AnsweredAssumed Answered

CIFS User Auth Fails IF Attempted BEFORE User Logs into WEB-

Question asked by unknown-user on Mar 16, 2007
Latest reply on Sep 12, 2007 by andy
With JAAS/LDAP Respository auth and CIFS Filesystem Security of 'passthru' a user can't authenticate against the CIFS server UNTIL they've first logged into the WEB GUI.


smbclient -L ALFRECO_CIFS_SERVER -U UNAME
Password:
session setup failed: NT_STATUS_LOGON_FAILURE

20:05:21,664 DEBUG [org.alfresco.smb.protocol] TCP-SMB session request received from *
20:05:21,664 DEBUG [org.alfresco.smb.protocol] Waiting for TCP-SMB session request …
20:05:21,664 DEBUG [org.alfresco.smb.protocol] Server session started
20:05:21,675 DEBUG [org.alfresco.smb.protocol] Negotiated SMB dialect - NT LM 0.12
20:05:21,675 DEBUG [org.alfresco.smb.protocol] Assigned protocol handler - org.alfresco.filesys.smb.server.NTProtocolHandler
20:05:21,681 DEBUG [org.alfresco.smb.protocol.auth] Open authenticate session to [madc01.ad.menasha.com:10.0.2.2:Online:1,Thu Mar 15 19:56:15 CDT 2007]
20:05:21,683 DEBUG [org.alfresco.smb.protocol.auth] New auth session from monet01.menasha.com_3 to \\*\IPC$\
20:05:21,684 DEBUG [org.alfresco.smb.protocol.auth] Trying address *
20:05:21,686 DEBUG [org.alfresco.smb.protocol.auth] Connected to address *
20:05:21,686 DEBUG [org.alfresco.smb.protocol.auth] Connected session, protocol : TCP/IP NetBIOS
20:05:21,686 DEBUG [org.alfresco.smb.protocol.auth] SessionFactory: Negotiated SMB dialect NT LM 0.12
20:05:21,687 DEBUG [org.alfresco.smb.protocol.auth] Passthru sessId=3, auth ctx=[NTLM,Challenge=3a015abcb88f48b2]
20:05:21,687 DEBUG [org.alfresco.smb.protocol] State changed to SMBSESSSETUP
20:05:21,794 DEBUG [org.alfresco.ftp.protocol] FTP session request received from *
20:05:23,792 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup from user=UNAME, password=2521dd07fa5fc6606434372f679ea4d4cf6af50ea2a20642, ANSIpwd=6e202e00fb29d9206868668ec7e5a2d227866d098edeb173, domain=AD, os=Unix, VC=2128, maxBuf=65535, maxMpx=2, authCtx=[NTLM,Challenge=3a015abcb88f48b2]
20:05:23,792 DEBUG [org.alfresco.smb.protocol.auth] MID=2, UID=0, PID=2128
20:05:23,812 DEBUG [org.alfresco.smb.protocol.auth] Failed to find person matching user UNAME
20:05:23,812 DEBUG [org.alfresco.smb.protocol.auth] User UNAME, access denied
20:05:23,887 DEBUG [org.alfresco.smb.protocol] ## Session closing - Remote disconnect
20:05:23,887 DEBUG [org.alfresco.smb.protocol] State changed to NBHANGUP
20:05:23,887 DEBUG [org.alfresco.smb.protocol] Cleanup session, vcircuits=0, changeNotify=0
20:05:23,887 DEBUG [org.alfresco.smb.protocol] Server session closed

===================================
NOW Login to Repository w/ Web Gui and then connect to CIFS server…
===================================

smbclient -L ALFRECO_CIFS_SERVER -U UNAME
Password:
Domain=[AD] OS=[Java] Server=[Alfresco CIFS Server 3.5.1]

        Sharename Type Comment
        ——— —- ——-
        Alfresco Disk
        IPC$ IPC
        AVM Disk
session request to ALFRESCO.DOMAINNAME failed (Call returned zero bytes (EOF))
session request to ALFRESCO failed (Call returned zero bytes (EOF))
Domain=[AD] OS=[Java] Server=[Alfresco CIFS Server 3.5.1]

        Server Comment
        ——— ——-

        Workgroup Master
        ——— ——-


20:09:25,166 DEBUG [org.alfresco.smb.protocol.auth] Open authenticate session to [*:Online:3,Thu Mar 15 20:09:22 CDT 2007]
20:09:25,168 DEBUG [org.alfresco.smb.protocol.auth] New auth session from * to \\10.0.2.2\IPC$\
20:09:25,169 DEBUG [org.alfresco.smb.protocol.auth] Trying address *
20:09:25,170 DEBUG [org.alfresco.smb.protocol.auth] Connected to address *
20:09:25,171 DEBUG [org.alfresco.smb.protocol.auth] Connected session, protocol : TCP/IP NetBIOS
20:09:25,171 DEBUG [org.alfresco.smb.protocol.auth] SessionFactory: Negotiated SMB dialect NT LM 0.12
20:09:25,172 DEBUG [org.alfresco.smb.protocol.auth] Passthru sessId=5, auth ctx=[NTLM,Challenge=cc7982b118589115]
20:09:25,172 DEBUG [org.alfresco.smb.protocol] State changed to SMBSESSSETUP
20:09:25,269 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup from user=UNAME, password=4e0a08f17c56cbdd77d24d41ac2cd5a7341d13ceafb82fd0, ANSIpwd=0c204671e4dbdea5bee6fcb578fb0693ca1205e5177201b0, domain=AD, os=Unix, VC=2225, maxBuf=65535, maxMpx=2, authCtx=[NTLM,Challenge=cc7982b118589115]
20:09:25,269 DEBUG [org.alfresco.smb.protocol.auth] MID=3, UID=0, PID=2225
20:09:25,275 DEBUG [org.alfresco.smb.protocol.auth] Setting current user using person UNAME (username UNAME)
20:09:25,275 DEBUG [org.alfresco.smb.protocol.auth] Passthru authenticate user=UNAME, FULL
20:09:25,275 DEBUG [org.alfresco.smb.protocol.auth] User UNAME logged on (type Normal)
20:09:25,275 DEBUG [org.alfresco.smb.protocol.auth] Allocated UID=0 for VC=[2225:0,[macrojam:[B@15d02bb,AD,Unix,10.128.39.194,token=net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@15e7801: Username: net.sf.acegisecurity.providers.dao.User@1188f7b: Username: macrojam; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_AUTHENTICATED; Password: [PROTECTED]; Authenticated: true; Details: net.sf.acegisecurity.providers.dao.User@1188f7b: Username: UNAME; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_AUTHENTICATED; Granted Authorities: ROLE_AUTHENTICATED],Tree=0,Searches=0]
20:09:25,275 DEBUG [org.alfresco.smb.protocol] State changed to SMBSESSION
20:09:25,338 DEBUG [org.alfresco.smb.protocol] Rx packet type - TREE_CONNECT_ANDX, SID=0
20:09:25,339 DEBUG [org.alfresco.smb.protocol] NT Tree Connect AndX - \\ALFRESCO.MENASHA.COM\IPC$, ?????
20:09:25,339 DEBUG [org.alfresco.smb.protocol] Tree Connect AndX - Allocated Tree Id = 0, Permission = Writeable
20:09:25,339 DEBUG [org.alfresco.smb.protocol] Cleanup session, vcircuits=0, changeNotify=0
20:09:25,339 DEBUG [org.alfresco.smb.protocol] Cleanup session, vcircuits=0, changeNotify=0
20:09:25,340 DEBUG [org.alfresco.smb.protocol] Rx packet type - TRANSACTION, SID=0
20:09:25,340 DEBUG [org.alfresco.smb.protocol] IPC$ Transaction pipe=\PIPE\LANMAN, subCmd=
20:09:25,340 DEBUG [org.alfresco.smb.protocol] \PIPE\LANMAN\ transact request, cmd=104, prm=WrLehDz, data=B16BBDz
20:09:25,340 DEBUG [org.alfresco.smb.protocol] No handler for \PIPE\LANMAN\ request, cmd=104, prm=WrLehDz, data=B16BBDz
20:09:25,376 DEBUG [org.alfresco.smb.protocol] Rx packet type - TRANSACTION, SID=0
20:09:25,376 DEBUG [org.alfresco.smb.protocol] IPC$ Transaction pipe=\PIPE\LANMAN, subCmd=
20:09:25,376 DEBUG [org.alfresco.smb.protocol] \PIPE\LANMAN\ transact request, cmd=104, prm=WrLehDz, data=B16BBDz
20:09:25,376 DEBUG [org.alfresco.smb.protocol] No handler for \PIPE\LANMAN\ request, cmd=104, prm=WrLehDz, data=B16BBDz
20:09:25,477 DEBUG [org.alfresco.smb.protocol] Rx packet type - TREE_DISCONNECT, SID=0
20:09:25,477 DEBUG [org.alfresco.smb.protocol] Tree disconnect - 0, [[IPC$,IPC$,,Admin,Hidden],0:Writeable]
20:09:25,577 DEBUG [org.alfresco.smb.protocol] ## Session closing - Remote disconnect
20:09:25,577 DEBUG [org.alfresco.smb.protocol] State changed to NBHANGUP
20:09:25,577 DEBUG [org.alfresco.smb.protocol] Cleanup session, vcircuits=1, changeNotify=0
20:09:25,577 DEBUG [org.alfresco.smb.protocol] Cleanup vc=[2225:0,[macrojam:[B@15d02bb,AD,Unix,10.128.39.194,token=net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@15e7801: Username: net.sf.acegisecurity.providers.dao.User@1188f7b: Username: macrojam; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_AUTHENTICATED; Password: [PROTECTED]; Authenticated: true; Details: net.sf.acegisecurity.providers.dao.User@1188f7b: Username: UNAME; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_AUTHENTICATED; Granted Authorities: ROLE_AUTHENTICATED],Tree=0,Searches=0]
20:09:25,577 DEBUG [org.alfresco.smb.protocol] Cleanup vc=2225, UID=0, searches=0, treeConns=0
20:09:25,577 DEBUG [org.alfresco.smb.protocol] Server session closed

eHcache related?

Outcomes