AnsweredAssumed Answered

2.9B - Error during passthru authentication with IE on Vista

Question asked by pduval on Feb 14, 2008
Hi all,

I installed Alfresco 2.9B with NTLM authentication.
The PDC is a windows 2003 server, the Alfresco machine is a Linux Ubuntu 7.10.

Passthru authentication on the web interface appears to work fine for users using Internet Explorer on XP machines, but for users using Internet Explorer on Vista, the following error occurs:


11:57:53,129  DEBUG [alfresco.smb.protocol] TCP-SMB session request received from 10.140.144.111
11:57:53,130  DEBUG [alfresco.smb.protocol] Waiting for TCP-SMB session request …
11:57:53,130  DEBUG [alfresco.smb.protocol] Server session started
11:57:53,131  DEBUG [alfresco.smb.protocol] Negotiated SMB dialect - NT LM 0.12
11:57:53,131  DEBUG [alfresco.smb.protocol] Assigned protocol handler - org.alfresco.filesys.smb.server.NTProtocolHandler
11:57:53,131  DEBUG [smb.protocol.auth] Open authenticate session to [MYDOMAIN\NED:10.140.1.1:Online:12,Thu Feb 14 11:57:37 GMT 2008]
11:57:53,132  DEBUG [smb.protocol.auth] New auth session from martello_14 to \\10.140.1.1\IPC$\
11:57:53,133  DEBUG [smb.protocol.auth] Trying address 10.140.1.1
11:57:53,134  DEBUG [smb.protocol.auth] Connected to address 10.140.1.1
11:57:53,134  DEBUG [smb.protocol.auth] Connected session, protocol : TCP/IP NetBIOS
11:57:53,135  DEBUG [smb.protocol.auth] SessionFactory: Negotiated SMB dialect NT LM 0.12
11:57:53,146  DEBUG [smb.protocol.auth] NT Session setup from user=philippe, password=a05bd4b3b3da1e4930da581fad2e723701010000000000001971e5d0006fc8012580e8c0c1c831bf00000000020002004200010002004c0000
00000000000000, ANSIpwd=2df5eca25646f124fa7c8e45ccbc59c72580e8c0c1c831bf, domain=MYDOMAIN, os=, VC=0, maxBuf=0, maxMpx=4, authCtx=[NTLM,Challenge=d76ae06afa4221ad]
11:57:53,147  DEBUG [smb.protocol.auth]   MID=8, UID=0, PID=65279
11:57:53,181  ERROR [smb.protocol.auth] Error during passthru authentication
org.alfresco.repo.security.authentication.AuthenticationException: Logon failure
        at org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.authenticatePassthru(NTLMAuthenticationComponentImpl.java:948)
        at org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.authenticate(NTLMAuthenticationComponentImpl.java:550)
        at org.alfresco.filesys.server.auth.AlfrescoAuthenticator.doPassthruUserAuthentication(AlfrescoAuthenticator.java:437)
        at org.alfresco.filesys.server.auth.AlfrescoAuthenticator.authenticateUser(AlfrescoAuthenticator.java:161)
        at org.alfresco.filesys.server.auth.CifsAuthenticator.processSessionSetup(CifsAuthenticator.java:513)
        at org.alfresco.filesys.smb.server.NTProtocolHandler.procSessionSetup(NTProtocolHandler.java:407)
        at org.alfresco.filesys.smb.server.NTProtocolHandler.runProtocol(NTProtocolHandler.java:221)
        at org.alfresco.filesys.smb.server.SMBSrvSession.run(SMBSrvSession.java:1381)
        at java.lang.Thread.run(Thread.java:619)
11:57:53,182  DEBUG [smb.protocol.auth] Authenticated user philippe sts=Disallow via Passthru
11:57:53,182  DEBUG [smb.protocol.auth] User philippe, access denied

In the log extract above, MYDOMAIN\NED is the PDC (windows 2k3, ip 10.140.1.1),
and the Vista client is the 10.140.144.111 ip (user philippe)

The ntlm-authentication-context.xml file contains the definitions below:


<beans>

    <bean id="authenticationDao" class="org.alfresco.repo.security.authentication.ntlm.Nul
lMutableAuthenticationDao" >
<property name="nodeService"><ref bean="nodeService" /></property>
    </bean>

    <!– The authentication component.                                      –>

    <!– Use the passthru authentication component to authenticate using    –>
    <!– user accounts on one or more Windows servers.                      –>
   
    <!– Properties that specify the server(s) to use for passthru          –>
    <!– authentication :-                                                  –>
    <!–   useLocalServer   use the local server for authentication         –>
    <!–   domain           use domain controllers from the specified domain–>
    <!–   servers          comma delimted list of server addresses or      –>
    <!–                    names                                           –>
      
    <bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl">
        <property name="useLocalServer">
            <value>false</value>
        </property>
        <property name="personService">
            <ref bean="personService" />
        </property>
        <property name="nodeService">
            <ref bean="nodeService" />
        </property>
        <property name="transactionService">
            <ref bean="transactionComponent" />
        </property>
        <property name="guestAccess">
            <value>false</value>
        </property>
        <!– <property name="domain"><value>MYDOMAIN</value></property>  –>
        <property name="servers"><value>MYDOMAIN\NED</value></property>
    </bean>


Any idea what to do to solve this?

Regards,
Philippe

Outcomes