AnsweredAssumed Answered

Allow CIFS access to synced users only

Question asked by davidyg on Jan 29, 2014
Latest reply on Jan 29, 2014 by davidyg
Hello:

I have configured Alfresco authentication using Kerberos and LDAP-AD as chained subsystems. Kerberos is used to authenticate HTTP and CIFS access and LDAP-AD to sync users data (retrieved from AD).

I have disabled SSO too so if you try to login (Share) using a not synced user it is not recognized and can't be authenticated. It is just what I want (only users who belong to a specific group in AD are allowed to login).

But despite this config, I can access to Alfresco CIFS from that user workstation. I only have to use this UNC:

\\alfresco-server\alfresco

To view its contents (username and password are not required). I can do nothing because access is very restricted (like guest) but after that, and here is the problem, I can login to Share using his username and password. Even his user home is automatically created in Alfresco. Remember: this user exists in AD but he hasn't been synced yet (he is out of the group mentioned before).

So my question is: is it possible to restrict Alfresco CIFS access to AD synced users only? I would like to avoid automatic user creation.

I have tried to get it editing the file:

default-synchronization.properties

And changing these options:

synchronization.syncWhenMissingPeopleLogIn=false
synchronization.autoCreatePeopleOnLogin=false

More information here.

But it seems it is not effective with CIFS authentication.

Thanks.

Outcomes