AnsweredAssumed Answered

NTLM + AD

Question asked by sergisat on May 5, 2009
Hello, my configuration server es:

Centos 5.3
Alfresco JVM - v1.6.0_06-b02
Installed version 3.0.0 (Stable 1526) schema 1002
Domain controllers are windows 2003

NTLM is not working in web and cifs

I configured NTLM following same posts and wiki, and I get this error in web:
Failed to open passthru auth session

My log:
INFO: Despliegue del archivo alfresco.war de la aplicación web
Added passthru server [DOMAIN\name_of_pdc:192.168.66.8:Offline:0,0]
Added passthru server [DOMAIN\name_of_bdc:192.168.66.9:Offline:0,0]
Added passthru server [name_of_pdc:192.168.66.8:Offline:0,0]
Passthru offline check failed for name_of_pdc
Passthru offline check failed for name_of_bdc

I think error is in passthru server that I can't contact.

My file-servers-custom.xml:
<alfresco-config area="file-servers">

   <!– To override the default Alfresco filesystem use replace="true", to –>
   <!– add additional filesystems remove the replace="true" attribute     –>

   <config evaluator="string-compare" condition="Filesystems" replace="true">
      <filesystems>

         <filesystem name="Alfresco">
            <store>workspace://SpacesStore</store>
            <rootPath>/app:company_home</rootPath>

            <!– Add a URL file to each folder that links back to the web client –>
            <urlFile>
               <filename>__Alfresco.url</filename>
               <webpath>http://${localname}:8080/alfresco/</webpath>
            </urlFile>

            <!– Mark locked files as offline –>
            <offlineFiles/>

            <!– Desktop actions –>

            <desktopActions>
               <global>
                  <path>alfresco/desktop/Alfresco.exe</path>
                  <webpath>http://${localname}:8080/alfresco/</webpath>
               </global>
               <action>
                  <class>org.alfresco.filesys.repo.desk.CheckInOutDesktopAction</class>
                  <name>CheckInOut</name>
                  <filename>__CheckInOut.exe</filename>
               </action>
               <action>
                  <class>org.alfresco.filesys.repo.desk.JavaScriptDesktopAction</class>
                  <name>JavaScriptURL</name>
                  <filename>__ShowDetails.exe</filename>
                  <script>alfresco/desktop/showDetails.js</script>
                  <attributes>anyFiles</attributes>
                  <preprocess>copyToTarget</preprocess>
               </action>

            </desktopActions>

<!–
            <accessControl default="Write">
               <user name="admin" access="Write"/>
               <address subnet="90.1.0.0" mask="255.255.0.0" access="Write"/>
            </accessControl>
–>
         </filesystem>

                 <!– AVM virtualization view of all stores/versions for WCM –>
         <avmfilesystem name="AVM">
            <virtualView/>
         </avmfilesystem>

      </filesystems>
   </config>

   <config evaluator="string-compare" condition="CIFS Server">
          <serverEnable enabled="true"/>
      <host name="apolo" domain="umhnet"/>

      <comment>Alfresco CIFS Server</comment>

      <!– Set to the broadcast mask for the subnet –>
      <broadcast>192.168.66.255</broadcast>

      <!– Use Java socket based NetBIOS over TCP/IP and native SMB on linux –>
      <tcpipSMB platforms="linux,solaris,macosx"/>
      <netBIOSSMB platforms="linux,solaris,macosx"/>

           <!– Can be mapped to non-privileged ports, then use firewall rules to forward
                    requests from the standard ports –>
      <tcpipSMB port="1445" platforms="linux,solaris,macosx"/>
      <netBIOSSMB sessionPort="1139" namePort="1137" datagramPort="1138" platforms="linux,solaris,macosx"/>

      <hostAnnounce interval="5"/>

      <!– Use Win32 NetBIOS interface on Windows –>
      <Win32NetBIOS/>
      <Win32Announce interval="5"/>

      <!– CIFS authentication –>
          <authenticator type="alfresco">
          </authenticator>

        <WINS>
                <primary>192.168.66.10</primary>
                <secondary>192.168.66.50</secondary>
        </WINS>

      <sessionDebug flags="Negotiate,Socket"/>
   </config>

</alfresco-config>

My ntlm-authentication-context.xml:
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>

<beans>

   <bean id="authenticationDao" class="org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao" >
         <property name="allowSetEnabled" value="true" />
         <property name="allowGetEnabled" value="true" />
         <property name="allowDeleteUser" value="true" />
         <property name="allowCreateUser" value="true" />
   </bean>

   <!– The authentication component.                                      –>

   <!– Use the passthru authentication component to authenticate using    –>
   <!– user accounts on one or more Windows servers.                      –>

   <!– Properties that specify the server(s) to use for passthru          –>
   <!– authentication :-                                                  –>
   <!–   useLocalServer   use the local server for authentication         –>
   <!–   domain           use domain controllers from the specified domain–>
   <!–   servers          comma delimted list of server addresses or      –>
   <!–                    names                                           –>

   <bean id="authenticationComponent"
         class="org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl"
         parent="authenticationComponentBase">
       <property name="useLocalServer">
           <value>false</value>
       </property>
       <property name="servers">
           <value>UMHNET\192.168.66.8,UMHNET\192.168.66.9,192.168.66.8</value>
       </property>
       <property name="personService">
           <ref bean="personService" />
       </property>
       <property name="nodeService">
           <ref bean="nodeService" />
       </property>
       <property name="transactionService">
           <ref bean="transactionComponent" />
       </property>
       <property name="guestAccess">
           <value>false</value>
       </property>
   </bean>

</beans>

Outcomes