AnsweredAssumed Answered

setting up NTLM on linux

Question asked by melvinwong on Sep 4, 2007
Hi,
I just installed Alfresco 2.1 and is trying very hard to configure NTLM to authenticate with my AD domain controller. Below are the error msg:

net.sf.acegisecurity.AuthenticationServiceException: Failed to open passthru auth session

Hide Details

net.sf.acegisecurity.AuthenticationServiceException: Failed to open passthru auth session
at org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.authenticatePassthru(NTLMAuthenticationComponentImpl.java:793)
at org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.authenticate(NTLMAuthenticationComponentImpl.java:550)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:281)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:187)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:154)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:107)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:210)
at $Proxy18.authenticate(Unknown Source)
at org.alfresco.web.app.servlet.NTLMAuthenticationFilter.processType1(NTLMAuthenticationFilter.java:523)
at org.alfresco.web.app.servlet.NTLMAuthenticationFilter.doFilter(NTLMAuthenticationFilter.java:395)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
at java.lang.Thread.run(Thread.java:619)

My config
web.xml:
      <filter-name>Authentication Filter</filter-name>
<!–      <filter-class>org.alfresco.web.app.servlet.AuthenticationFilter</filter-class>
    –>
      <!– For Novell IChain support use the following filter –>
      <!–
        <filter-class>org.alfresco.web.app.servlet.NovellIChainsHTTPRequestAuthenticationFilter</filter-class>
      –>

      <!– For NTLM authentication support use the following filter –>

        <filter-class>org.alfresco.web.app.servlet.NTLMAuthenticationFilter</filter-class>

   </filter>

   <filter>
      <filter-name>WebDAV Authentication Filter</filter-name>
<!–      <filter-class>org.alfresco.repo.webdav.auth.AuthenticationFilter</filter-class>
–>
      <!– For NTLM authentication support use the following filter –>

        <filter-class>org.alfresco.repo.webdav.auth.NTLMAuthenticationFilter</filter-class>

   </filter>

   <filter>
      <filter-name>Admin Authentication Filter</filter-name>
      <filter-class>org.alfresco.web.app.servlet.AdminAuthenticationFilter</filter-class>
   </filter>

   <filter-mapping>
      <filter-name>Authentication Filter</filter-name>
      <url-pattern>/faces/*</url-pattern>
   </filter-mapping>

   <!– For NTLM authentication support enable the following mapping –>

   <filter-mapping>
      <filter-name>Authentication Filter</filter-name>
      <url-pattern>/navigate/*</url-pattern>
   </filter-mapping>

   <filter-mapping>
      <filter-name>Authentication Filter</filter-name>
      <url-pattern>/command/*</url-pattern>
   </filter-mapping>

   <filter-mapping>
      <filter-name>Authentication Filter</filter-name>
      <url-pattern>/template/*</url-pattern>
   </filter-mapping>


   <filter-mapping>
      <filter-name>WebDAV Authentication Filter</filter-name>
      <url-pattern>/webdav/*</url-pattern>
   </filter-mapping>

   <filter-mapping>
      <filter-name>Admin Authentication Filter</filter-name>
      <url-pattern>/faces/jsp/admin/*</url-pattern>
   </filter-mapping>


file- servers-custom.xml:

    <bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl">
<!–        <property name="useLocalServer">
            <value>true</value>
        </property>
–>
<property name="servers">
<value>192.168.88.30</value>
</property>
        <property name="personService">
            <ref bean="personService" />
        </property>
        <property name="nodeService">
            <ref bean="nodeService" />
        </property>
        <property name="transactionService">
            <ref bean="transactionComponent" />
        </property>
        <property name="guestAccess">
            <value>false</value>
        </property>
    </bean>

</beans>


servers-custom.xml:
add
   <config evaluator="string-compare" condition="Filesystem Security" replace="true">
       <authenticator type="passthru">
          <Server>192.168.88.30</Server>
       </authenticator>
   </config>


Is there any wrong in my config? I did manage to get it running a couple of times but it seems to fail after restart. Please advise me if possible.
Thank you.

melvin

Outcomes