AnsweredAssumed Answered

Alfresco 3.0 Enterprise, CIFS & Kerberos

Question asked by lascaux on Dec 11, 2008
Latest reply on Jun 1, 2012 by shelly_172
Hi,

I successfully setup an installation of Alfresco 3.0 with Kerberos authentication on a Windows 2003 Active Directory. HTTP and CIFS authentication are working perfectly in this environment.

I am trying to perform the same configuration on a Windows 2000 Active Directory, HTTP authentication is working perfectly, but CIFS is not starting at all.

For both of this configuration, I followed the wiki instruction found here : http://wiki.alfresco.com/wiki/Configuring_the_CIFS_and_web_servers_for_Kerberos/AD_integration

The only difference is in the use of ktpass on the windows 2000 AD; I had to use


ktpass -princ cifs/<cifs-server-name>.<domain>@<realm> -pass <password> -mapuser alfrescocifs -crypto DES-CBC-MD5 -ptype KRB5_NT_PRINCIPAL -mapop set +desonly -out c:\temp\alfrescocifs.keytab

ktpass -princ HTTP/<web-server-name>.<domain>@<realm> -pass <password> -mapuser alfrescohttp -crypto DES-CBC-MD5 -ptype KRB5_NT_PRINCIPAL -mapop set +desonly -out c:\temp\alfrescohttp.keytab
rather than

ktpass -princ cifs/<cifs-server-name>.<domain>@<realm> -pass <password> -mapuser <domainnetbios>\alfrescocifs -crypto DES-CBC-MD5 -ptype KRB5_NT_PRINCIPAL -mapop set +desonly -out c:\temp\alfrescocifs.keytab

ktpass -princ HTTP/<web-server-name>.<domain>@<realm> -pass <password> -mapuser <domainnetbios>\alfrescohttp -crypto DES-CBC-MD5 -ptype KRB5_NT_PRINCIPAL -mapop set +desonly -out c:\temp\alfrescohttp.keytab

in the alfresco.log, the following errors occured :


16:38:15,556 ERROR [org.alfresco.smb.protocol.auth] CIFS Kerberos authenticator error
javax.security.auth.login.LoginException: Client not found in Kerberos database (6)
        at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:696)
        at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:542)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
        at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
        at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
        at org.alfresco.filesys.auth.cifs.EnterpriseCifsAuthenticator.initialize(EnterpriseCifsAuthenticator.java:230)
        at org.alfresco.jlan.smb.server.CIFSConfigSection.setAuthenticator(CIFSConfigSection.java:607)
        at org.alfresco.filesys.ServerConfigurationBean.processCIFSServerConfig(ServerConfigurationBean.java:884)
        at org.alfresco.filesys.ServerConfigurationBean.init(ServerConfigurationBean.java:549)
        at org.alfresco.filesys.ServerConfigurationBean.onApplicationEvent(ServerConfigurationBean.java:3098)
        at org.springframework.context.event.SimpleApplicationEventMulticaster$1.run(SimpleApplicationEventMulticaster.java:77)
        at org.springframework.core.task.SyncTaskExecutor.execute(SyncTaskExecutor.java:49)
        at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:75)
        at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:246)
        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:355)
        at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:244)
        at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:187)
        at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:49)
        at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3764)
        at org.apache.catalina.core.StandardContext.start(StandardContext.java:4216)
        at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
        at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
        at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
        at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:831)
        at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:720)
        at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:490)
        at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1150)
        at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
        at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
        at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
        at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
        at org.apache.catalina.core.StandardService.start(StandardService.java:448)
        at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
        at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
Caused by: KrbException: Client not found in Kerberos database (6)
        at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:66)
        at sun.security.krb5.KrbAsReq.getReply(KrbAsReq.java:449)
        at sun.security.krb5.Credentials.sendASRequest(Credentials.java:406)
        at sun.security.krb5.Credentials.acquireTGT(Credentials.java:355)
        at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:672)
        … 48 more
Caused by: KrbException: Identifier doesn't match expected value (906)
        at sun.security.krb5.internal.KDCRep.init(KDCRep.java:133)
        at sun.security.krb5.internal.ASRep.init(ASRep.java:58)
        at sun.security.krb5.internal.ASRep.<init>(ASRep.java:53)
        at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:50)
        … 52 more
16:38:15,566 ERROR [org.alfresco.smb.protocol] CIFS server configuration error, Failed to login CIFS server service
org.alfresco.error.AlfrescoRuntimeException: Failed to login CIFS server service
        at org.alfresco.filesys.ServerConfigurationBean.processCIFSServerConfig(ServerConfigurationBean.java:1586)
        at org.alfresco.filesys.ServerConfigurationBean.init(ServerConfigurationBean.java:549)
        at org.alfresco.filesys.ServerConfigurationBean.onApplicationEvent(ServerConfigurationBean.java:3098)
        at org.springframework.context.event.SimpleApplicationEventMulticaster$1.run(SimpleApplicationEventMulticaster.java:77)
        at org.springframework.core.task.SyncTaskExecutor.execute(SyncTaskExecutor.java:49)
        at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:75)
        at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:246)
        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:355)
        at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:244)
        at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:187)
        at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:49)
        at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3764)
        at org.apache.catalina.core.StandardContext.start(StandardContext.java:4216)
        at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
        at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
        at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
        at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:831)
        at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:720)
        at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:490)
        at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1150)
        at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
        at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
        at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
        at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
        at org.apache.catalina.core.StandardService.start(StandardService.java:448)
        at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
        at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)

Does anybody has an idea of what is blocking CIFS to work in the W2K AD environment ???

Best regards

Sylvain

Outcomes