AnsweredAssumed Answered

CIFS and NTLM configuration

Question asked by lgr on Jun 7, 2006
Latest reply on Sep 27, 2006 by dschmalz
Hi,

My Alfresco (under linux debian) is configured for using ntlm. Webclient authentication works well.

The CIFS server is defined and worked well before ntlm configuration (using local alfresco user database) :
<host name="${localname}_A" domain="MYDOMAIN"/>
      <comment>Alfresco CIFS Server</comment>

      <!– Set to the broadcast mask for the subnet –>
      <broadcast>10.0.255.255</broadcast>

Then ntlm passthru is defined for ntlm authentication in CIFS (classic authenticator desactived):
<authenticator type="passthru">
        <Server>10.0.0.1</Server>
      </authenticator>
<!–
      <authenticator type="alfresco">
      </authenticator>
–>

Then the alfresco startup launches some errors, and the CIFS server does not start properly :
14:11:10,757 ERROR [alfresco.smb.protocol] File server configuration error, Wrong authentication setup for passthru authenticator
org.alfresco.error.AlfrescoRuntimeException: Wrong authentication setup for passthru authenticator
        at org.alfresco.filesys.server.config.ServerConfiguration.processSecurityConfig(ServerConfiguration.java:1593)
I've read some posts inthe forum, and the wiki documentation, and nothing helped me out.

Configuring debug in log4j :
log4j.logger.org.alfresco.smb.protocol=debug
log4j.logger.org.alfresco.smb.protocol.auth=debug
(this line below does not output anything, only the two lines above do)
log4j.logger.org.alfresco.passthru.auth=debug

give me some more output before the exception :
14:10:53,135 DEBUG [org.alfresco.smb.protocol.auth] Added passthru server [ad.mydomain.com:10.0.0.1:Offline:0,0]
14:10:53,135 DEBUG [smb.protocol.auth] Added passthru server [ad.mydomain.com:10.0.0.1:Offline:0,0]
14:10:53,171 DEBUG [org.alfresco.smb.protocol.auth] New auth session from ged_1 to \\10.0.0.1\IPC$\
14:10:53,199 DEBUG [org.alfresco.smb.protocol.auth] Trying address 10.0.0.1
14:10:53,204 DEBUG [org.alfresco.smb.protocol.auth] Connected to address 10.0.0.1
14:10:53,204 DEBUG [org.alfresco.smb.protocol.auth] Connected session, protocol : TCP/IP NetBIOS
14:10:53,221 DEBUG [org.alfresco.smb.protocol.auth] SessionFactory: Negotiated SMB dialect NT LM 0.12
14:10:53,247 DEBUG [org.alfresco.smb.protocol.auth] Passthru server online, [ad.mydomain.com:10.0.0.1:Online:0,0]
14:10:53,171 DEBUG [smb.protocol.auth] New auth session from ged_1 to \\10.0.0.1\IPC$\
14:10:53,199 DEBUG [smb.protocol.auth] Trying address 10.0.0.1
14:10:53,204 DEBUG [smb.protocol.auth] Connected to address 10.0.0.1
14:10:53,204 DEBUG [smb.protocol.auth] Connected session, protocol : TCP/IP NetBIOS
14:10:53,221 DEBUG [smb.protocol.auth] SessionFactory: Negotiated SMB dialect NT LM 0.12
14:10:53,247 DEBUG [smb.protocol.auth] Passthru server online, [ad.mydomain.com:10.0.0.1:Online:0,0]

Another information :
When re-enabling alfresco authenticator in file-servers.xml, startup goes well without errors :
<authenticator type="alfresco">
      </authenticator>

But my user is disallowed to login via passthru :
14:45:11,249 DEBUG [alfresco.smb.protocol] Server session started
14:45:11,254 DEBUG [alfresco.smb.protocol] Negotiated SMB dialect - NT LM 0.12
14:45:11,257 DEBUG [alfresco.smb.protocol] Assigned protocol handler - org.alfresco.filesys.smb.server.NTProtocolHandler
14:45:11,269 DEBUG [smb.protocol.auth] NT Session setup from user=, password=none, ANSIpwd=00, domain=, os=Windows 2002 Service Pack 2 2600, VC=0, maxBuf=61440, maxMpx=4, authCtx=[NTLM,Challenge=4c0c262fa5a71008]
14:45:11,269 DEBUG [smb.protocol.auth]   MID=8, UID=0, PID=65279
14:45:11,270 DEBUG [smb.protocol.auth] Null CIFS logon allowed
14:45:11,271 DEBUG [smb.protocol.auth] User  logged on  (type Null)
14:45:11,285 DEBUG [smb.protocol.auth] NT Session setup from user=lgr, password=5c84eabe5448c24cfb44bfff3f57690d57826d1b34dd9c8c, ANSIpwd=7aaa1b5945540fcfdb498558da0f7eacba95e19ce7a95d54, domain=MYDOMAIN, os=Windows 2002 Service Pack 2 2600, VC=1, maxBuf=61440, maxMpx=4, authCtx=[NTLM,Challenge=4c0c262fa6a71008]
14:45:11,285 DEBUG [smb.protocol.auth]   MID=16, UID=0, PID=65279
14:45:11,311 DEBUG [smb.protocol.auth] Authenticated user lgr sts=Disallow via Passthru
14:45:11,312 DEBUG [smb.protocol.auth] User lgr, access denied

Looking into the source, it looks like doMD4UserAuthentication fails, but i don't understand why.

Does anyone know what's wrong with this configuration ?

Laurent.

Note1 : a fresh rebooted windows station made the same behaviour.
Note2 : a connection on the ftp server works well

Outcomes