AnsweredAssumed Answered

CIFS Kerberos issue

Question asked by gmccullough on Apr 22, 2014
Latest reply on May 23, 2015 by sudheer424
I'm getting the following error in the logs when trying to connect to the cifs server from windows:

2014-04-22 12:55:49,696  ERROR [auth.cifs.EnterpriseCifsAuthenticator] [AlfJLANWorker10] No authentication mechanism for SPNEGO found

Kerberos login from Share interface works fine.

Have the following config:

### CIFS Server Configuration ###
cifs.enabled=true
cifs.serverName=${localname}A
cifs.domain=internal.domain.gov
cifs.broadcast=255.255.255.255
# An empty value indicates bind to all available network adapters
cifs.bindto=
cifs.ipv6.enabled=false
cifs.hostannounce=true
# Enable the use of asynchronous sockets/NIO code
cifs.disableNIO=false
# Disable the use of JNI code. Only currently affects Windows
cifs.disableNativeCode=false
# Session timeout, in seconds. Defaults to 15 minutes, to match the default Windows client setting.
# If no I/O is received within that time the session is closed by the server
cifs.sessionTimeout=900
# Maximum virtual circuits per session
# Should only be changed when using Terminal Server clients
cifs.maximumVirtualCircuitsPerSession=16

# Can be mapped to non-privileged ports, then use firewall rules to forward requests from the standard ports
cifs.tcpipSMB.port=445
cifs.netBIOSSMB.sessionPort=139
cifs.netBIOSSMB.namePort=137
cifs.netBIOSSMB.datagramPort=138

# Optional WINS server primary and secondary IP addresses. Ignored if autoDetectEnabled=true
cifs.WINS.autoDetectEnabled=true
cifs.WINS.primary=172.16.100.200
cifs.WINS.secondary=172.16.101.200

# CIFS session debug flags (also enable org.alfresco.fileserver=debug logging level)
# Comma delimeted list of levels :-
#    NETBIOS, STATE, RXDATA, TXDATA, DUMPDATA, NEGOTIATE, TREE, SEARCH, INFO, FILE, FILEIO, TRANSACT
#    ECHO, ERROR, IPC, LOCK, PKTTYPE, DCERPC, STATECACHE, TIMING, NOTIFY, STREAMS, SOCKET, PKTPOOL
#    PKTSTATS, THREADPOOL, BENCHMARK
cifs.sessionDebug=

# Big Switch, are the Desktop Actions and URL shortcuts shown for CIFS ?
cifs.pseudoFiles.enabled=true

# CIFS URL for alfresco explorer
cifs.pseudoFiles.explorerURL.enabled=true
cifs.pseudoFiles.explorerURL.fileName=__Alfresco.url

# Cifs URL for alfresco share
cifs.pseudoFiles.shareURL.enabled=false
cifs.pseudoFiles.shareURL.fileName=__Share.url


ntlm.authentication.sso.enabled=false
ntlm.authentication.authenticateCIFS=false
##alfresco.authentication.allowGuestLogin=true
##alfresco.authentication.authenticateCIFS=true

authentication.chain=alfrescoNtlm1:alfrescoNtlm,kerberos1:kerberos,ldap1:ldap-ad

kerberos.authentication.realm=AD.DOMAIN.GOV
kerberos.authentication.sso.enabled=true
kerberos.authentication.authenticateCIFS=true
kerberos.authentication.user.configEntryName=Alfresco
kerberos.authentication.cifs.configEntryName=AlfrescoCIFS
kerberos.authentication.http.configEntryName=AlfrescoHTTP
kerberos.authentication.cifs.password=changed
kerberos.authentication.http.password=changed
kerberos.authentication.defaultAdministratorUserNames=gmccullough

Outcomes