AnsweredAssumed Answered

NTLM authentication and upgrade woes.

Question asked by gaspode on Oct 27, 2006
Latest reply on Jul 31, 2008 by karakartal
I managed after a lot of headscratching to get the 1.4 preview to have LDAP synchronization to a Active Directory server, NTLM authentication for the web client and top the whole thing with getting the NTLM passthrough to work for the CIFS server. When the release of 1.4 came out I happily downloaded the WAR-release and put it in my deployment directory in the tomcat, modified the config templates to contain more or less the same things which worked with the last release only to discover that the NTLM authentication has been broken again.

When I start the server it gives me:

17:42:52,575 ERROR [org.alfresco.smb.protocol] CIFS server configuration error, No valid authentication servers found for passthru
org.alfresco.error.AlfrescoRuntimeException: No valid authentication servers found for passthru
        at org.alfresco.filesys.server.auth.passthru.PassthruAuthenticator.initialize(PassthruAuthenticator.java:515)
(The complete traceback snipped for space reasons, if there is something else needed to help debug the error, please notify me).

My ntlm-authentication-context.xml contains:

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>

<beans>

    <bean id="authenticationDao" class="org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticationDao" />

    <!– The authentication component.                                      –>

    <!– Use the passthru authentication component to authenticate using    –>
    <!– user accounts on one or more Windows servers.                      –>

    <!– Properties that specify the server(s) to use for passthru          –>
    <!– authentication :-                                                  –>
    <!–   useLocalServer   use the local server for authentication         –>
    <!–   domain           use domain controllers from the specified domain–>
    <!–   servers          comma delimted list of server addresses or      –>
    <!–                    names                                           –>

    <bean id="authenticationComponentImpl" class="org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl">
        <property name="servers">
            <value>vt-winsrv-004.visionten.locala</value>
        </property>
        <!– Servers already specified
        <property name="domain">
            <value>visionten.locala</value>
        </property>
        –>

       <property name="useLocalServer">
            <value>false</value>
        </property>
        <property name="personService">
            <ref bean="personService" />
        </property>
        <property name="nodeService">
            <ref bean="nodeService" />
        </property>
        <property name="guestAccess">
            <value>true</value>
        </property>
    </bean>

</beans>

Strangely enough, when I snoop the packages going to the network, no attempt is made to access vt-winsrv-004.visionten.locala (except from when the LDAP synchronization starts), but the server tries to lookup the DNS name localhost., localhost.(none) and localhost.(none).visionten.locala

I'll post a followup if I discover what was wrong…

Outcomes