Hyland Connect

fsasse · ‎09-06-2013

Hello.

I have the latest version of the Enterprise trial (4.1.5) working fine on Windows Server 2012, including AD integration with LDAP authorization and synchronization.
However, I cannot get CIFS to work with any of the examples found on this forum or in other places.

Is there a known issue with Windows Server 2012 and CIFS not working with Alfresco?

mrogers · ‎09-06-2013

It is known to work.

You need to post a lot more details if you expect to get useful responses.

Start by telling us what the configuration is, whether you have enabled cifs and what the problem is.

fsasse · ‎09-06-2013

The problem is that the windows server 2012 cannot find the \\server\Alfresco repository when I attempt to map the drive, either from the server itself or workstation.

alfresco.log doesn't seem to help with info on logging that connection.

Below are my LDAP and CIFS configurations from D:\Alfresco\tomcat\shared\classes\alfresco-global.properties :

### LDAP ###
authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap-ad
ldap.authentication.active=true
ldap.authentication.userNameFormat=%s@{domain}
ldap.authentication.java.naming.provider.url={ldap server location}
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=administrator
ldap.synchronization.active=true
ldap.synchronization.synchronizeChangesOnly=false
ldap.synchronization.java.naming.security.principal=CN={bind credentials}
ldap.synchronization.java.naming.security.credentials={bind password}
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.attributeBatchSize=1000
ldap.synchronization.groupQuery=(objectclass\=group)
ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(modifyTimestamp<\={0})))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=DC\=x,DC\=x,DC\=x,DC\=x,DC\=x
ldap.synchronization.userSearchBase=DC\=x,DC\=x,DC\=x,DC\=x,DC\=x
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.groupType=group
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member

### CIFS ###
#filesystem.name=Alfresco
cifs.enabled=true
#cifs.domain=domain
cifs.serverName=servername
cifs.hostannounce=true
cifs.disableNativeCode=false
cifs.tcpipSMB.port=445
cifs.netBIOSSMB.namePort=137
cifs.netBIOSSMB.datagramPort=138
cifs.netBIOSSMB.sessionPort=139
cifs.WINS.autoDetectEnabled=true

fsasse · ‎09-06-2013

I should also mention we have no WINS servers in our environment, if that has any bearing on this issue!

mrogers · ‎09-08-2013

The serverName prop above is "servername". Therefore you would connect with \\servername\alfresco.

On windows the default is to use ${servername}A … Note the A postfix which helps to stop confusion between the windows' own cifs server.

fsasse · ‎09-10-2013

I've tried that already, and nothing works.
I tried many of the other solutions as well, such as the dummy HOSTS and LMHOSTS 13.13.13.13. The only thing I haven't tried is the registry hack.
I suppose I will need to attempt that also.

fsasse · ‎09-12-2013

I have CIFS working now with Windows Server 2012, users with LOCAL accounts (alfrescoNTLM authentication) can map a drive and edit the Alfresco repository in the usual fashion.
\\servername\Alfresco and connect as servername\localaccount.

To get this working, a few things had to be done. No registry hacks were needed.

1. In the LDAP configuration above, the following lines needed to be added:

alfresco.authentication.authenticateCIFS=true
ntlm.authentication.sso.enabled=false

2. In the CIFS configuration above, I needed to change the CIFS server name, and I also added the domain, although it (domain name) may not be necessary

cifs.serverName=servernameA
cifs.domain=domain

3. In the Windows\System32\Drivers\etc\hosts and lmhosts.sam files I needed to create the dummy entries for servernameA

13.13.13.13 servernameA

4. I had to disable the Windows File and Print Sharing on the Ethernet NIC.

5. I edited the local security policy of the server, and changed the following:

security settings –> local policies –> security options –> Network security: Allow Local System to use computer identity for NTLM change to Enabled

After all this, local accounts are able to map a drive to the Alfresco repository. However, LDAP users in AD still cannot.

My next question. Is this the end of the line with CIFS? I have read that LDAP users cannot authenticate with CIFS, because of a MD5/MD4 hash issue?
Is the only way around this issue Kerberos? What is the path forward on this?

fsasse · ‎09-13-2013

I am currently working on the passthru configurations. I will update this thread if I am successful.

ermantis · ‎12-17-2013

Have you been successfull on make passthru work with CIFS ?

ermantis · ‎12-17-2013

Okay, I followed your instructions on making Alfresco CIFS work on Win Server 2012.
I haven't disabled Passthru, just activated CIFS and configured it, and changing the security option in Local Strategy, edited my hosts and lmhosts and desactivating the printer and file share on my NIC… It seems to work without having to log anything more. Here is what I added in my alfresco-global.properties :


### Ajout AD ###
#authentication.chain=ldap1:ldap-ad,passthru1:passthru,alfrescoNtlm1:alfrescoNtlm
authentication.chain=ldap1:ldap-ad,passthru1:passthru

#Ldap config
ldap.authentication.userNameFormat=%s@domain.lan
ldap.authentication.java.naming.provider.url=ldap://MyLdapServer:389
ldap.authentication.defaultAdministratorUserNames=Admin
ldap.synchronization.java.naming.security.principal=Admin@domain.lan
ldap.synchronization.java.naming.security.credentials=PASSWORD
ldap.synchronization.groupSearchBase=ou\=Users,ou\=Groups,dc=domain,dc\=lan
ldap.synchronization.userSearchBase=ou\=Users,dc=domain,dc\=lan

#Passthru config
passthru.authentication.servers=MyDCServer
passthru.authentication.defaultAdministratorUserNames=Admin

#SSO config
ntlm.authentication.sso.enabled=true
synchronization.import.cron=0 0 0 * * ?
synchronization.synchronizeChangesOnly=false
synchronization.allowDeletions=true

#protocols.rootPath=/${spaces.company_home.childname}/${spaces.sites.childname}

alfresco.authentication.authenticateCIFS=true
### CIFS ###
cifs.enabled=true
cifs.serverName=MyAlfrescoServer
cifs.hostannounce=true
cifs.domain=domain.lan
cifs.broadcast=[MyLocalNICAddress]
cifs.localname=${localname}A
cifs.urlfile.prefix=http://${localname}:8080/alfresco/

#Retrait de l'affichage des fichiers mise à jour dans les répertoires
cifs.pseudoFiles.enabled=false
cifs.pseudoFiles.explorerURL.enabled=false
cifs.pseudoFiles.explorerURL.fileName=__Alfresco.url
cifs.pseudoFiles.shareURL.enabled=false
cifs.pseudoFiles.shareURL.fileName=__Share.url

cifs.tcpipSMB.port=445
cifs.netBIOSSMB.sessionPort=139
cifs.netBIOSSMB.namePort=137
cifs.netBIOSSMB.datagramPort=138

cifs.sessionDebug=NETBIOS, SOCKET

#nfs.enabled=true
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Strange thing, the mounted drive displays a size of 7,99Eo (ExaOctets) which is… pretty large for a 900Go drive xD
Not a huge problem though.

Hope it helps someone, i've been working on that for few weeks, glad I made it work !

Hyland Connect

CIFS on Windows Server 2012