AnsweredAssumed Answered

CIFS vs AD

Question asked by peltuinum on Jun 19, 2007
Latest reply on Sep 16, 2007 by daliakamal2005
I have installed Alfresco Ent. Ed. v. 23.0   under JBoss 4.0.2 in a RedHat 3 ES server, and it works correctly.
Then I activated CIFS according to 'File Server Configuration' Wiki, which worked as well, but the client had to authenticate with an Alfresco user credentials.
Now the customer asks for accessing Alfresco dirs via CIFS  using his Windows ASD credentials.
So, I  started applying the ' Configuring CIFS Server for Kerberos/AD integration'  document, but I was not able to make it work.
I hope someone can help me.

Basing on that document:

1. 'Create user account….' –> the  user name 'must' be 'alfrescocifs', and if not , this user name has some referenxe somewhere in some Alfresco config file? This user name has nothing to do with the Alfresco server name?

3. 'Create the SPN ….'  —> the 'alfresco-cifs' string in the 'setspn ' command has some reference  somewhere else?

4. 'Use the ktpass utility….' –> in the command  'ktpass -princ cifs/alfresco@realm ….'   the 'alfresco' string must be replaced with the fully qualified Alfresco server name?

6. in my case c:/krb5.ini becomes /etc/krb5.conf –> in [domain realm] paragraph the 'adsrv.alfresco.org = ALFRESCO.ORG' string should be 'mydomain = MYDOMAIN' , I guess.

7. in java.login.config  the 'AlfrescoCIFS' label must match with something else somewhere other than the <LoginEntry> tag in file-servers.xml at #9?

. in file-servers.xml, the  'name' in  the
'  <host name="name_A" domain="mydomain"/> tag is somehow related to the AD user account created at #1?

. should I configure some other configuration files in /extension ?

In conclusion, this is a part of  my file-servers.xml:
<alfresco-config area="file-servers">

   <config evaluator="string-compare" condition="CIFS Server">
          <serverEnable enabled="true"/>
      <!–<host name="${localname}_A"/>–>
      <host name="alfresco-a" domain="insiel.it"/>
      <comment>Alfresco CIFS Server</comment>

      <!– Set to the broadcast mask for the subnet –>
      <broadcast>255.255.248.0</broadcast>
….
….
….
<!–
   <config evaluator="string-compare" condition="Filesystem Security">
      <authenticator type="alfresco">
      </authenticator>
–>

<config evaluator="string-compare" condition="Filesystem Security">
      <authenticator type="enterprise">
      <KDC>myadserver.mydomain</KDC>
        <Realm>mydomain</Realm>>
        <Password>alfresco-a</Password>
      </authenticator>


…..



this is what I get in JBoss server.log:

'…….2007-06-19 21:13:24,507 ERROR [org.alfresco.smb.protocol.auth] CIFS Kerberos authenticator error
javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
        at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:166)
        at org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:136)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces….
…..
……..'.

I defined  'alfresco-a ' (password 'alfresco-a')  user in AD.



Any help appreciated.

thanks

Outcomes