AnsweredAssumed Answered

active directory/kerberos + CIFS

Question asked by spotlight2001 on Aug 26, 2008
* win2003 AD
* alfresco 2.9B

http://wiki.alfresco.com/wiki/Configuring_the_CIFS_and_web_servers_for_Kerberos/AD_integration

didnt work for me.

* user checked DES only …
* with registry setting on win2003 + kdc restart
[http://support.microsoft.com/default.aspx?scid=kb;en-us;833708]
* configured krb5.ini /krb5.conf to accept only DES-CBC-MD5

at first IE used "DES-CBC-MD5" correctly -> Kerberos + HTTP worked
some hours later - i couldnt found reason IE only sent the default "RC4-HMAC-NT"


now im trying:
RC4-HMAC-NT

like before - worked with HTTP + kerberos

but not with CIFS.
in EnterpriseCifsAuthenticator.java


    // Check for the machine account name
    if ( userName.endsWith( "$") && userName.equals( userName.toUpperCase()))
    {
    //Null logon

i never get the user name, only the machine name

[Source=MEINPCNAME$@ITSME,Target=host/alfrescotest@ITSME:Response=103 bytes]


Interpretation: Alfresco recognises, Kerberos Ticket has no AD-User but the machine.

Is there some config in XP/Vista?



this is in log: (causality?)

08:53:35,131 INFO [STDOUT] 08:53:35,130 User:System ERROR [alfresco.smb.protocol] Failed to get local domain/workgroup name, using default of WORKGROUP
08:53:35,131 INFO [STDOUT] 08:53:35,131 User:System ERROR [alfresco.smb.protocol] (This may be due to firewall settings or incorrect <broadcast> setting)

Regards, Walter

Outcomes