Hi,
New to Alfresco all in all so bare with me. I was testing/playing with Labs 3.0 but never really got anywhere because of the whole "million XMLs in a WAR" configuration nightmare. As I understand it has been improved quite in 3.2 with the new subsystems and configuration in tomcat/share but I'm not quite sure do I get it, and/or do it right. Be it anyway the end result is that I haven't really got to the point where my Active Directory users can logon to Alfresco anything with either their NT credentials, nor their AD username/passwords (or the appropriate DOMAIN\user or combos) neither to CIFS nor to the /alfresco web app.
All I did is more/less C/P from the PDFs and the wiki pages. As I understand I should have setup authentication chain in
/opt/Alfresco/tomcat/shared/classes/alfresco-global.properties
which I did like this:
authentication.chain=alfrescoNtlm1:alfrescoNtlm,passthru1:passthru,ldap-ad:ldap1
Now the Install & configure PDF says I have to place some settings for these authentication subsystem element instances. I banged my head around untill in the wiki section on subsystems I came across that it should be placed in:
$TOMCAT_HOME/shared/classes/alfresco/extension/subsystems////*.properties
So for my case I made these files (with contents below, I ommited the exact names for security reasons, hope you don't mind):
$TOMCAT_HOME/shared/classes/alfresco/extension/subsystems/Authentication/alfrescoNtlm/alfrescoNtlm1/overrides.properties
ntlm.authentication.sso.enabled=false
alfresco.authentication.authenticateCIFS=false
$TOMCAT_HOME/shared/classes/alfresco/extension/subsystems/Authentication/passthru/passthru1/overrides.properties
tlm.authentication.sso.enabled=true
passthru.authentication.authenticateCIFS=true
passthru.authentication.domain=mydomain.tld
passthru.authentication.servers=dc1.mydomain.tld,dc2.mydomain.tld
Here the dc1.mydomain.tld is the FQDN cannonical name of the FSMO master of all things, and the second server is backup DC.
$TOMCAT_HOME/shared/classes/alfresco/extension/subsystems/Authentication/ldap-ad/ldap1/overrides.properties
ldap.authentication.active=false
ldap.synchronization.active=true
ldap.authentication.userNameFormat=%s@mydomain.tld
ldap.authentication.java.naming.provider.url=ldap://dc1.mydomain.tld389
ldap.authentication.defaultAdministratorUserNames=administrator,<myself>
ldap.synchronization.java.naming.security.principal=administrator@mydomain.tld
ldap.synchronization.java.naming.security.credentials=<administrator-password>
Please note that the CentOS 5.3 host this is run on has no other CIFS daemons (ie no Samba) but I have left winbind on and the host is joined to the domain via winbind. Also no other Tomcat, DB is handled by local MySQL, and I also have a CentOS fileserver working perfectly as a windows domain fileserver using distro vanilla Samba, and I have integrated Zimbra Community into my domain as well, so I'm not exactly a novice in Linux, Windows admin nor interop of the two platforms.
But Alfresco is constantly doing my head in. The config process is terribly convoluted even tho I'm no "point-and-click adventurer", I prefer single config file to endless web of directories and miniature config tidbits of the Alfresco/Spring way. But I thoeught I groked it and it's finally manageable in 3.2, still I just cannot get what's wrong.
Here are some log bits that you might find interesting (and that I assume)
00:00:00,025 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'Authentication' subsystem, ID: [managed, ldap-ad] 00:00:00,031 INFO [org.alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties] 00:00:00,031 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'Authentication' subsystem, ID: [managed, ldap-ad] complete 12:59:40,222 WARN [org.springframework.beans.factory.support.DefaultListableBeanFactory] Encountered FactoryBean creation exception for bean 'AuthenticationComponent' - couldn't check type! org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'AuthenticationComponent' defined in file [/opt/Alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/passthru/passthru-authentication-context.xml]: Cannot resolve reference to bean 'authenticationComponent' while setting bean property 'target'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authenticationComponent' defined in file [/opt/Alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/passthru/passthru-authentication-context.xml]: Cannot resolve reference to bean 'passthruServers' while setting bean property 'passthruServers'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'passthruServers' defined in file [/opt/Alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/passthru/passthru-authentication-context.xml]: Invocation of init method failed; nested exception is org.alfresco.error.AlfrescoRuntimeException: 06170006 Error setting passthru domain, Failed to find domain controller or browse master for DOMAIN
and Alfresco dies spouting pretty much this message as I log on. And this is verbatim, and my domain name is certainly not DOMAIN. So this i what I think is wrong, I just don't know where to override it.
If I slam all that stuff from subdirectories and override.properties files in the /opt/Alfresco/tomcat/shared/classes/alfresco-global.properties file (and it looks like)
authentication.chain=alfrescoNtlm1:alfrescoNtlm,passthru1:passthru,ldap-ad:ldap1 ntlm.authentication.sso.enabled=true passthru.authentication.authenticateCIFS=true passthru.authentication.domain=mydomain.tld passthru.authentication.servers=dc1.mydomain.tld,dc2.mydomain.tld ldap.authentication.active=false ldap.synchronization.active=true ldap.authentication.userNameFormat=%s@mydomain.tld ldap.authentication.java.naming.provider.url=ldap://dc1.mydomain.tld:389 ldap.authentication.defaultAdministratorUserNames=administrator,<myself> ldap.synchronization.java.naming.security.principal=administrator@mydomain.tld ldap.synchronization.java.naming.security.credentials=<admin-password>
then it starts OK, accepts admin/admin (internal password system) but does not accept any of my AD users as described, and the log has these:
09:44:15,854 WARN [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] NTLM filter, error resolving CIFS host nameALFRESCOA 09:44:15,855 INFO [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] NTLM filter using server name alfresco 09:48:04,525 ERROR [org.alfresco.smb.protocol.auth] Kerberos logon error 09:48:04,525 ERROR [org.alfresco.smb.protocol.auth] java.lang.NullPointerException 09:48:04,566 ERROR [org.alfresco.smb.protocol.auth] Kerberos logon error 09:48:04,577 ERROR [org.alfresco.smb.protocol.auth] java.lang.NullPointerException 09:48:04,679 ERROR [org.alfresco.smb.protocol.auth] Kerberos logon error 09:48:04,680 ERROR [org.alfresco.smb.protocol.auth] java.lang.NullPointerException 09:48:05,491 ERROR [org.alfresco.smb.protocol.auth] Kerberos logon error 09:48:05,492 ERROR [org.alfresco.smb.protocol.auth] java.lang.NullPointerException 09:48:05,498 ERROR [org.alfresco.smb.protocol.auth] Kerberos logon error 09:48:05,498 ERROR [org.alfresco.smb.protocol.auth] java.lang.NullPointerException
Which is interesting (despite being just a warning) since both NETBIOS and DNS server names of the host are just "alfresco", and I've tried to ovverride cifs.localname and cifs.domain to:
cifs.localname=alfresco
cifs.domain=mydomain.tld
But log errors are stil the same. The other part is Kerberos failing and not really saying why.
Hope someone can help me. Thank you in advance.
--
Running Alfresco 3.4.b CE on CentOS 5.5 x86, vanilla (os provided) openJDK, ImageMagick and oo.o, and bundled tomcat & mysql
bmarkovic
- Posts
- 13
- Achievements
- 1
- Member for
- 3 years 11 months
Stats
Ok still no reply, but I did get a bit further on my own.
Everything so far suggests that the proposed method of overriding properties using the paths (from wiki section on Configuring Subsystems) doesn't really work in my install, i.e. Alfresco does not read anything from my configuration files. I've triple-checked for grammar errors. Is there a syntax such that I can set these options in alfresco-global.properties since it obviously reads it, however for some reason authentication doesn't work this way, I'm assuming it's because default properties don't make it as they should to instances because they are globally defined.
--
dward
- Posts
- 558
- Achievements
- 6
- Member for
- 4 years 1 month
Alfresco Employee
Stats
FYI it seems that the extension classpath based mechanism described here was broken in the v3.2 Community release
http://wiki.alfresco.com/wiki/Alfresco_Subsystems#Extension_classpath
See
http://forums.alfresco.com/en/viewtopic.php?f=8&t=20069#p66374
A fix for this is in the latest community nightly build (14th July).
bmarkovic
- Posts
- 13
- Achievements
- 1
- Member for
- 3 years 11 months
Stats
How would one go about downloading this nightly build?
edit: Rude me, I forgot to say thank you for replying to my post, so here it is: Thank you, Dward, and please respond to this question as well when you find time.
--
MikeH
- Posts
- 3931
- Achievements
- 6
- Member for
- 7 years 10 months
- From
- Alfresco HQ
Alfresco Employee
Stats
http://dev.alfresco.com/downloads/nightly/dist/
Thanks,
Mike
Mike Hatfield
Lead Engineer, Mobile Apps
Find me on Twitter
Get the Alfresco iOS app!
Get the Alfresco Android app!
bmarkovic
- Posts
- 13
- Achievements
- 1
- Member for
- 3 years 11 months
Stats
Thanks. Is there anything I have to bare in mind when rewriting this version over the old one (I intend to save the classpath folders, uninstall, then reinstall and restore folders)?
--