AnsweredAssumed Answered

3.3 2x Automatic user creation CIFS AD kerberos

Question asked by mathgallant on Nov 11, 2010
Latest reply on Nov 26, 2010 by mathgallant
Hello,

I have a 3.3 community installation on which I have setup an auth chain of alfresco NTLM and Kerberos with SSO and CIFS auth enabled to manage domain user logins both to the web interface and to the CIFS shares. I do not use ldap-ad.

So my auth chain and parameters are :

authentication.chain=alfrescoNtlm1:alfrescoNtlm,kerberos1:kerberos
alfresco.authentication.allowGuestLogin=false
alfresco.authentication.authenticateCIFS=false
kerberos.authentication.realm=DOMAIN.COM
kerberos.authentication.sso.enabled=true
kerberos.authentication.authenticateCIFS=true
kerberos.authentication.cifs.password=password
kerberos.authentication.http.password=password2
kerberos.authentication.defaultAdministratorUserNames=Myaccount
ntlm.authentication.sso.enabled=false
ntlm.authentication.authenticateCIFS=false

And the CIFS settings are :

cifs.serverName=servername
cifs.domain=domain.com
cifs.ipv6.enabled=false
cifs.hostanounce=true
cifs.broadcast=255.255.255.255
cifs.tcpipSMB.port=1445
cifs.netBIOSSMB.namePort=1137
cifs.netBIOSSMB.datagramPort=1138
cifs.netBIOSSMB.sessionPort=1139
cifs.WINS.autoDetectEnabled=true


My problem is that when a new user connects to CIFS for the first time, two users are created in Alfresco, one using his account name and one appending @domain. The actual home folder that is mapped to the user is the one using his account name alone, and if a user first connects to the web interface, only one user is created also with the account name alone (that is, untill he connects to CIFS, at which point the second "@domain" user is then created).

I am assuming that there is a setting that controls this behavior, but I can't find it for the life of me.

I can usually google my way out of things like this, but seems I couldn't find the magic key word this time.

Thanks,

Math

Outcomes