Hyland Connect

invantix · ‎05-17-2007

Looking at the WIKIs there are a lot of options for authentication (JAAS, LDAP, NTLM). I am trying to figure out which would work best for us.

1. All clients are Windows XP.
2. All internal users are on the same AD domain.
3. I want to use CIFS for some drag and drop loading operations.
4. I would prefer to have new AD users to automatically have access to Alfresco without having to ccreate synch programs.
5. I would like AD domain administrators to have admin access to alfresco.
6. I would like to have a guest area for external users.

IT seems like I want to use NTLM. If this is the case, the NTLM WIKI talks about "client", and "pass through". Should I set up one or both of these?

Thanks

invantix · ‎05-17-2007

I followed the WIKI for Client Side NTLM and NTLM Passthru Authentication and am having some problems.

1. When I start the server I see a problem with CIFS:
   11:08:43,983 ERROR [smb.protocol.auth] No valid CIFS authentication combination available
   11:08:43,983 ERROR [smb.protocol.auth] Either enable Kerberos support or use an authentication component that supports MD4 hashed passwords
   11:08:43,983 ERROR [alfresco.smb.protocol] CIFS server configuration error, Invalid CIFS authenticator configuration
org.alfresco.error.AlfrescoRuntimeException: Invalid CIFS authenticator configuration

2. When I point my browser at alfresco with IE7 I am prompted for a uid/pw. This should not happen.

3. When I enter the uid/pw and submit, I get:
org.alfresco.error.AlfrescoRuntimeException: Transaction must be active and synchronization is required

invantix · ‎05-18-2007

OK,

Now I have things closer. I am no monger asked to log in from IE but I go directly to an error page with an exception. It looks like poor (or lack of) exception handling to me. There is no person and it fails on creation so it reports a Transaction must be active??? I am guessing if I am using NTLM on the UI and 'alfresco' on the file system I need to somehow load the users from AD into alfresco.

org.alfresco.error.AlfrescoRuntimeException: Transaction must be active and synchronization is required
        at org.alfresco.repo.transaction.AlfrescoTransactionSupport.registerSynchronizations(AlfrescoTransactionSupport.java:371)
        at org.alfresco.repo.transaction.AlfrescoTransactionSupport.getSynchronization(AlfrescoTransactionSupport.java:356)
        at org.alfresco.repo.transaction.AlfrescoTransactionSupport.bindDaoService(AlfrescoTransactionSupport.java:210)
        at org.alfresco.repo.transaction.TransactionalDaoInterceptor.invoke(TransactionalDaoInterceptor.java:66)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:170)
        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:176)
        at $Proxy1.getStore(Unknown Source)
        at org.alfresco.repo.node.db.DbNodeServiceImpl.getRootNode(DbNodeServiceImpl.java:238)
        at sun.reflect.GeneratedMethodAccessor107.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:585)
        at org.alfresco.repo.service.StoreRedirectorProxyFactory$RedirectorInvocationHandler.invoke(StoreRedirectorProxyFactory.java:221)
        at $Proxy2.getRootNode(Unknown Source)
        at sun.reflect.GeneratedMethodAccessor107.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:585)
        at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:335)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:181)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:148)
        at org.alfresco.repo.node.MLPropertyInterceptor.invoke(MLPropertyInterceptor.java:227)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:170)
        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:176)
        at $Proxy3.getRootNode(Unknown Source)
        at org.alfresco.repo.security.person.PersonServiceImpl.getPeopleContainer(PersonServiceImpl.java:581)
        at org.alfresco.repo.security.person.PersonServiceImpl.createPerson(PersonServiceImpl.java:575)
        at org.alfresco.repo.security.person.PersonServiceImpl.createMissingPerson(PersonServiceImpl.java:555)
        at org.alfresco.repo.security.person.PersonServiceImpl.getPerson(PersonServiceImpl.java:160)
        at org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.authenticatePassthru(NTLMAuthenticationComponentImpl.java:840)
        at org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.authenticate(NTLMAuthenticationComponentImpl.java:521)
        at org.alfresco.web.app.servlet.NTLMAuthenticationFilter.processType3(NTLMAuthenticationFilter.java:727)
        at org.alfresco.web.app.servlet.NTLMAuthenticationFilter.doFilter(NTLMAuthenticationFilter.java:400)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
        at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
        at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
        at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
        at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
        at java.lang.Thread.run(Thread.java:595)

nyugi · ‎05-23-2007

Hi!

Unfortunately I have the same problem. The only thing I can't understand, that the same thing (NTLM+SSO) with the same settings works fine with the trial version of Enterprise Network (alfresco-enterprise-tomcat-2.0.0.zip).

I am curious to know the solution of this problem.

invantix · ‎05-23-2007

This is not the first evidence I have seen of this. It looks to me like fixes in the enterprise version do not make it to the community.

It seems like one way open source to me. community->enterprise.

Enterprise 2.0.1 has been out for a month but nothing for the community unless you want to go the the untested nightly builds…

diable666 · ‎07-05-2007

I expect de same problem :
org.alfresco.error.AlfrescoRuntimeException: Transaction must be active and synchronization is required

I run alfresco 2.0.0 community on tomcat on CentOS in a vmware and I want alfresco login use my PDC samba which runs into the same LAN.
What is synchronisation ? I don't need the availlability to modify user trough alfresco. Just login … But it doesn't work!

Please help me;

thanks

andy · ‎07-16-2007

Hi

There is a bug in 2.0 community that stops people being auto-created by the SSO NTLM filter. This should be fixed in 2.1 and was provided as an enterprise patch.

Andy

diable666 · ‎07-16-2007

Yep, it works with the 2.1.

Hyland Connect

Which Authentication Method