AD (found this: http://forums.sun.com/thread.jspa?threadID=5192047) and so on.. and didn't have any access.

There are 3 errors which i can't solve:

When starting the server: CIFS Kerberos authenticator error (initially: KrbException: Identifier doesn't match expected value)

But, server is up after that, so i tried to access Webclient, getting this error message:
GSSException: No valid credentials provided (Mechanism Level: Failed to find any Kerberos Key)

This causes SPNEGO to fail, but entering username, pass and domain seems to grant access. This is followed by the last error, also shown in Browser:
ArraIndexOutOfBoundsException: End of data buffer, thrown from org.alfresco.jlan.server.auth.asn.DERBuffer.unpackBytes, line 195

So.. if anybody has a sample config or a solution for these errors, help would be very much appriciated, otherwise i have to give up.

thanks in advance,

Wuff

meansartin14 · ‎01-15-2009

I'm trying for some days to get the authentication with Kerberos to work with labs 3.0c on W2K3-Server.

Does anybody in the whole world have a running installation like this?

Yes. I have gotten the Alfresco Web Interface to work with SSO Kerberos authentication (provided by Windows 2003 Server R2 Active Directory). CIFS is absolutely another issue (see my thread here: [ERROR]Alfresco Engineers: CIFS auth does not work. Sugg?) However, Alfresco is running on a Red Hat Enterprise Linux server.

I followed the Configuring the CIFS and web servers for Kerberos/AD integration wiki and it worked first-time, no issues.

Post any files you changed (in their entirety within

 blocks) and output to alfresco.log and I will do my best to help.‍

wuff · ‎01-19-2009

Ok, got it solved.. i was trying to access the webinterface locally from the alfresco-Server (running on the KDC), this didn't work and results in an Error Message in the Webinterface:

System Error:

java.lang.ArrayIndexOutOfBoundsException: End of data buffer
at org.alfresco.jlan.server.auth.asn.DERBuffer.unpackBytes(DERBuffer.java:195)
….

I don't know, if this only happens when alfresco is on same server as the KDC, or if generally no local login is possible when using kerberos-authentication, but from other clients it works now.. yeah! 🙂

meansartin14, cu in cifs-error thread (entering next level playing alfresco SSO *g*)

meansartin14 · ‎01-19-2009

Ok, got it solved.. i was trying to access the webinterface locally from the alfresco-Server (running on the KDC), this didn't work and results in an Error Message in the Webinterface:

System Error:

java.lang.ArrayIndexOutOfBoundsException: End of data buffer
at org.alfresco.jlan.server.auth.asn.DERBuffer.unpackBytes(DERBuffer.java:195)
….

I don't know, if this only happens when alfresco is on same server as the KDC, or if generally no local login is possible when using kerberos-authentication, but from other clients it works now.. yeah! 🙂

meansartin14, cu in cifs-error thread (entering next level playing alfresco SSO *g*)

Glad you got it sorted out! Still working on my issue.

Hyland Connect

[SOLVED] Simple SSO Kerberos Authentication anyone?