Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Strange CIFS/NTLM Authentication Issue (Windows 7 and 2008)

maximus007
Champ in-the-making
Champ in-the-making

‎02-03-2010 07:43 PM

I'm getting close to getting this server set up!

I am having a strange issue authenticating CIFS for users on Windows 7 and Server 2008 machines. Alfresco is set up to use NTLM authentication.

For some reason, only the original "admin" user can actually access the \\alfresco\alfresco share. When using the admin user, I get the expected output in the log:

11:33:30,748 User:admin DEBUG [smb.protocol.auth] Logged on using NTLMSSP/NTLMv2
11:33:30,749 User:admin DEBUG [smb.protocol.auth] Using Write transaction
But, if I try log in with any other user on the very same machine, I get the following message:

11:24:06,439  DEBUG [smb.protocol.auth] NT Session setup NTLMSSP, MID=8, UID=0, PID=65279
11:24:06,439  DEBUG [smb.protocol.auth] Using Write transaction
11:24:06,439  DEBUG [smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=1223,Authenticator=EncType=23,Kvno=-1,Len=234]
11:24:06,439  DEBUG [smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
11:24:06,439  ERROR [smb.protocol.auth] Kerberos logon error
11:24:06,439  ERROR [smb.protocol.auth] java.lang.NullPointerException
I have tried this on numerous Windows 7 or 2008 machines - all allow admin to connect but no one else. WebDAV, FTP and Alfresco Explorer all work fine.

I then tried it on an XP Virtual Machine and a Server 2003 machina and what do you know - all users can authenticate as expected!?

What on earth is going on?
Labels:
0 Kudos
3 REPLIES 3

kbonnet
Champ in-the-making
Champ in-the-making

‎02-04-2010 04:57 AM

It might have to do with the authentication negotiation. It looks like when you log on with the admin users it's offering NTLMv2 authentication, the other users are offering Kerberos. Is there something in your clients or domain policies that say that they cannot authenticate using NTLM?
0 Kudos

clancydamon
Champ in-the-making
Champ in-the-making

‎02-04-2010 04:49 PM

I had the exact same issue - http://forums.alfresco.com/en/viewtopic.php?f=9&t=24626

kbonnet is right, it's NTLMv2. You can't use NTLMv2. You'll find a link in that topic which explain how to change the authentication.
0 Kudos

maximus007
Champ in-the-making
Champ in-the-making

‎02-04-2010 05:03 PM

ClancyDamon & kbonnet,

I know NTLMv2 doesn't work for passthrough but I thought NTLMv2 was supported on internal Alfresco Authenticatation? http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems#ntlm. Also why then would my admin user work (from any computer) ,just no one else?

I am going to relax security policy and try get PassThru working again.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC