I easily installed Alfresco 3.2 on Ubuntu 9.04 using the 'partners' repository. It works smoothly out if I only use internal Alfresco authentication subsystem (AlfrescoNtlm).
We need to authenticate Alfresco against our Win2k3 AD preferably using SSO (CIFS is in the pipe but that will be another story). I followed the cryptic wiki instructions (I'd kill for a simple tutorial) and I configured LDAP-AD subsystem in order to sync the users from AD. According to the logs, Alfresco regularly reads the Users on AD. I guess that it stores them somewhere locally.
Here's my authentication chain in alfresco-global.properties:
authentication.chain=alfrescoNtlm1:alfrescoNtlm,passthru1
assthru,ldap-ad1:ldap-ad
And the passthru subsystem looks like this:
passthru.authentication.useLocalServer=false
passthru.authentication.domain=
passthru.authentication.servers=DOMAINE\\xx.xx.xx.xx,xx.xx.xx.xx
passthru.authentication.guestAccess=false
passthru.authentication.defaultAdministratorUserNames=administrator
#Timeout value when opening a session to an authentication server, in milliseconds
passthru.authentication.connectTimeout=5000
#Offline server check interval in seconds
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=TCPIP,NetBIOS
passthru.authentication.authenticateCIFS=true
passthru.authentication.authenticateFTP=true
When I try to authenticate, I see NTLM requests in the logs (v1 and then v2) but the browser stalls for several minutes before I get a timeout error message.
We need to authenticate Alfresco against our Win2k3 AD preferably using SSO (CIFS is in the pipe but that will be another story). I followed the cryptic wiki instructions (I'd kill for a simple tutorial) and I configured LDAP-AD subsystem in order to sync the users from AD. According to the logs, Alfresco regularly reads the Users on AD. I guess that it stores them somewhere locally.
Here's my authentication chain in alfresco-global.properties:
authentication.chain=alfrescoNtlm1:alfrescoNtlm,passthru1
assthru,ldap-ad1:ldap-adAnd the passthru subsystem looks like this:
passthru.authentication.useLocalServer=false
passthru.authentication.domain=
passthru.authentication.servers=DOMAINE\\xx.xx.xx.xx,xx.xx.xx.xx
passthru.authentication.guestAccess=false
passthru.authentication.defaultAdministratorUserNames=administrator
#Timeout value when opening a session to an authentication server, in milliseconds
passthru.authentication.connectTimeout=5000
#Offline server check interval in seconds
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=TCPIP,NetBIOS
passthru.authentication.authenticateCIFS=true
passthru.authentication.authenticateFTP=true
When I try to authenticate, I see NTLM requests in the logs (v1 and then v2) but the browser stalls for several minutes before I get a timeout error message.
Well thanks for your feedback on my 'cryptic' Wiki page.
This may sound stupid, but make sure you can actually ping the domain server from the Alfresco server. Make sure you have actually opened up the domain server's firewall so that the requests get through!
It may be wise to start basic and work up.
Try just passthru in your chain and set
authentication.chain=passthru1assthru
ntlm.authentication.sso.enabled=false
This should give you basic username/password-based authentication against the domain server. And if that doesn't work then surely the logs will reveal something?
This may sound stupid, but make sure you can actually ping the domain server from the Alfresco server. Make sure you have actually opened up the domain server's firewall so that the requests get through!
It may be wise to start basic and work up.
Try just passthru in your chain and set
authentication.chain=passthru1
assthruntlm.authentication.sso.enabled=false
This should give you basic username/password-based authentication against the domain server. And if that doesn't work then surely the logs will reveal something?
When I set it back to true, it doesn't work anymore. The behaviour comes back to what I've been experiencing for the last 48 hours.
Here's what shows the log when I set it back to true. It tells me I'm logged but, trust me, it's not obvious when I look the browser. The last line probably explains the reason of the failure but it's unclear to me.
11:57:40,298 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] New NTLM auth request from 172.16.177.244 (172.16.177.244:55345) SID:7109ABC7229373AB9F74993104BF0CE6
11:57:40,321 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Received type1 [Type1:0xa2088207,Domain:<NotSet>,Wks:<NotSet>]
11:57:40,324 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Client domain null
11:57:43,136 WARN [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] NTLM filter, error resolving CIFS host nameUBUNTUA
11:57:43,136 INFO [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] NTLM filter using server name ubuntu
11:57:43,162 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Sending NTLM type2 to client - [Type2:0x80000203,Target:ubuntu,Ch:e5d488ee24c81d8c]
11:57:43,179 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Received type3 [Type3:,LM:2e99b95dce2226bc4ede8e2c7995a3515bf0dfd90faaaee3,NTLM:2e99b95dce2226bc4ede8e2c7995a3515bf0dfd90faaaee3,Dom:ubuntu.lab.etuc.org,User:dflasse,Wks
FLASSE-VISTA]
11:57:43,653 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Updated cached NTLM details
11:57:43,654 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] User logged on via NTLM, [dflasse,WksFLASSE-VISTA,Dom:ubuntu.lab.etuc.org,AuthSrv:ubuntu,Thu Aug 27 11:57:43 CEST 2009]
11:57:43,676 ERROR [org.apache.myfaces.lifecycle.LifecycleImpl] Assumed extension mapping, but there is no extension in /faces
Here's what shows the log when I set it back to true. It tells me I'm logged but, trust me, it's not obvious when I look the browser. The last line probably explains the reason of the failure but it's unclear to me.
11:57:40,298 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] New NTLM auth request from 172.16.177.244 (172.16.177.244:55345) SID:7109ABC7229373AB9F74993104BF0CE6
11:57:40,321 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Received type1 [Type1:0xa2088207,Domain:<NotSet>,Wks:<NotSet>]
11:57:40,324 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Client domain null
11:57:43,136 WARN [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] NTLM filter, error resolving CIFS host nameUBUNTUA
11:57:43,136 INFO [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] NTLM filter using server name ubuntu
11:57:43,162 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Sending NTLM type2 to client - [Type2:0x80000203,Target:ubuntu,Ch:e5d488ee24c81d8c]
11:57:43,179 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Received type3 [Type3:,LM:2e99b95dce2226bc4ede8e2c7995a3515bf0dfd90faaaee3,NTLM:2e99b95dce2226bc4ede8e2c7995a3515bf0dfd90faaaee3,Dom:ubuntu.lab.etuc.org,User:dflasse,Wks
FLASSE-VISTA]11:57:43,653 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Updated cached NTLM details
11:57:43,654 DEBUG [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] User logged on via NTLM, [dflasse,Wks
FLASSE-VISTA,Dom:ubuntu.lab.etuc.org,AuthSrv:ubuntu,Thu Aug 27 11:57:43 CEST 2009]11:57:43,676 ERROR [org.apache.myfaces.lifecycle.LifecycleImpl] Assumed extension mapping, but there is no extension in /faces
