AnsweredAssumed Answered

Windows 7 Broke my CIFS (3.2r2)

Question asked by ofrxnz on Dec 23, 2009
Latest reply on Feb 5, 2010 by clancydamon
So, i have Alfresco 3.2r2 configured to use Kerberos against Active directory (2k3r2)

HTTP authentication works (non-sso)
CIFS authentication on XP-SP3 works flawsley (sso)

but, when i try to use a domin Windows 7 box, i get different errors

if i use \\server \\server.domain.tld i receive a popup that says "the specified server cannot perform the requested operation."

and if i use \\server\alfresco or \\server.domain.tld\alfresco i receive the never ending log in prompt that always comes back as a bad password.

I have followed the procedure http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems#Kerberos several times and since it works in XP i assume everything is fine. 

The logs indicate that i successfully authenticated against alfresco but im guessing windows 7 isn't playing nice. 

Does anyone know anywhere to look in windows 7? registry tweeks, etc?  The XP box sitting next to me works flawlessly. 

I configured acceptable kerberos encryption types in local security policy to "RC4_HMAC_MD5, AES128_HMAC_SHA, AES256_HMAC_SHA11 and future encryption types" i have also tried "no minimum" but this didn't do the trick

maybe there is some strange network security thing since, the server is on a different subnet and probably using a different AD server than the client (more than one replicating)

Thanks in advance

Adam


some log bits

10:57:24,493 DEBUG [org.alfresco.smb.protocol.auth] Logged on using principal cifs/server.domain.tld@DOMAIN.TLD
10:57:24,493 DEBUG [org.alfresco.smb.protocol.auth] Enabling mechTypes :-
10:57:24,493 DEBUG [org.alfresco.smb.protocol.auth]   Kerberos5
10:57:24,493 DEBUG [org.alfresco.smb.protocol.auth]   MS-Kerberos5

11:00:51,726 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup SPNEGO, MID=8, UID=0, PID=65279
11:00:52,064 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction
11:00:52,069 DEBUG [org.alfresco.smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=1220,Authenticator=EncType=23,Kvno=-1,Len=338]
11:00:52,071 DEBUG [org.alfresco.smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
11:00:52,333 DEBUG [org.alfresco.smb.protocol.auth] Using OID MS Kerberos5 for NegTokenTarg
11:00:52,338 DEBUG [org.alfresco.smb.protocol.auth] Created NegTokenTarg using updated AP-REP, added subkey
11:00:52,339 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction
11:00:52,341 DEBUG [org.alfresco.smb.protocol.auth] Logged on using Kerberos, user real.user
11:00:52,343 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction
11:00:52,566 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction
11:00:52,790 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup SPNEGO, MID=16, UID=0, PID=65279
11:00:52,867 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction
11:00:52,868 DEBUG [org.alfresco.smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=1220,Authenticator=EncType=23,Kvno=-1,Len=338]
11:00:52,868 DEBUG [org.alfresco.smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
11:00:53,290 DEBUG [org.alfresco.smb.protocol.auth] Using OID MS Kerberos5 for NegTokenTarg
11:00:53,291 DEBUG [org.alfresco.smb.protocol.auth] Created NegTokenTarg using updated AP-REP, added subkey
11:00:53,291 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction
11:00:53,293 DEBUG [org.alfresco.smb.protocol.auth] Logged on using Kerberos, user real.user
11:00:53,294 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction
11:00:53,296 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction
11:01:06,329 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup SPNEGO, MID=8, UID=0, PID=65279
11:01:06,330 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction
11:01:06,331 DEBUG [org.alfresco.smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=1220,Authenticator=EncType=23,Kvno=-1,Len=338]
11:01:06,331 DEBUG [org.alfresco.smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
11:01:06,333 DEBUG [org.alfresco.smb.protocol.auth] Using OID MS Kerberos5 for NegTokenTarg
11:01:06,334 DEBUG [org.alfresco.smb.protocol.auth] Created NegTokenTarg using updated AP-REP, added subkey
11:01:06,334 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction
11:01:06,336 DEBUG [org.alfresco.smb.protocol.auth] Logged on using Kerberos, user real.user
11:01:06,336 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction
11:01:06,338 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction
11:01:06,404 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup SPNEGO, MID=16, UID=0, PID=65279
11:01:06,405 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction
11:00:53,296 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction
11:01:06,329 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup SPNEGO, MID=8, UID=0, PID=65279
11:01:06,330 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction
11:01:06,331 DEBUG [org.alfresco.smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=1220,Authenticator=EncType=23,Kvno=-1,Len=338]
11:01:06,331 DEBUG [org.alfresco.smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
11:01:06,333 DEBUG [org.alfresco.smb.protocol.auth] Using OID MS Kerberos5 for NegTokenTarg
11:01:06,334 DEBUG [org.alfresco.smb.protocol.auth] Created NegTokenTarg using updated AP-REP, added subkey
11:01:06,334 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction
11:01:06,336 DEBUG [org.alfresco.smb.protocol.auth] Logged on using Kerberos, user real.user
11:01:06,336 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction
11:01:06,338 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction
11:01:06,404 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup SPNEGO, MID=16, UID=0, PID=65279
11:01:06,405 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction
11:01:06,405 DEBUG [org.alfresco.smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=1220,Authenticator=EncType=23,Kvno=-1,Len=338]
11:01:06,406 DEBUG [org.alfresco.smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
11:01:06,408 DEBUG [org.alfresco.smb.protocol.auth] Using OID MS Kerberos5 for NegTokenTarg
11:01:06,409 DEBUG [org.alfresco.smb.protocol.auth] Created NegTokenTarg using updated AP-REP, added subkey
11:01:06,409 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction
11:01:06,409 DEBUG [org.alfresco.smb.protocol.auth] Logged on using Kerberos, user real.user
11:01:06,411 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction
11:01:06,413 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction
11:01:14,063 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup SPNEGO, MID=8, UID=0, PID=65279
11:01:14,063 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction
11:01:14,064 DEBUG [org.alfresco.smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=1220,Authenticator=EncType=23,Kvno=-1,Len=338]
11:01:14,064 DEBUG [org.alfresco.smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
11:01:14,066 DEBUG [org.alfresco.smb.protocol.auth] Using OID MS Kerberos5 for NegTokenTarg
11:01:14,066 DEBUG [org.alfresco.smb.protocol.auth] Created NegTokenTarg using updated AP-REP, added subkey
11:01:14,066 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction
11:01:14,068 DEBUG [org.alfresco.smb.protocol.auth] Logged on using Kerberos, user real.user
11:01:14,068 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction
11:01:14,070 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction
11:01:14,132 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup SPNEGO, MID=16, UID=0, PID=65279
11:01:14,133 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction
11:01:14,133 DEBUG [org.alfresco.smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=1220,Authenticator=EncType=23,Kvno=-1,Len=338]
11:01:14,133 DEBUG [org.alfresco.smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
11:01:14,135 DEBUG [org.alfresco.smb.protocol.auth] Using OID MS Kerberos5 for NegTokenTarg
11:01:14,136 DEBUG [org.alfresco.smb.protocol.auth] Created NegTokenTarg using updated AP-REP, added subkey
11:01:14,136 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction
11:01:14,138 DEBUG [org.alfresco.smb.protocol.auth] Logged on using Kerberos, user real.user
11:01:14,138 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction
11:01:14,140 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction
11:01:14,200 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup SPNEGO, MID=24, UID=0, PID=65279
11:01:14,200 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction
11:01:14,200 DEBUG [org.alfresco.smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=1220,Authenticator=EncType=23,Kvno=-1,Len=338]
11:01:14,200 DEBUG [org.alfresco.smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
11:01:14,202 DEBUG [org.alfresco.smb.protocol.auth] Using OID MS Kerberos5 for NegTokenTarg
11:01:14,203 DEBUG [org.alfresco.smb.protocol.auth] Created NegTokenTarg using updated AP-REP, added subkey
11:01:14,203 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction
11:01:14,204 DEBUG [org.alfresco.smb.protocol.auth] Logged on using Kerberos, user real.user
11:01:14,205 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction
11:01:14,206 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction
11:01:14,260 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup SPNEGO, MID=32, UID=0, PID=65279
11:01:14,260 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction
and it goes on like that….

Outcomes