cancel
Showing results for 
Search instead for 
Did you mean: 

alfrescoNtlm authentication & CIFS

alexbrst
Champ in-the-making
Champ in-the-making
Hi,

I recently installed Alfresco 4.2.0 on a Debian 7.1 server and successfully set up the LDAP authentication subsystem against my local Active Directory.
I'm now trying to use the CIFS share and get the alfrescoNtlm authentication subsystem working. I do not want to use passthru authentication.
I had no luck so far, my browsers (Firefox and IE) are configured to try NTLM authentication against my Alfresco installation but I am prompted with a pop-up window asking me to type my username and password and only Alfresco local accounts are working.

Here are my properties files :
* ./tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/alfrescoNtlm/ntlm-filter.properties

ntlm.authentication.sso.enabled=true
ntlm.authentication.mapUnknownUserToGuest=false
ntlm.authentication.browser.ticketLogons=true


* ./tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/alfrescoNtlm/alfresco-authentication.properties

alfresco.authentication.allowGuestLogin=false
alfresco.authentication.authenticateCIFS=true
alfresco.authentication.sessionCleanup=true


* ./tomcat/shared/classes/alfresco-global.properties

authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap-ad
ldap.authentication.active=false
#ldap.authentication.allowGuestLogin=false
#ldap.authentication.userNameFormat=REDACTED
#ldap.authentication.java.naming.provider.url=REDACTED
#ldap.authentication.defaultAdministratorUserNames=REDACTED
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=REDACTED
ldap.synchronization.java.naming.security.credentials=REDACTED
ldap.synchronization.groupSearchBase=REDACTED
ldap.synchronization.userSearchBase=REDACTED


Can anyone help me?
Thanks.

Alex
8 REPLIES 8

alexbrst
Champ in-the-making
Champ in-the-making
Nobody managed to get alfrescoNtlm working?

eswbitto
Confirmed Champ
Confirmed Champ
Have you tried to put your ntlm authentication into the global.properties file rather than configuring it in the two files below the WEB-INF? I've read from another post that an alfresco engineer has advised not to configure these files. Especially if you are using more than one authentication method. Might be worth a try.

alexbrst
Champ in-the-making
Champ in-the-making
Hi,

Thanks for the tip. I did try that, no luck either.

alexbrst
Champ in-the-making
Champ in-the-making
Hi,

I changed a few settings in ./tomcat/shared/classes/alfresco-global.properties :

authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap-ad

ntlm.authentication.sso.enabled=false
alfresco.authentication.authenticateCIFS=true
alfresco.authentication.allowGuestLogin=false

ldap.authentication.active=true
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=%s@XXXXX
ldap.authentication.java.naming.provider.url=ldap://XXXXX
ldap.authentication.defaultAdministratorUserNames=Administrator,alfresco
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=XXXXX
ldap.synchronization.java.naming.security.credentials=XXXXX
ldap.synchronization.groupSearchBase=XXXXX
ldap.synchronization.userSearchBase=XXXXX

cifs.enabled=true
cifs.serverName=XXXXX
cifs.domain=XXXXX
cifs.broadcast=255.255.255.255
cifs.bindto=XXXXX
cifs.hostannounce=true
cifs.sessionTimeout=1800
cifs.ipv6.enabled=false
cifs.tcpipSMB.port=445
cifs.netBIOSSMB.namePort=137
cifs.netBIOSSMB.datagramPort=138
cifs.netBIOSSMB.sessionPort=139


I noticed that I'm able to use the Alfresco admin account to authenticate against Alfresco CIFS, but still not able to use my AD account.
Does anyone know what could cause that?

mrogers
Star Contributor
Star Contributor
I think (havn't checked) CIFS can only use a single authenticator for CIFS,  in your case alfrescoNTLM1, so ot won't authenticate against ldap1.   In addition CIFS needs MD4 hash and NTLMV1 to authnticate.

alexbrst
Champ in-the-making
Champ in-the-making
So youy're telling me that I cannot get alfrescoNTLM working with CIFS? I must use passthru since it uses NTLMv1?
What about the hashes?

opacdurhone
Champ in-the-making
Champ in-the-making
Hello,

I think, I have the same problem.

<cite>
My browsers (Firefox and IE) are configured to try NTLM authentication against my Alfresco installation but I am prompted with a pop-up window asking me to type my username and password and only Alfresco local accounts are working.
</cite>

In log, I find this :
<blockquote>
[org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Received type3 [Type3:,LM:XXX,NTLM:XXX,Dom:XXX,User:XXX,Wks:XXX]
[org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Perform an NTLMv2 session key check.
[org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Password check failed.
[org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Logon failed using NTLMSSP/NTLMv2SessKey
</blockquote>

The NTLM protocol works but when it try to authenticate account …. it failed

Anybody have any idea ?

Thanks for help.

em_renaud
Champ in-the-making
Champ in-the-making
Hello,
I have exactly the same problem!
all work correctly(loggin in the portal, share, webdav and ftp) but not for the CIFS!
My alfresco 4.2.d is linked with the domain (AD Windows 2008)

my files:
#alfresco-global.properties

### CIFS/SMB Server Configuration ###
cifs.enabled=true
cifs.serverName="GEDFRESV01"
cifs.domain="beholding.org"
cifs.hostannounce=true
ldap.authentication.authenticateCIFS=true

I followed the method here to link my alfresco to my AD
http://pomeroy.me/2013/02/alfresco-on-windows-server-with-active-directory-authentication/

thnak for your help