AnsweredAssumed Answered

Active Directory and CIFS

Question asked by trelofysikos on Dec 5, 2008
Latest reply on Dec 11, 2008 by trelofysikos
Hello,

I'm trying to make Active Directory and CIFS work together in Alfresco Labs3b. I have managed to make Alfresco work with AD and authenticate AD users.
Everything seems to work fine except, when i try to open CIFS network folder from windows explorer with a user/pass from AD. It does'nt work for any AD users and only alfresco admin has access.
I want users  to be able to scan a document to their User Home in Alfresco.

I tried using authentication=alfresco/simple/passthru, NTLM  and SSO but either nothing works or i'm doing it wrong.
I also read some wiki guides and posts in this forum and could not resolve this issue.
passthru seems promising but can't get it to work.

my ldap-sychronization.properties file

#
# This properties file brings together the common options for LDAP authentication rather than editing the bean definitions
#

# How to map the user id entered by the user to taht passed through to LDAP
# - simple
#    - this must be a DN and would be something like
#      CN=%s,DC=company,DC=com
# - digest
#    - usually pass through what is entered
#      %s    
ldap.authentication.userNameFormat=%s

# The LDAP context factory to use
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory

# The URL to connect to the LDAP server
ldap.authentication.java.naming.provider.url=ldap://myserver.local:389

# The authentication mechanism to use
ldap.authentication.java.naming.security.authentication=DIGEST-MD5

# The default principal to use (only used for LDAP sync)
ldap.authentication.java.naming.security.principal=reader

# The password for the default principal (only used for LDAP sync)
ldap.authentication.java.naming.security.credentials=secret

# Escape commas entered by the user at bind time
# Useful when using simple authentication and the CN is part of the DN and contains commas
ldap.authentication.escapeCommasInBind=false

# Escape commas entered by the user when setting the authenticated user
# Useful when using simple authentication and the CN is part of the DN and contains commas, and the escaped \, is
# pulled in as part of an LDAP sync
# If this option is set to true it will break the default home folder provider as space names can not contain \
ldap.authentication.escapeCommasInUid=false

Do i need to change more properties than
ldap.authentication.java.naming.provider.url=ldap://myserver.local:389

is using
ldap.authentication.java.naming.security.authentication=DIGEST-MD5
ok? or do i have to use authentication=simple? it seems to be ok for the alfresco auth.

my file-servers-custom.xml

<alfresco-config area="file-servers">

<config evaluator="string-compare" condition="CIFS Server">
     <serverEnable enabled="true"/>
      <host name="ACIFS" domain="mydomain"/>
      <comment>Alfresco CIFS Server</comment>

      <!– Set to the broadcast mask for the subnet –>
      <broadcast>255.255.255.255</broadcast>

      <!– Use Java socket based NetBIOS over TCP/IP and native SMB on linux –>
      <tcpipSMB platforms="linux,solaris,macosx"/>
      <netBIOSSMB platforms="linux,solaris,macosx"/>

      <!– Can be mapped to non-privileged ports, then use firewall rules to forward
          requests from the standard ports –>
     <!–      
      <tcpipSMB port="1445" platforms="linux,solaris,macosx"/>
      <netBIOSSMB sessionPort="1139" namePort="1137" datagramPort="1138" platforms="linux,solaris,macosx"/>
     –>
      
      <hostAnnounce interval="5"/>

      <!– Use Win32 NetBIOS interface on Windows –>
      <Win32NetBIOS/>
      <Win32Announce interval="5"/>

      <!– CIFS authentication –>
<!–
      <authenticator type="alfresco">
      </authenticator>
–>

      <WINS>
         <primary>192.168.xx.xx</primary>
         <secondary>192.168.xx.xx</secondary>
      </WINS>

      <sessionDebug flags="Negotiate,Socket"/>
   </config>



  <config evaluator="string-compare" condition="Filesystem Security">
  <authenticator type="alfresco">
  </authenticator>
</config>

  
  
  
   <!– To override the default Alfresco filesystem use replace="true", to –>
   <!– add additional filesystems remove the replace="true" attribute     –>
  
   <config evaluator="string-compare" condition="Filesystems" replace="true">
      <filesystems>

         <filesystem name="Alfresco">
            <store>workspace://SpacesStore</store>
            <rootPath>/app:company_home</rootPath>

            <!– Add a URL file to each folder that links back to the web client –>
            <urlFile>
               <filename>__Alfresco.url</filename>
               <webpath>http://${localname}:8080/alfresco/</webpath>
            </urlFile>

            <!– Mark locked files as offline –>
            <offlineFiles/>

            <!– Desktop actions –>
<!–
            <desktopActions>
               <global>
                  <path>alfresco/desktop/Alfresco.exe</path>
                  <webpath>http://${localname}:8080/alfresco/</webpath>
               </global>

               <action>
                  <class>org.alfresco.filesys.smb.server.repo.desk.CheckInOutDesktopAction</class>
                  <name>CheckInOut</name>
                  <filename>__CheckInOut.exe</filename>
               </action>

               <action>
                  <class>org.alfresco.filesys.smb.server.repo.desk.JavaScriptDesktopAction</class>
                  <name>JavaScriptURL</name>
                  <filename>__ShowDetails.exe</filename>
                  <script>alfresco/desktop/showDetails.js</script>
                  <attributes>anyFiles</attributes>
                  <preprocess>copyToTarget</preprocess>
               </action>

            </desktopActions>
–>
<!–
            <accessControl default="Write">
               <user name="admin" access="Write"/>
               <address subnet="90.1.0.0" mask="255.255.0.0" access="Write"/>
            </accessControl>
–>
         </filesystem>
       
       <!– AVM virtualization view of all stores/versions for WCM –>
         <avmfilesystem name="AVM">
            <virtualView/>
         </avmfilesystem>
       
      </filesystems>
   </config>

</alfresco-config>



Can anybody help me with this ?


Thanks in advance.

Outcomes