AnsweredAssumed Answered

(Another) Kerberos / ActiveDirectory problem

Question asked by donturner on Oct 14, 2008
Latest reply on Oct 15, 2008 by subemontes
Hi all,

It seems like a lot of people are having problems with Kerberos / AD integration, so at least I'm not alone! It's very frustrating as there just aren't any good howtos that I have found, it'd be great if we could get some decent documentation around this. I'll keep a track of all the errors I've been receiving and how I've solved them (if I manage to solve them!).

Problem is as follows:

Alfresco version: 3.0.0 (b 1164) schema 131
Machine running Alfresco: Windows XP SP3 (Name: neptune)
Primary Domain Controller: Windows Server 2003 SP2 (name: server2k3)

I have followed the instructions on: http://wiki.alfresco.com/wiki/Configuring_the_CIFS_and_web_servers_for_Kerberos/AD_integration to the letter (twice in fact). I have also switched on debug logging for smb.protocol by editing C:\Alfresco\tomcat\webapps\alfresco\WEB-INF\classes\log4j.properties and uncommenting the following lines:


# CIFS server debugging
log4j.logger.org.alfresco.smb.protocol=debug
log4j.logger.org.alfresco.smb.protocol.auth=debug

The server starts with no errors. Upon attempting to connect to the network share \\neptunea\alfresco I am prompted for a username and password. When I enter my normal windows username and password the following errors appear in the tomcat console


INFO: Server startup in 24782 ms
19:44:19,964  DEBUG [smb.protocol.auth] NT Session setup NTLMSSP, MID=8, UID=0,PID=65279
19:44:19,980  DEBUG [smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=983,Authenticator=EncType=3,Kvno=-1,Len=176]
19:44:19,980  DEBUG [smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
19:44:19,980  ERROR [smb.protocol.auth] Kerberos logon error
19:44:19,980  ERROR [smb.protocol.auth] java.lang.NullPointerException
19:44:19,996  DEBUG [smb.protocol.auth] NT Session setup NTLMSSP, MID=16, UID=0, PID=65279
19:44:19,996  DEBUG [smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=1047,Authenticator=EncType=3,Kvno=-1,Len=176]
19:44:19,996  DEBUG [smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
19:44:19,996  ERROR [smb.protocol.auth] Kerberos logon error
19:44:19,996  ERROR [smb.protocol.auth] java.lang.NullPointerException

Hope someone can shed some light on this, it seems amazing that this is so difficult!

Does anyone actually have Kerberos / ActiveDirectory setup and working correctly? If so, would you mind letting me know what version / operating systems / configuration files are required.

Thanks,

Don

Outcomes