AnsweredAssumed Answered

can not log in as internal user with passthru configured

Question asked by brazen on Aug 16, 2010
Latest reply on Aug 17, 2010 by brazen
I installed alfresco with basically default settings.  I log in to the Alfresco Explorer webpage as admin and change the password.  I log out and log back in as admin just to make sure the new password works.  I then enable passthru authentication and user synchronization with ldap-ad.  I restart Tomcat and try to log in to Alfresco Explorer again.

First of all, I get a pop-up login window instead of the neat webpage, but that issue can wait.  The problem is, I now can not log in as the local admin user.  I can log in to users through the passthru authentication (to our windows domain) just fine, but not internal users.  I would really like to be able to create an log in to local alfresco user accounts in addition to the domain accounts.

here is settings in alfresco-global.properties, you can see I have ntlm first in the chain:
authentication.chain=alfrescoNtlm1:alfrescoNtlm,passthru1:passthru,ldap-ad1:ldap-ad
synchronization.autoCreatePeopleOnLogin=false

and here is my alfresco/extension/subsystems/Authentication/alfrescoNtlm/alfrescoNtlm1/alfrescoNtlm1.properties:
ntlm.authentication.sso.enabled=false
alfresco.authentication.authenticateCIFS=false
ntlm.authentication.mapUnknownUserToGuest=false
alfresco.authentication.allowGuestLogin=false

and here is alfresco/extension/subsystems/Authentication/passthru/passthru1/passthru1.properties:
passthru.authentication.servers=192.168.1.2,192.168.1.3
ntlm.authentication.mapUnknownUserToGuest=false
passthru.authentication.guestAccess=false

Nothing fancy.  If I remove ldap-ad synch from the chain, it doesn't change anything - only if I add or remove passthru.  If I remove passthru, then I can log in as the internal admin user or as another user that I create.

Outcomes