AnsweredAssumed Answered

Alfresco 5.2 CIFS AD integration problem

Question asked by torigabor on May 30, 2017
Latest reply on Jun 6, 2017 by torigabor

Hi All!

 

I have a RHEL7 server with Alfresco 5.2. The web gui work well with Windows 2016 AD users. But CIFS isn't working with AD users. CIFS is working with admin (local) user.
I need for two funcionality. Web gui, and CIFS with AD authentication.

 

Does anyone have a live sample configuration? Or... What is the error in this configuration?

 

Please help me! Thank You!

 

My configuration:

alfresco-global.properties

 

###############################
## Common Alfresco Properties #
###############################

dir.root=/opt/alfresco-community/alf_data

alfresco.context=alfresco
alfresco.host=alfresco.domain.co
alfresco.port=80
alfresco.protocol=http

share.context=share
share.host=alfresco.domain.co
share.port=80
share.protocol=http

### database connection properties ###
db.driver=org.postgresql.Driver
db.username=dbuser
db.password=dbsecret
db.name=alfresco
db.url=jdbc:postgresql://localhost:5432/${db.name}
# Note: your database must also be able to accept at least this many connections. Please see your database documentation for instructions on how to configure this.
db.pool.max=275
db.pool.validate.query=SELECT 1

# The server mode. Set value here
# UNKNOWN | TEST | BACKUP | PRODUCTION
system.serverMode=UNKNOWN

### FTP Server Configuration ###
ftp.port=21

### RMI registry port for JMX ###
alfresco.rmi.services.port=50500

### External executable locations ###
ooo.exe=/opt/alfresco-community/libreoffice/program/soffice.bin
ooo.enabled=true
ooo.port=8100
img.root=/opt/alfresco-community/common
img.dyn=${img.root}/lib
img.exe=${img.root}/bin/convert

jodconverter.enabled=false
jodconverter.officeHome=/opt/alfresco-community/libreoffice
jodconverter.portNumbers=8100

### Initial admin password ###
alfresco_user_store.adminpassword=26dd7d431f43245466578ad4f3cbd73b

### E-mail site invitation setting ###
notification.email.siteinvite=false

### License location ###
dir.license.external=/opt/alfresco-community

### Solr indexing ###
index.subsystem.name=solr4
dir.keystore=${dir.root}/keystore
solr.host=localhost
solr.port.ssl=443

### Allow extended ResultSet processing
security.anyDenyDenies=false

### Smart Folders Config Properties ###
smart.folders.enabled=false

### Remote JMX (Default: disabled) ###
alfresco.jmx.connector.enabled=false

# Outbound Email Configuration
mail.host=x.x.x.x #relayhost
mail.port=25
#mail.username=anonymous
#mail.password=
mail.encoding=UTF-8
mail.from.default=alfresco@domain.co
mail.smtp.auth=false

###################

########## LDAP integracio ##########
#CHAIN
#authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap-ad
authentication.chain=alfrescoNtlm1:alfrescoNtlm,passthru1:passthru,ldap1:ldap-ad

#AUTH
ldap.authentication.authenticateCIFS=true

passthru.authentication.sso.enabled=false
passthru.authentication.authenticateCIFS=true

alfresco.authentication.authenticateCIFS=false
alfresco.authentication.allowGuestLogin=false

ntlm.authentication.sso.enabled=true
ntlm.authentication.authenticateCIFS=false

#FTP
#passthru.authentication.authenticateFTP=false

ldap.authentication.active=false
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=%s@domain.loc
ldap.authentication.java.naming.provider.url=ldap://domaindc1.domain.loc:389
ldap.authentication.defaultAdministratorUserNames=Administrator,alfresco
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false

ldap.synchronization.active=true
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=cn\=alfrescouser,cn\=users,dc\=domain,dc\=loc
ldap.synchronization.java.naming.security.credentials=alfrescousersecret
ldap.synchronization.groupSearchBase=cn\=users,dc\=domain,dc\=loc
ldap.synchronization.userSearchBase=cn\=users,dc\=domain,dc\=loc
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.groupDifferentialQuery=(&(objectclass=nogroup)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(&(objectclass=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(& (objectclass=user)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupQuery=(objectclass\=group)
ldap.synchronization.groupSearchBase=cn\=users,dc\=domain,dc\=loc
ldap.synchronization.userSearchBase=cn\=users,dc\=domain,dc\=loc
synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss’.0Z’
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=msExchALObjectVersion
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupType=Nogroup
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member
synchronization.synchronizeChangesOnly=true
ldap.synchronization.java.naming.security.authentication=simple

passthru.authentication.useLocalServer=false
passthru.authentication.domain=domain.loc
passthru.authentication.servers=x.x.x.x #server ip
passthru.authentication.guestAccess=false
passthru.authentication.defaultAdministratorUserNames=alfrescoldap
passthru.authentication.connectTimeout=5000
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=TCPIP,NETBIOS

###### CIFS konfiguracio ########
cifs.disableNativeCode=false
cifs.enabled=true
cifs.serverName=alfresco
cifs.domain=
cifs.hostannounce=true
cifs.disableNativeCode=false
cifs.serverName=alfresco.domain.co
cifs.sessionTimeout=500
cifs.ipv6.enabled=false
cifs.WINS.autoDetectEnabled=true
cifs.tcpipSMB.port=445
cifs.netBIOSSMB.namePort=137
cifs.netBIOSSMB.datagramPort=138
cifs.netBIOSSMB.sessionPort=139


Outcomes