AnsweredAssumed Answered

Kerberos+ AD+ Alfresco Problem! help

Question asked by subemontes on Oct 14, 2008
Latest reply on Nov 7, 2008 by subemontes
Hi all!
first and foremost, description.
Machine A _> Alfresco
Machie b -> SQL
Machine c-> Alf_data
Machine d -> Domain Controler

Info:
http://wiki.alfresco.com/wiki/Configuring_the_CIFS_and_web_servers_for_Kerberos/AD_integration
http://wiki.alfresco.com/wiki/Enterprise_Security_and_Authentication_Configuration
http://java.sun.com/javase/6/docs/technotes/guides/security/jaas/tutorials/GeneralAcnOnly.html
And many posts in forums in this one, many from belmeki…

No luck.

Take the easy point first.
in http://wiki.alfresco.com/wiki/Enterprise_Security_and_Authentication_Configuration
are told that allowing kerberos is as easy as modify 2 files:
jaas-authentication-context.xml
java.security
java.security.config

well… it didnt work.
Here's jaas:
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>

<beans>
    <!– The authentication component.                                      –>

    <!– Jass authentication - most of the config goes somewhere else       –>
      
    <bean id="authenticationComponent"
                 class="org.alfresco.repo.security.authentication.jaas.JAASAuthenticationComponent">
        <property name="realm">
            <value>REALM</value>
        </property>
        <property name="jaasConfigEntryName">
            <value>Alfresco</value>
        </property>
    </bean>

    <!– DAO that rejects changes - JAAS is read only at the moment.      –>
    <!– It does allow users to be deleted with out warnings from the UI. –>
    <!– The user is still present in JAAS, only the personal information is removed from alfresco. –>
   
    <bean name="authenticationDao" class="org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao" >
        <property name="allowDeleteUser">
            <value>true</value>
        </property>
    </bean>   

</beans>
Here's the line of java.security
login.config.url.1=file:C:/Program Files/Java/jdk1.6.0_07/jre/lib/security/java.login.config
and java.security.config
Alfresco {
   com.sun.security.auth.module.Krb5LoginModule sufficient;
   };
com.sun.net.ssl.client {
   com.sun.security.auth.module.Krb5LoginModule sufficient;
};
other {
   com.sun.security.auth.module.Krb5LoginModule sufficient;
};

And here's the horrible error (that i dont fully understand):
17:43:07,014 INFO  [org.alfresco.repo.domain.schema.SchemaBootstrap] Schema managed by database dialect org.alfresco.repo.domain.hibernate.dialect.AlfrescoSQLServerDialect.
17:43:10,810 INFO  [org.alfresco.repo.domain.schema.SchemaBootstrap] No changes were made to the schema.
17:43:14,482 INFO  [org.alfresco.repo.admin.ConfigurationChecker] The Alfresco root data directory ('dir.root') is: \\172.16.1.103\alfresco$\alf_data
17:43:14,529 INFO  [org.alfresco.repo.admin.patch.PatchExecuter] Comprobando si hay parches para aplicar …
17:43:15,092 INFO  [org.alfresco.repo.module.ModuleServiceImpl] Found 0 module(s).
17:43:15,295 ERROR [org.alfresco.smb.protocol.auth] No valid CIFS authentication combination available
17:43:15,295 ERROR [org.alfresco.smb.protocol.auth] Either enable Kerberos support or use an authentication component that supports MD4 hashed passwords
17:43:15,310 ERROR [org.alfresco.smb.protocol] CIFS server configuration error, Invalid CIFS authenticator configuration
org.alfresco.error.AlfrescoRuntimeException: Invalid CIFS authenticator configuration
   at org.alfresco.filesys.server.auth.EnterpriseCifsAuthenticator.initialize(EnterpriseCifsAuthenticator.java:378)
Anyone can give a hand ?
Really angry about this one…

Outcomes