cancel
Showing results for 
Search instead for 
Did you mean: 

Windows 2008 R2 CIFS

jaydye
Champ in-the-making
Champ in-the-making
Hi, I hope somebody can help, I'm really stuck trying to get AD authentication working with CIFS.

CIFS mappings are working with a local Alfresco account - eg. net use * \\alfrescoNETBIOS\Alfresco /user:alfrescoServer\localAlfrescoAccount

When I turn on AD authentication for CIFS, I receive the 'net use' password prompt, which always fails on error "System error 86 has occurred. The specified network password is not correct."
8 REPLIES 8

mrogers
Star Contributor
Star Contributor
I don't see cifs being enabled in what you have posted.    However since its working for your local account I presume its set.

Its also unusual to see a name alfrescoNETBIOS

jaydye
Champ in-the-making
Champ in-the-making
alfrescoNETBIOS was just an example, and is not the actual netbios name we are using

I think CIFS is enabled…here is the entry in the config;

### CIFS/SMB Server Configuration ###
cifs.enabled=true
cifs.serverName=${localname}A
cifs.domain=alfresco.local


###-Active Directory-Genisys###
authentication.chain=passthru1Smiley Tongueassthru,alfrescoNtlm1:alfrescoNtlm
passthru.authentication.sso.enabled=true
passthru.authentication.allowGuestLogin=false
alfresco.authentication.authenticateCIFS=false
passthru.authentication.authenticateCIFS=true

###Define the Active Directory server-Genisys###

passthru.authentication.servers=1.1.1.1
passthru.authentication.domain=alfresco.local
passthru.authentication.useLocalServer=false
passthru.authentication.defaultAdministratorUserNames=admin
passthru.authentication.connectTimeout=5000
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=NETBIOS,TCPIP




Any ideas why I'm failing on authentication ?

Thanks

102020
Champ on-the-rise
Champ on-the-rise
I'm also getting this same issue, but only with our Terminal Server (running Server 2008 Ent SP2 64-bit).
All of our XP and Win7 machines work after making the needed changes, but on this system receive the same error as listed above.

I can reproduce this on Win7 if I enable NTLMv2 on Win7, once I flip back to NTLMv1, works (on Win7), however terminal server does not seem to be having the same effect, and the local security policies are pushed by the GPO, so little confused, but trying to debug tonight, it's for sure security related as I can see in event viewer it trying to map, but giving the network password error Smiley Sad

jaydye
Champ in-the-making
Champ in-the-making
I never did get this working….but if you figure it out, please post your config 🙂
Thanks

102020
Champ on-the-rise
Champ on-the-rise
I documented my whole install process if you want my working config, it's gotta be a setting from a 'previous' IT in my case, but I'll post which setting fixes it as we currently have 1/2 the company without the cifs, so I have no choice but to solve it Smiley Wink

Here is the link to my setup/config: https://forums.alfresco.com/forum/installation-upgrades-configuration-integration/installation-upgra...

jaydye
Champ in-the-making
Champ in-the-making
Thanks. I have CIFS working with local alfresco authentication.
I have AD passthrough working fine for users logging into Alfresco.
What I'm struggling with is AD passthrough for CIFS. 

sysadmin2012
Champ in-the-making
Champ in-the-making
Hi jaydey,
Just wanted to share some insight i got after weeks of trial and error.

1. On our Windows Server 2008 R2 we had to change our authentication method to only use NTLMv1 when using passthrough authentication. This fixes the issue that nobody can log in to Alfresco using Windows Server 2008 R2.
2. When this setting was set a new problem arose. Sessions seemed to jump from user to user and after some time people started getting errors saying access denied. This only happened on Windows Server 2008 R2 and not Windows XP clients.
3. After a lot off trial and error i found that adding a DNS-wildcard (Ex *.alfresco-cifs) in our internal DNS-server and running "netuse Q: \\%username%.alfresco-cifs\Alfresco" on logon fixed this issue.
4. With this fix a new problem arose, https://issues.alfresco.com/jira/browse/JLAN-147. To fix that problem you have to do some coding and build your own alfresco-jlan-embed.


Hope this give some insight into the problem and help you get your Alfresco up and running smoothly

Regards
sysadmin2012

102020
Champ on-the-rise
Champ on-the-rise
So also noticed though, on the terminal server, the SHARE SSO doesn't work either, something in local security policies possibly? I'm investigating, as I did install a fresh 2008 server this morning and it worked without any flaw, so I'm thinking a previous setting is causing this (stuck in ntlmv2 somehow?), or something very specific to having the system running as a TS (doubtful though).