AnsweredAssumed Answered

active directory/kerberos + CIFS

Question asked by spotlight2001 on Aug 26, 2008
* win2003 AD
* alfresco 2.9B

didnt work for me.

* user checked DES only …
* with registry setting on win2003 + kdc restart
* configured krb5.ini /krb5.conf to accept only DES-CBC-MD5

at first IE used "DES-CBC-MD5" correctly -> Kerberos + HTTP worked
some hours later - i couldnt found reason IE only sent the default "RC4-HMAC-NT"

now im trying:

like before - worked with HTTP + kerberos

but not with CIFS.

    // Check for the machine account name
    if ( userName.endsWith( "$") && userName.equals( userName.toUpperCase()))
    //Null logon

i never get the user name, only the machine name

[Source=MEINPCNAME$@ITSME,Target=host/alfrescotest@ITSME:Response=103 bytes]

Interpretation: Alfresco recognises, Kerberos Ticket has no AD-User but the machine.

Is there some config in XP/Vista?

this is in log: (causality?)

08:53:35,131 INFO [STDOUT] 08:53:35,130 User:System ERROR [alfresco.smb.protocol] Failed to get local domain/workgroup name, using default of WORKGROUP
08:53:35,131 INFO [STDOUT] 08:53:35,131 User:System ERROR [alfresco.smb.protocol] (This may be due to firewall settings or incorrect <broadcast> setting)

Regards, Walter