AnsweredAssumed Answered

3.4d passthru config

Question asked by jayg30 on Jun 14, 2011
Latest reply on Dec 9, 2011 by tapan.d.thakkar
Hello,

I've tried to get things working on my own for a very long time now, but I'm at my wits end.
I'm working on a Windows 2008 R2 box. Clients are Win7. Alfresco 3.4d Community Edition.
Alfresco and Active Directory are installed on the same Windows 2008R2 box. This is a test enviornment.

Basically I just want to get Active Directory with CIFS support for those users. I know that AD does not support CIFS. That is why I have to configure the authentication chain. I have gotten ldap-AD working on it's own fine and am confident I have no issues with syncing accounts. When I was trying to test if I could get CIFS working I just used the builtin AlfrescoNTLM to remove any variables. I managed to get the AlfrescoNTML CIFS working (I could mount network drive and browse but I think still had an issue with clicking CIFS link in Alfresco Explorer).

At this point I moved to trying to get passthru and LDAP-AD to work so that I could get CIFS support for AD users and not just Alfresco users. I've read all the threads and wiki pages, even external blogs about it. It seems that most of the information tells people to change files outside of the alfresco-global.properties file, but from the wiki sites and everything it seems that all the changes can be made in this one single file. This is what I've done to get everything else to work up to this point, but passthru I can't seem to get. I think it might be something really simple as well.


### Authentication Chain ###
authentication.chain=passthru1:passthru,ldap1:ldap-ad

### NTML Authentication ###
ntlm.authentication.sso.enabled=false

### Passthru Authentication ###
passthru.authentication.useLocalServer=false
passthru.authentication.domain=
passthru.authentication.servers=DOMAIN//server*
passthru.authentication.guestAccess=false
passthru.authentication.defaultAdministratorUserNames=Administrator
passthru.authentication.authenticateCIFS=true

### LDAP Authentication ###
ldap.authentication.active=false

### LDAP Sync ###
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=Administrator
ldap.synchronization.java.naming.security.credentials=password*
ldap.synchronization.groupSearchBase=ou=nj,dc=adpi,dc=nj,dc=local
ldap.synchronization.userSearchBase=ou=nj,dc=adpi,dc=nj,dc=local

### CIFS ###
cifs.enabled=true
cifs.hostannounce=true

synchronization.import.cron=0 * * ? * * * #this just updates things every single minute for testing
*This part of the code is different then what I have in my config.

Alfresco and AD are both setup on the Win 2008 R2 box.
The NetBios Domain is ADPI.
The NetBios Computer name is Alfresco.
The domain is adpi.nj.local.
I have tried setting localserver to true and leaving domain and servers empty. That gets me to a login screen no AD users can log in. I tried setting passthru.authentication.servers to many variations of the information listed above with no luck being able to log in. I tried setting the servers entry to the ip addresses and that doesn't even let me get to a log in screen (java errors get thrown).

I have also made the changes mentioned in the forum about the "Network Security: LAN Manager authentication level". I changed it to "Send LM & NTLM - use NTLMv2 session security if negotiated" as I understand there is a "man in the middle" issue with NTLMv2.

I feel like either I'm misunderstanding something, or I simple don't know what to put in the passthru.authentication.servers field. Or lastly for some reason the alfresco-global.properties file isn't setting the passthru settings correctly for me, but it is for the other stuff I've tried.

Please, if someone could help me with this I'd be very grateful. Gettings AD with CIFS is really all I need to get working now so I can finally have some people take this for a test run.

Thanks

Outcomes