05-23-2017 03:48 AM
hello,
I have a problem with CIFS configuration, I could successfully activate CIFS but I have a problem with share services when I enable sso authentification.
exactly on this ligne of the alfresco-global.properties configuration
ntlm.authentication.sso.enabled=true
when I set sso to false, I couldn't user CIFS, alfresco work fine without problems
when I set sso to true, I could user CIFS, but this error messege appear in alfresco share.
and other problem appear also like this:
alfresco-global.properties :alfresco community 5.2 201701
### authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap
authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap,passthru1:passthru
### Ntlm ###
alfresco.authentication.allowGuestLogin=false
alfresco.authentication.authenticateCIFS=true
ntlm.authentication.sso.enabled=true
ntlm.authentication.mapUnknownUserToGuest=false
### Passthru ###
passthru.authentication.defaultAdministratorUserNames=Picosoft
passthru.authentication.domain=domain.local
passthru.authentication.servers=domain.local\\DOMAIN-DC01
passthru.authentication.guestAccess=false
### Synchronisation Active Directory ###
synchronization.import.cron=0 0/30 9-18 ? * MON-FRI
synchronization.synchronizeChangesOnly=false
synchronization.syncWhenMissingPeopleLogIn=true
### Configuration OutboundSMTP ###
mail.host=DOMAIN-mail.domain.local
mail.port=25
mail.from.default=alfresco@domain.local
mail.from.enabled=false
mail.protocol=smtp
mail.smtps.auth=false
mail.smtp.debug=true
mail.smtp.timeout=30000
### Configuration OutboundSMTP ###
cifs.enabled=true
cifs.domain=domain.local
cifs.serverName=domainalfresco
cifs.hostannounce=true
05-23-2017 04:21 AM
You need to reconfigure most of the Remote endpoints in share-config-custom.xml to use the /wcs base URL and external authentication. One thing that you may have missed there is configuration of the "alfresco-api" endpoint to use external authentication (URL unchanged).
05-23-2017 04:51 AM
what I have to do in my case
I had tried this configuration
share-config-custom.xml
<config evaluator="string-compare" condition="Remote">
<remote>
<connector>
<id>alfrescoHeader</id>
<name>Alfresco Connector</name>
<description>Connects to an Alfresco instance using userHeader authentication</description>
<class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class>
<userHeader>X-Alfresco-Remote-User</userHeader>
</connector>
<endpoint>
<id>alfresco</id>
<name>Alfresco - user access</name>
<description>Access to Alfresco Repository WebScripts that require user authentication</description>
<connector-id>alfrescoHeader</connector-id>
<endpoint-url>http://localhost:8084/alfresco/s</endpoint-url>
<identity>user</identity>
<external-auth>true</external-auth>
</endpoint>
<endpoint>
<id>alfresco-api</id>
<parent-id>alfresco</parent-id>
<name>Alfresco Public API - user access</name>
<description>Access to Alfresco Repository Public API that require user authentication.
This makes use of the authentication that is provided by parent 'alfresco' endpoint.</description>
<connector-id>alfrescoHeader</connector-id>
<endpoint-url>http://localhost:8084/alfresco/api</endpoint-url>
<identity>user</identity>
<external-auth>true</external-auth>
</endpoint>
<endpoint>
<id>alfresco-feed</id>
<parent-id>alfresco</parent-id>
<name>Alfresco Feed</name>
<description>Alfresco Feed - supports basic HTTP authentication via the EndPointProxyServlet</description>
<connector-id>alfrescoHeader</connector-id>
<endpoint-url>http://localhost:8084/alfresco/s</endpoint-url>
<identity>user</identity>
<external-auth>true</external-auth>
</endpoint>
</remote>
</config>
alfresco-global.properties
authentication.chain=external1:external,ldap1:ldap,alfrescoNtlm1:alfrescoNtlm
external.authentication.proxyUserName=
external.authentication.enabled=true
external.authentication.defaultAdministratorUserNames=admin
external.authentication.proxyHeader=X-Alfresco-Remote-User
### Ntlm ###
alfresco.authentication.allowGuestLogin=false
alfresco.authentication.authenticateCIFS=false
ntlm.authentication.sso.enabled=true
ntlm.authentication.mapUnknownUserToGuest=false
this box always appear: when I enter the admin and the password, it reappear again.
what should I do?
05-23-2017 10:39 AM
As I can see you are using the HTTP Header entries, like X-Alfresco-Remote-User
Do you really have an authenticating proxy that's setting these header fields?
Maybe you could describe your setup?
05-24-2017 02:47 AM
normal setup, nothing special. with admin password =admin
I use 'windows 8.1' and 'alfresco-community-installer-201612-win-x64'
I am really don't know X-Alfresco-Remote-User
I followed this [ACE-5682] Share displays the "Alfresco is running without Share Services.See your...." message when...
but I can't solve the problem
05-24-2017 09:01 AM
..ok.. External Authentication is relying on an external authentication proxy that sets the X-Alfresco-Remote-User http header - which is not your setup. You should use passthru authentication when connecting to a Windows Domain.
Do you want to synchronize/authenticate against a Windows Active Directory?
Then:
authentication.chain=alfrescoNtlm1:alfrescoNtlm,passthru1:passthru,ldap1:ldap-ad
ntlm.authentication.sso.enable=false
ntlm.authentication.authenticateCIFS=false
#ntlm.authentication.mapUnknownUserToGuest=false
alfresco.authentication.authenticateCIFS=false
#alfresco.authentication.allowGuestLogin=false
passthru.authentication.sso.enabled=false
passthru.authentication.authenticateCIFS=true
passthru.authentication.useLocalServer=false
passthru.authentication.servers=YOUR_DOM\\YOUR_DC
passthru.authentication.defaultAdministratorUserNames=YOUR_ADMIN
But maybe I still didn't understand what you want to achieve...
Using alfresco as a single user on your local computer would just work out of the box. You wouldn't have to configure anything. Just use the admin user you created during the install process to login, go to the admin console and create users as needed. These users will be known to alfresco only.
05-23-2017 04:40 AM
I usually used (if using cifs at all, I prefer connecting via WebDAV/aos over https)
alfresco.authentication.authenticateCIFS=false
ntlm.authentication.authenticateCIFS=false
passthru.authentication.authenticateCIFS=true
so sso is handled via ntlm, but cifs via passthru.
Another thing I sometimes left out in upgrading was the repository URL in share-config-custom.xml
<repository-url>http://myalfresco:Port/alfresco</repository-url>
Like Axel said, there is a config section (usually commented out) in the sample config for external auth.
Hope it helps....
Martin
Explore our Alfresco products with the links below. Use labels to filter content by product module.