07-10-2019 09:38 AM
Hi guys,
I have the following problem with my alfresco instance: the login page in alfresco returns the following message
Your authentication details have not been recognized or Alfresco may not be available at this time.
The alfresco installation has the following details:
1. CentOS 6 (up to date)
2. Postgres 9.3 (up to date)
3. Apache 7.0.6
4. Alfresco ver 5.0d
I use AD connection for user management, the AD is up and running and accessible from the Alfresco machine.
Up to 5 hours ago, I had no problem with it.
I've tried shutting it down and restart it (also postgres and apache server) with no success.
I got no errors in the log files - see them attached.
The alfresco app is running (http://server:8080/alfresco, I cannot login to console, because I don't have the initial admin password)
Can anyone help me on this?
07-11-2019 11:42 AM
your ldap config is not correct. Please fix that following the docs I linked. At least your userNameFormat will expect all the users in ou=users,dc=domain,dc=intern.
07-10-2019 10:51 AM
Could you see any errors in alfresco.log, share.log and catalina.out ?
Can you also try <host>:<port>/alfresco/service/api/login?u=<userName>&pw=<password> api call to see if you are getting response from repository
07-10-2019 11:09 AM
Hi Abhinav,
No error in the logs (are attached to the post).
The response from the repository is this
<response>
<status>
<code>403</code>
<name>Forbidden</name>
<description> Server understood the request but refused to fulfill it. </description>
</status>
<message>06100727 Login failed</message>
<exception/>
<callstack> </callstack>
<server>Community v5.0.0 (d r99759-b2) schema 8,022</server>
<time>Jul 10, 2019 6:01:28 PM</time>
</response>
I think it's ok (I don't know the initial admin password, and password of admin account configured in AD is not accepted.)
Also I don't think there is a problem with the AD connection, the sync job is working fine - see below the log entries
2019-07-10 17:45:00,105 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-9] Synchronizing users and groups with user registry 'ldap1'
2019-07-10 17:45:00,106 WARN [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-9] Full synchronization with user registry 'ldap1'
2019-07-10 17:45:00,106 WARN [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-9] Some users and groups previously created by synchronization with this user registry may be removed.
2019-07-10 17:45:00,147 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-9] Retrieving all groups from user registry 'ldap1'
2019-07-10 17:45:00,152 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-9] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Commencing batch of 0 entries
2019-07-10 17:45:00,152 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-9] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Completed batch of 0 entries
2019-07-10 17:45:00,185 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-9] Retrieving users changed since Jul 10, 2019 11:05:30 AM from user registry 'ldap1'
2019-07-10 17:45:00,188 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-9] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Commencing batch of 1 entries
2019-07-10 17:45:00,521 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-9] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Processed 1 entries out of 1. 100% complete. Rate: 3 per second. 0 failures detected.
2019-07-10 17:45:00,521 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-9] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Completed batch of 1 entries
2019-07-10 17:45:00,531 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-9] Finished synchronizing users and groups with user registry 'ldap1'
2019-07-10 17:45:00,531 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-9] 1 user(s) and 0 group(s) processed
07-10-2019 11:17 AM
OOTB Default admin account should still work. The default user name is: admin and default password: admin
Repo auth api : http://127.0.0.1:8080/alfresco/service/api/login?u=admin&pw=admin
This should return alf_ticket if login is successful. The default admin password is also part of tomcat/shared/classes/alfresco-global.properties file. Its MD4 encrypted. You can decrypt it if required. but in general admin:admin is the default user name and password. Give it a try.
07-10-2019 11:35 AM
I've tried and the same response - Login failed .
in catalina.out i got this line:
2019-07-10 19:02:26,347 INFO [web.site.EditionInterceptor] [ajp-apr-8009-exec-3] Unable to retrieve License information from Alfresco: 401
Also I've modified the alfresco-global.properties file to use de default authentication (authentication.chain=alfrescoNtlm1:alfrescoNtlm) with the same result - login failed.
But this time the licence was retrieved successfully
2019-07-10 19:11:26,302 INFO [web.site.EditionInterceptor] [ajp-apr-8009-exec-4] Successfully retrieved license information from Alfresco.
Any ideas?
07-11-2019 12:36 AM
Check this url : http://127.0.0.1:8080/alfresco.
If it is not working that means your repo is not started.
07-11-2019 03:48 AM
Hi Sanjay,
The repo is running (I mean the url is accessible). But I cannot login to the alfresco console. I've reset the admin password and no success either.
07-11-2019 07:35 AM
It looks like share cant connect to alfresco. First of all check connections.
Second give us to see configuration of Authentication subsystem and authentication chain. I can't see initialization of alfrescoNtlm subsystem, so you couldn't login by native Alfresco user 'admin'.
07-11-2019 07:46 AM
your logs look OK. Do you have the alfresco internal auth system in your authentication chain?
e.g.
authentication.chain=ldap-ad1:ldap-ad,alfrescoNtlm1:alfrescoNtlm
you could set another internal user you know the password of as admin in your alfresco-global.properties - e.g. user test:
alfresco_user_store.adminusername=test
or
you write an well known password MD4 hash directly into the database. If you decide to change the password in the db you need to restart alfresco.
e.g. to change the admin password to 'admin':
echo -n "admin" | openssl md4 | awk '{print $2}'
f9d4049dd6a4dc35d40e5265954b2a46
check https://docs.alfresco.com/community/concepts/admin-password.html for details
EDIT: removed SQL and added link to documentation
07-11-2019 08:18 AM
Hi guys,
A little success - I've managed to log in (both in alfresco console and share) with the admin user and pass set up in ldap.
I had to change the below line from false to true:
ldap.authentication.active=false -> ldap.authentication.active=true
But with the rest of the users I get the same error message.
Here is the Authentication settings from alfresco-global.properties:
### Authentication chains
authentication.chain=passthru1assthru,ldap1:ldap-ad#ntlm.authentication.sso.enabled=false
#ntlm.authentication.authenticateCIFS=false
#alfresco.authentication.authenticateCIFS=false
#alfresco.authentication.allowGuestLogin=false### Passthru settings
passthru.authentication.sso.enabled=false
passthru.authentication.allowGuestLogin=false
passthru.authentication.authenticateFTP=false
passthru.authentication.servers=SERVER_NAME\\192.168.1.254,192.168.1.254
passthru.authentication.domain=
passthru.authentication.guestAccess=false
passthru.authentication.defaultAdministratorUserNames=admin
passthru.authentication.connectTimeout=5000
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=TCPIP
passthru.authentication.authenticateCIFS=trueldap.authentication.active=true
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.java.naming.provider.url=ldap://192.168.1.254:389
ldap.authentication.userNameFormat=cn\=%s,ou\=users,dc\=domain_name,dc\=intern
ldap.authentication.defaultAdministratorUsernNames=admin
ldap.authentication.java.naming.security.principal=admin@domain
ldap.authentication.java.naming.security.credentials=12345678ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=admin@doman
ldap.synchronization.java.naming.security.credentials=12345678
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.userSearchBase=ou\=users,dc\=domain,dc\=intern
ldap.synchronization.groupSearchBase=ou\=users,dc\=domain,dc\=intern
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.groupIdAttributeName=cnsynchronization.synchronizeChangesOnly=true
synchronization.import.cron=0 0/15 * * * ?
Explore our Alfresco products with the links below. Use labels to filter content by product module.