AnsweredAssumed Answered

Active Directory Integration: Seriously very broken

Question asked by blentz on Sep 23, 2006
Latest reply on Jan 13, 2009 by meansartin14
I've tried following the steps outlined in http://wiki.alfresco.com/wiki/Configuring_NTLM and no matter how hard I try to enter in my domain name and enter the IP addresses (or hostnames) of my Active Directory servers, it always throws an exception: "Failed to find domain controller or browse master for domainname"

A tcpdump on the system shows broadcasts being sent, and replies back, but the error never varies.

Trying a different approach, I've configured jaas-kerberos authentication according to http://wiki.alfresco.com/wiki/Enterprise_Security_and_Authentication_Configuration and each time I try /that/, I get a different exception: "File server configuration error, Wrong authentication setup for alfresco authenticator"

After searching for this error on the wiki, I find references to the LDAP synchronization stuff, and I'm assuming I'm not there yet. Shouldn't kerberos ticketing (e.g. kinit) stuff work independant of ldap? A tcpdump in this type of configuration shows no attempt to connect to any of my domain controllers via port 88.

I'm so horribly confused. Do I want JAAS, NTLM, LDAP, or PassThru? Or a combination of any two? Or three?

Does anyone have this working in the real world who can provide an example of what they've modified in thier configs to get it to work? The forums and the wiki are sending me in every direction, and each one is a dead end.

All my "normal" stuff like kinit, and ldapsearch with SASL GSSAPI (e.g. no password, authenticated connection to LDAP via kerberos ticket) all works perfectly from the shell against my Active Directory, so it can't be a system configuration or Active Directory problem.

Outcomes