AnsweredAssumed Answered

Kerberos authentication

Question asked by nancygaillard on Jun 12, 2014
Hi!
I am trying to run Alfresco using Kerberos authentication, in order to receive directly scanned files on Alfresco using a printer.
I had tried with ntml authentication, but it cause some issues with the printer.

OS : Windows Server 2008 R2
Alfresco 4.2.c

For the moment :
- I downloaded Heimdal and Network Identity Manager to install Kerberos on my server host [Heimdal 1.6.2.0 and NIM 2.0.102.907] following this => http://computing.help.inf.ed.ac.uk/kerberos-windows

- I done that is written there => (Configuring Kerberos against Active Directory) http://docs.alfresco.com/4.1/tasks/auth-kerberos-ADconfig.html

- I set up my authentication.chain in alfresco-global.properties like this :
authentication.chain=kerberos1:kerberos,ldap-ad:ldap-ad


- I added cifs.enabled=true also in my alfresco-global.properties

but it doesn't work!

After restarting tomcat, I found these errors in the browser:

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'cifsAuthenticator' defined in file [C:\Alfresco\tomcat\webapps\alfresco\WEB-INF\classes\alfresco\subsystems\Authentication\kerberos\kerberos-authentication-context.xml]: Invocation of init method failed; nested exception is org.alfresco.jlan.server.config.InvalidConfigurationException: Failed to login CIFS server service
causé par :
org.alfresco.jlan.server.config.InvalidConfigurationException: Failed to login CIFS server service

I know that I haven't understood all I read. (My english understanding?)

Perhaps it is caused by my krb5.ini?

====My configuration============

Users on the Windows domain :
Administrateur, cifsserver, httpserver

Domain : PS.local
REALM : PS.LOCAL
host : server
hostnetbios : serverA

my krb5.ini
<blockcode>
[libdefaults]
default_realm = PS.LOCAL
default_tkt_enctypes = rc4-hmac
default_tgs_enctypes = rc4-hmac

[realms]
PS.LOCAL = {
   kdc = Administrateur.PS.local
   admin_server = Administrateur.PS.local
}

[domain_realm]
Administrateur.PS.local = PS.LOCAL
.Administrateur.PS.local = PS.LOCAL
</blockcode>

What is wrong?

Outcomes