Home

NTLM and CIFS configuration

You are here

50 posts / 0 new
Last post
NTLM and CIFS configuration

Hi,

i'm fully confused with configuring ntlm authentication and CIFS. Version of Alfresco is 2.1 Community Edition on Windows 2003 server/Tomcat. So far I tried 2 ways:

1) Configuring NTLM for webaccess. As described in "Configuring NTLM" in Wiki. Work perfectly fine. I was able access http://servername:8080/alfresco with domain user. IE automatically log me in. For cifs i've tried to follow "Configuring the CIFS server for Kerberos/Active Directory integration" but i can't access my server. I don't have any exceptions in tomcat log. I have successfull logon in security event viewer both on computer alfresco installed and on domain controller. But still when i'm trying to access servername_a it shows login dialog and said login failed.

2) Tried to configure jaas authentication for CIFS. At the end i'm getting same results as in previous example.

My question is what exactly need to be configured if i'm using NTLM authentication for web access and like to use AD users to access CIFS.

Still was not able to configure any access via CIFS using either patthru or Kerberos authentication. Here is my configuration files:

java.login.config

Alfresco {
com.sun.security.auth.module.Krb5LoginModule sufficient;
};
 
com.sun.net.ssl.client {
com.sun.security.auth.module.Krb5LoginModule sufficient;
};
 
other {
com.sun.security.auth.module.Krb5LoginModule sufficient;
};

java.security

login.config.url.1=file:${java.home}/lib/security/java.login.config

C:\WINNT\kb5.ini

[libdefaults]
default_realm = TEST
 
[realms]
TEST = {
kdc = w2k3dc1.test.virtec
admin_server = w2k3dc1.test.virtec
}
 
 
[domain_realm]
w2k3dc1.test.virtec = TEST
.w2k3dc1.test.virtec = TEST

file-servers.xml

<alfresco-config area="file-servers">
 
<config evaluator="string-compare" condition="CIFS Server">
<serverEnable enabled="true"/>
<host name="W3KSERVER_A" domain="TEST"/>
<comment>Alfresco CIFS Server</comment>
 
<!-- Set to the broadcast mask for the subnet -->
<broadcast>255.255.255.255</broadcast>
 
<!-- Use Java socket based NetBIOS over TCP/IP and native SMB on linux -->
<tcpipSMB platforms="linux,solaris,macosx"/>
<netBIOSSMB platforms="linux,solaris,macosx"/>
 
 
<hostAnnounce interval="5"/>
 
<!-- Use Win32 NetBIOS interface on Windows -->
<Win32NetBIOS/>
<Win32Announce interval="5"/>
 
<sessionDebug flags="Negotiate,Socket,Tree,Errors,State"/>
</config>
 
<config evaluator="string-compare" condition="FTP Server">
<serverEnable enabled="true"/>
 
</config>
 
<config evaluator="string-compare" condition="NFS Server">
<serverEnable enabled="false"/>
</config>
 
<config evaluator="string-compare" condition="Filesystems">
<filesystems>
 
<!-- Alfresco repository access shared filesystem -->
<filesystem name="Alfresco">
<store>workspace://SpacesStore</store>
<rootPath>/app:company_home</rootPath>
 
<!-- Add a URL file to each folder that links back to the web client -->
<urlFile>
<filename>__AlfrescoClient.url</filename>
<webpath>http://${localname}:8080/alfresco/</webpath>
</urlFile>
 
<!-- Mark locked files as offline -->
<offlineFiles/>
 
<!-- Desktop actions -->
<!-- Uses a client-side application to trigger a server-side action -->
<!-- Echo - displays a message echoed from the server -->
<!-- URL - launches a URL via the Windows shell -->
<!-- CmdLine - launches the Notepad application -->
<!-- CheckInOut - checks files in/out, drag and drop files onto the application -->
<!-- JavaScript - run a server-side script -->
<!-- JavaScriptURL - server-side script that generates a URL to the folder using a ticket -->
<!-- to avoid having to logon -->
 
<!--
<desktopActions>
<global>
<path>alfresco/desktop/Alfresco.exe</path>
<webpath>http://${localname}:8080/alfresco/</webpath>
</global>
<action>
<class>org.alfresco.filesys.smb.server.repo.desk.EchoDesktopAction</class>
<name>Echo</name>
<filename>__AlfrescoEcho.exe</filename>
</action>
<action>
<class>org.alfresco.filesys.smb.server.repo.desk.URLDesktopAction</class>
<name>URL</name>
<filename>__AlfrescoURL.exe</filename>
</action>
<action>
<class>org.alfresco.filesys.smb.server.repo.desk.CmdLineDesktopAction</class>
<name>CmdLine</name>
<filename>__AlfrescoCmd.exe</filename>
</action>
<action>
<class>org.alfresco.filesys.smb.server.repo.desk.CheckInOutDesktopAction</class>
<name>CheckInOut</name>
<filename>__AlfrescoCheckInOut.exe</filename>
</action>
<action>
<class>org.alfresco.filesys.smb.server.repo.desk.JavaScriptDesktopAction</class>
<name>JavaScript</name>
<filename>__AlfrescoScript.exe</filename>
<script>alfresco/desktop/dumpRequest.js</script>
<attributes>anyFiles, multiplePaths , allowNoParams</attributes>
<preprocess>confirm, copyToTarget</preprocess>
</action>
<action>
<class>org.alfresco.filesys.smb.server.repo.desk.JavaScriptDesktopAction</class>
<name>JavaScriptURL</name>
<filename>__AlfrescoDetails.exe</filename>
<script>alfresco/desktop/showDetails.js</script>
<attributes>anyFiles</attributes>
<preprocess>copyToTarget</preprocess>
</action>
 
</desktopActions>
-->
 
<!--
<accessControl default="Write">
<user name="admin" access="Write"/>
<address subnet="90.1.0.0" mask="255.255.0.0" access="Write"/>
</accessControl>
-->
</filesystem>
 
<!-- AVM virtualization view of all stores/versions for WCM -->
<avmfilesystem name="AVM">
<virtualView/>
</avmfilesystem>
 
</filesystems>
</config>
 
 
<config evaluator="string-compare" condition="Filesystem Security">
<authenticator type="passthru">
<LocalDomain/>
</authenticator>
</config>
 
 
</alfresco-config>

jaas-authentication-context.xml

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
 
<beans>
<!-- The authentication component. -->
 
<!-- Jass authentication - most of the config goes somewhere else -->
 
<bean id="authenticationComponent"
class="org.alfresco.repo.security.authentication.jaas.JAASAuthenticationComponent">
<property name="realm">
<value>TEST</value>
</property>
<property name="jaasConfigEntryName">
<value>Alfresco</value>
</property>
</bean>
 
<bean id="alfDaoImpl" class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean">
<property name="proxyInterfaces">
<value>
org.alfresco.repo.security.authentication.MutableAuthenticationDao
</value>
</property>
<property name="transactionManager">
<ref bean="transactionManager" />
</property>
<property name="target">
<bean class="org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticationDao" />
</property>
<property name="transactionAttributes">
<props>
<prop key="*">${server.transaction.mode.default}</prop>
</props>
</property>
</bean>
 
</beans>

alfresco.log

14:40:09,533 DEBUG [org.alfresco.smb.protocol.auth] Passthru finding domain controller for TEST ...
14:40:09,877 DEBUG [org.alfresco.smb.protocol.auth] Found 1 domain controller(s)
14:40:09,877 DEBUG [org.alfresco.smb.protocol.auth] Added passthru server [TEST\W2K3DC1:192.168.0.235:Offline:0,0]
14:40:09,986 DEBUG [org.alfresco.smb.protocol.auth] New auth session from w3kserver_1 to \\192.168.0.235\IPC$\
14:40:09,986 DEBUG [org.alfresco.smb.protocol.auth] Trying address 192.168.0.235
14:40:09,986 DEBUG [org.alfresco.smb.protocol.auth] Connected to address 192.168.0.235
14:40:09,986 DEBUG [org.alfresco.smb.protocol.auth] Connected session, protocol : TCP/IP NetBIOS
14:40:09,986 DEBUG [org.alfresco.smb.protocol.auth] SessionFactory: Negotiated SMB dialect NT LM 0.12
14:40:10,002 DEBUG [org.alfresco.smb.protocol.auth] Passthru server online, [TEST\W2K3DC1:192.168.0.235:Online:0,0]
14:40:15,205 WARN [org.springframework.remoting.rmi.RmiRegistryFactoryBean] Could not detect RMI registry - creating new one
14:40:26,846 INFO [org.alfresco.repo.domain.schema.SchemaBootstrap] No changes were made to the schema.
14:40:29,252 INFO [org.alfresco.repo.admin.ConfigurationChecker] The Alfresco root data directory ('dir.root') is: C:\Alfresco\alf_data
14:40:29,533 INFO [org.alfresco.repo.admin.patch.PatchExecuter] Checking for patches to apply ...
14:40:29,643 INFO [org.alfresco.repo.module.ModuleServiceImpl] Found 0 module(s).
14:40:29,830 DEBUG [org.alfresco.smb.protocol] Added desktop action CheckInOut
14:40:29,830 DEBUG [org.alfresco.smb.protocol] Added desktop action JavaScriptURL
14:40:29,986 DEBUG [org.alfresco.smb.protocol] Local domain name is TEST (via JNI)
14:40:29,986 DEBUG [org.alfresco.smb.protocol.auth] Passthru finding domain controller for TEST ...
14:40:30,002 DEBUG [org.alfresco.smb.protocol.auth] Found 1 domain controller(s)
14:40:30,002 DEBUG [org.alfresco.smb.protocol.auth] Added passthru server [TEST\W2K3DC1:192.168.0.235:Offline:0,0]
14:40:30,002 INFO [org.alfresco.smb.protocol] CIFS server started
14:40:30,002 DEBUG [org.alfresco.smb.protocol.auth] New auth session from w3kserver_2 to \\192.168.0.235\IPC$\
14:40:30,002 INFO [org.alfresco.smb.protocol] FTP server started
14:40:30,002 DEBUG [org.alfresco.smb.protocol.auth] Trying address 192.168.0.235
14:40:30,002 INFO [org.alfresco.smb.protocol] NFS server NOT started
14:40:30,002 DEBUG [org.alfresco.smb.protocol.auth] Connected to address 192.168.0.235
14:40:30,002 DEBUG [org.alfresco.smb.protocol.auth] Connected session, protocol : TCP/IP NetBIOS
14:40:30,002 DEBUG [org.alfresco.smb.protocol.auth] SessionFactory: Negotiated SMB dialect NT LM 0.12
14:40:30,002 DEBUG [org.alfresco.smb.protocol.auth] Passthru server online, [TEST\W2K3DC1:192.168.0.235:Online:0,0]
14:40:30,018 INFO [org.alfresco.service.descriptor.DescriptorService] Alfresco JVM - v1.5.0_08-b03; maximum heap size 506,313MB
14:40:30,018 INFO [org.alfresco.service.descriptor.DescriptorService] Alfresco started (Community Network): Current version 2.1.0 (R1 443) schema 62 - Installed version 2.1.0 (R1 443) schema 62
14:40:30,111 INFO [org.alfresco.smb.protocol] SMB Server W3KSERVER_A starting
14:40:30,111 INFO [org.alfresco.smb.protocol] GUID 8f6645ae-1766-3622-bdfc-420fe6990391
14:40:30,111 INFO [org.alfresco.smb.protocol] Using authenticator org.alfresco.filesys.server.auth.passthru.PassthruAuthenticator
14:40:30,111 INFO [org.alfresco.smb.protocol] Server timezone Europe/Berlin, offset from UTC = -1hrs
14:40:30,111 INFO [org.alfresco.smb.protocol] Shares:
14:40:30,127 INFO [org.alfresco.smb.protocol] [Alfresco,DISK,,[Alfresco,workspace://SpacesStore/bb81fb57-3a73-11dc-bc20-21e3719ab596]] [Alfresco,workspace://SpacesStore/bb81fb57-3a73-11dc-bc20-21e3719ab596]
14:40:30,127 INFO [org.alfresco.smb.protocol] [AVM,DISK,,[AVM,VirtualView]] [AVM,VirtualView]
14:40:30,127 INFO [org.alfresco.smb.protocol] Add Share [IPC$,IPC$,,Admin,Hidden] : true
14:40:30,596 DEBUG [org.alfresco.smb.protocol] Win32 NetBIOS Available LANAs: 0
14:40:30,611 DEBUG [org.alfresco.smb.protocol] Win32 NetBIOS server W3KSERVER_A (using Winsock)
14:40:36,658 DEBUG [org.alfresco.smb.protocol] Win32 NetBIOS created session handler on LANA 0
14:40:36,674 DEBUG [org.alfresco.smb.protocol] Win32 NetBIOS host announcer enabled on LANA 0
14:40:36,674 DEBUG [org.alfresco.smb.protocol] Waiting for Win32 NetBIOS session request (Winsock) ...
14:40:36,690 DEBUG [org.alfresco.smb.protocol.mailslot] HostAnnouncer: Announced host W3KSERVER_A
14:40:36,690 DEBUG [org.alfresco.smb.protocol] Win32 NetBIOS register listener for LANA 0
14:40:41,690 DEBUG [org.alfresco.smb.protocol.mailslot] HostAnnouncer: Announced host W3KSERVER_A
14:40:51,690 DEBUG [org.alfresco.smb.protocol.mailslot] HostAnnouncer: Announced host W3KSERVER_A
14:41:11,690 DEBUG [org.alfresco.smb.protocol.mailslot] HostAnnouncer: Announced host W3KSERVER_A
14:41:51,690 DEBUG [org.alfresco.smb.protocol.mailslot] HostAnnouncer: Announced host W3KSERVER_A
14:43:11,705 DEBUG [org.alfresco.smb.protocol.mailslot] HostAnnouncer: Announced host W3KSERVER_A
14:45:51,705 DEBUG [org.alfresco.smb.protocol.mailslot] HostAnnouncer: Announced host W3KSERVER_A

Can anyone at Alfresco comment on this? We've also got NTLM authentication working, but cannot make CIFS work in conjunction with it. (We're not using LDAP or JAAS, as we're not sure that they are also required.)

When using enterprise authenticator we get:

14:18:41,829 ERROR [smb.protocol.auth] No valid CIFS authentication combination available
14:18:41,829 ERROR [smb.protocol.auth] Either enable Kerberos support or use an authentication component that supports MD4 hashed passwords
14:18:41,833 ERROR [alfresco.smb.protocol] CIFS server configuration error, Invalid CIFS authenticator configuration
org.alfresco.error.AlfrescoRuntimeException: Invalid CIFS authenticator configuration
        at org.alfresco.filesys.server.auth.EnterpriseCifsAuthenticator.initialize(EnterpriseCifsAuthenticator.java:348)

When using passthru authenticator we see no errors, but on trying to connect with e.g. smbclient we see:

smbclient -d10 -U foo \\\\10.1.100.100\\alfresco
... snip ...
server didn't supply a full spnego negprot
... snip ...
SPNEGO login failed: Unexpected information received
session setup failed: NT_STATUS_INVALID_PARAMETER

We've reviewed http://forums.alfresco.com/viewtopic.php?t=5169 and http://forums.alfresco.com/viewtopic.php?t=3777 and http://forums.alfresco.com/viewtopic.php?t=6887 and http://wiki.alfresco.com/wiki/CIFS_linux and http://wiki.alfresco.com/wiki/CIFS and http://wiki.alfresco.com/wiki/CIFS_Server_Authentication, but apart from providing conflicting advice, none of those resources help.

So - what's the definitive way of configuring CIFS and NTLM together?

More info

With respect to the previous post (we're working together) after raising a little bit the log level we get some more info when using enterprise authentication:

14:37:20,370 DEBUG [smb.protocol.auth] Added passthru server [myname.server.org:10.1.1.33:Offline:0,0]
14:37:20,399 DEBUG [smb.protocol.auth] New auth session from alfresco-test_1 to \\10.1.1.33\IPC$\
14:37:20,422 DEBUG [smb.protocol.auth] Trying address 10.1.1.33
14:37:20,425 DEBUG [smb.protocol.auth] Connected to address 10.1.1.33
14:37:20,426 DEBUG [smb.protocol.auth] Connected session, protocol : TCP/IP NetBIOS
14:37:20,438 DEBUG [smb.protocol.auth] SessionFactory: Negotiated SMB dialect NT LM 0.12
14:37:20,445 DEBUG [smb.protocol.auth] Passthru server online, [myname.server.org:10.1.1.33:Online:0,0]

After this (quite positive) message we still get the error mentioned by savs.

Help lovely appreciated :)

Artificial intelligence in one statement:

Keyboard not found. Press F1 to continue.

Just to confirm. You have sso working via IE and not CIFS, correct?

What is your authenticator type set to in file-servers?

Quote:
Just to confirm. You have sso working via IE and not CIFS, correct?

That's correct. We can connect to the alfresco network share using smbclient, but Windows / Mac native clients fail to connect.

Quote:
What is your authenticator type set to in file-servers?

It's set to 'alfresco'.

<config evaluator="string-compare" condition="Filesystem Security">
<authenticator type="alfresco"/>
</config>

We've tried passthru, enterprise etc. but they don't seem to work.

Solved...

Just FYI,
we got it working (both IE and CIFS) after having checked AD user permissions.
So now we're able to have NTLM SSO in both environments, which is cool indeed ;-)

Gab

PS.
It still fails on macosx, but well, it's not our first priority..

Artificial intelligence in one statement:

Keyboard not found. Press F1 to continue.

Good to hear you got it working.

It would be useful for other readers to provide some details on the '..checked AD user permissions'

Re: Solved...

mindthegab wrote:
Just FYI,
we got it working (both IE and CIFS) after having checked AD user permissions.
So now we're able to have NTLM SSO in both environments, which is cool indeed ;-)

Gab

Could you describe step-by-step what exactly was done on Alfresco machine to make CIFS using NTLM SSO? Also is it running on linux or on Windows?

What changes done in:
1) file-servers.xml
2) ntlm-authentication-context.xml
3) kb5.ini if it's created
4) java.login.config if it's created
5) jaas-authentication-context.xml if it's created

Also what AD user permissions were set for users and is any special done on domain server (like creating alfrescocifs user, registering service principals and so on).

Hi !

I'm also working on SSO with Alfresco.
If I log me in in IE I don't need to log me in again in CIFS. But if I close IF and start it again, I'm again asked for password.
If SSO would work properly I wouldn't been asked, right ?

how do i have to configure

- file-servers.xml
- ntlm-authentication-context.xml

can someone please post an example ?

thanks,

Hi

You need to define the correct filters in web.xml for NTLM SSO for the UI and webDAV.

Andy

Andy Hind
Alfresco Development

I don't want NTLM SSO.

I read that there is also a way with JAAS / Kerberos.

What can you suggest ?

Thanks

Configuration details

As soon as I have a second (superbusy these after-holiday days),
I'll gather our configuration files and post them here.

BTW, for "checked AD user permissions" I just meant:

Tested with a proper user (with working credentials on that domain), instead with the on-the-fly created user (which was missing permissions on that domain).

Stay tuned then!

Artificial intelligence in one statement:

Keyboard not found. Press F1 to continue.

Hi

Kerberos SSO support for the web client and WebDAV is work in progress. At the moment there is NTLMv1 SSO or integration with the likes of Siteminder for SSO. There are also instructions on the forums describing how to get CAS up and working for SSO.

Andy

Andy Hind
Alfresco Development

NTLM SSO + CIFS + LDAP integration sample configuration

Hi all,
here follows the configuration which we successfully implemented in our company Sourcesense ([3]) and which basically provides LDAP integration and NTLM single sign-on for connecting to Alfresco through web browsers and through Windows File Sharing. Sorry for the long delay but had quite busy days with this Alfresco thing. It's cool and is definitely being increasingly accepted and used in wider and wider enterprises.

Here it goes, hopefully can help to solve and gather the whole number of unstructured forum posts talking about the subject. Sorry for the long post but I preferred to made the *whole* conf files available.

SYSTEM SPECS:

ALFRESCO SERVER:
- Alfresco 2.1 Comm
- Mysql
- Tomcat 5.5.20
- Ubuntu Linux1 7.04

CLIENTS:
- Linux + FF2
- WinXP + IE6
- OSX10.4 + FF2

REQUIREMENTS:
- Integration with Microsoft Active Directory (NTLM + webclient/CIFS + LDAP )

NOTES:
- We started from the default alfresco bundle (linux installer)
- I removed default comments from this file in order to improve readability (seems a paradox, but who will read this post will already know the basic stuff written in those comments...i guess. ;-). I added some configuration specific comments thay may be useful to understand what's going on
- Sensitive data has been removed so don't smile at my funny domain fake names :p
- Even if I integrated with AD, well, openLDAP would have rocked better :-) (i hate bill, typical...)
- Thx to savs for coaching support and for providing useful docs !

NAMING CONVENTIONS:
ALF_HOME = base installation folder of the Alfresco instance
ALF_CLASSES = $ALF_HOME/tomcat/WEB-INF/classes/alfresco
ALF_SHARED_CLASSES = $ALF_HOME/tomcat/shared/classes/alfresco/extension

STEPS:

A. Enable NTLM passtrough for SSO purposes:

- Edit the provided
- Change the $ALF_HOME/tomcat/WEB-INF/web.xml to enable the NTLMAuthentication servlet filter. So comment out the default filter and uncomment it as follows (both for webclient and webdav, in case of need):

<filter>
  <filter-name>Authentication Filter</filter-name>
  <!--
    <filter-class>org.alfresco.web.app.servlet.AuthenticationFilter</filter-class>
  -->
  <!-- For Novell IChain support use the following filter -->
  <!--
    <filter-class>org.alfresco.web.app.servlet.NovellIChainsHTTPRequestAuthenticationFilter</filter-class>
  -->
 
  <!-- For NTLM authentication support use the following filter -->
  <filter-class>org.alfresco.web.app.servlet.NTLMAuthenticationFilter</filter-class>
</filter>
 
<filter>
  <filter-name>WebDAV Authentication Filter</filter-name>
  <!--
    <filter-class>org.alfresco.repo.webdav.auth.AuthenticationFilter</filter-class>
  -->
  <!-- For NTLM authentication support use the following filter -->
  <filter-class>org.alfresco.repo.webdav.auth.NTLMAuthenticationFilter</filter-class>
</filter>
 
<filter>
  <filter-name>Admin Authentication Filter</filter-name>
  <filter-class>org.alfresco.web.app.servlet.AdminAuthenticationFilter</filter-class>
</filter>

- change the $ALF_SHARED_CLASSES/ntlm-authentication-context.xml.sample to $ALF_SHARED_CLASSES/ntlm-authentication-context.xml
- Edit the file so that it looks as follows:

	<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
<bean id="authenticationDao" class="org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticationDao" />
<bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl">
<property name="personService">
<ref bean="personService" />
</property>
<property name="nodeService">
<ref bean="nodeService" />
</property>
<property name="transactionService">
<ref bean="transactionComponent" />
</property>
<property name="guestAccess">
<value>false</value>
</property>
<!-- Name of the windows domain \ domain controller hostname or ip -->
<property name="servers">
<value>WINDOWSDOMAIN\domainControllerIPorHostname</value>
</property>
</bean>
</beans>

- Restart alfresco and this should have already enabled NTLM SSO against your Domain Controller
NOTE:
- Both Internet Explorer and Firefox support NTLM authentication, though Firefox will prompt the user for a username and password on the first connection attempt (subsequently username and password can be stored by Firefox). Internet Explorer will pass the Windows authentication details directly to the Alfresco server. Note that single sign-on with Internet Explorer will only work if the Alfresco server is perceived to be within the local intranet zone (for example if the server has a name in the local DNS). This can also be forced within Internet Explorer's preferences (Tools, Internet Options, Security; select “Local Intranet”, Sites, Advanced, type in the Alfresco server name and click Add, Ok, Ok)
- Authentication seems to work only from specified domain and not from trusted domains. See [1] for more info and fixes.

C. Enable CIFS integration with AD and NTLM passtrough on the CIFS interface:
- Change the provided $ALF_SHARED_CLASSES/file-servers-custom.xml.sample --> $ALF_SHARED_CLASSES/file-servers-custom.xml
- Edit the file so that it looks as follows:

<alfresco-config area="file-servers">
  <config evaluator="string-compare" condition="CIFS Server">
    <serverEnable enabled="true" />
    <!-- Insert here IP or hostname of this alfresco server, and the NT domain name in which you want to integrate-->
    <host name="alfrescoServerIPorHostname" domain="WINDOWSDOMAIN" />
    <comment>Alfresco CIFS Server</comment>
    <!-- Set to the broadcast mask for the subnet -->
    <broadcast>255.255.255.255</broadcast>
    <sessionDebug flags="Negotiate,Socket" />
  </config>
  <config evaluator="string-compare" condition="Filesystems" replace="true">
    <filesystems>
      <filesystem name="Alfresco">
        <store>workspace://SpacesStore</store>
        <rootPath>/app:company_home</rootPath>
        <!-- Add a URL file to each folder that links back to the web client -->
        <urlFile>
          <filename>__Alfresco.url</filename>
          <webpath>http://${localname}:8080/alfresco/</webpath>
        </urlFile>
        <!-- Mark locked files as offline -->
        <offlineFiles />
        <!-- Desktop actions -->
        <desktopActions>
          <global>
            <path>alfresco/desktop/Alfresco.exe</path>
            <webpath>http://${localname}:8080/alfresco/</webpath>
          </global>
          <action>
            <class>org.alfresco.filesys.smb.server.repo.desk.CheckInOutDesktopAction</class>
            <name>CheckInOut</name>
            <filename>__CheckInOut.exe</filename>
          </action>
          <action>
            <class>org.alfresco.filesys.smb.server.repo.desk.JavaScriptDesktopAction</class>
            <name>JavaScriptURL</name>
            <filename>__ShowDetails.exe</filename>
            <script>alfresco/desktop/showDetails.js</script>
            <attributes>anyFiles</attributes>
            <preprocess>copyToTarget</preprocess>
          </action>
        </desktopActions>
      </filesystem>
      <!-- AVM virtualization view of all stores/versions for WCM -->
      <avmfilesystem name="AVM">
        <virtualView />
      </avmfilesystem>
    </filesystems>
  </config>
  <!-- Authenticator should be of type alfresco -->
  <config evaluator="string-compare" condition="Filesystem Security" replace="true">
    <authenticator type="alfresco" />
  </config>
</alfresco-config> 

- Restart your afresco instance and automagically your NTLM SSO authentication should work also against the CIFS filesystem
NOTE:
- SSO+CIFS was only tested (obviously you may say) from Windows Explorer on Windows (with an AD registered user). We also tested the integration of just AD/CIFS (manual AD user login) with Linux/smbclient and Macosx/Finder but with a proper client- side OS configuration integration (at least on mac) it *should* be possible to have SSO working
- Although other authenticators seems to fit more in this configuration (e.g. NTLM, see [2]), "alfresco" type is the only working with this configuration. Don't get mistaken than Wink
- Authentication seems to work only from specified domain and not from trusted domains. See [1] for more info and fixes.

D. Enable LDAP users/groups scheduled import in order to be able to assign roles/permissions/notifications/ownerships/jobs to AD users (aka "to be able to use (not only log them in) AD users in alfresco" )
- Change the provided $ALF_SHARED_CLASSES/ldap-authentication-context.xml.sample --> $ALF_SHARED_CLASSES/ldap-authentication-context.xml
- Edit the file so that it looks as follows:

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
 
<beans>
  <bean id="ldapInitialDirContextFactory" class="org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl">
    <property name="initialDirContextEnvironment">
      <map>
        <!-- The LDAP provider -->
        <entry key="java.naming.factory.initial">
          <value>com.sun.jndi.ldap.LdapCtxFactory</value>
        </entry>
        <!-- The url to the LDAP server -->
        <!-- Note you can use space separated urls - they will be tried in turn until one works -->
        <!-- This could be used to authenticate against one or more ldap servers (you will not know which one ....) -->
        <entry key="java.naming.provider.url">
          <value>ldap://ldapserverurl:389</value>
        </entry>
        <!-- The authentication mechanism to use      -->
        <!-- Some sasl authentication mechanisms may require a realm to be set -->
        <!--                java.naming.security.sasl.realm -->
        <!-- The available options will depend on your LDAP provider -->
        <entry key="java.naming.security.authentication">
          <value>simple</value>
        </entry>
        <!-- The id of a user who can read group and user information -->
        <entry key="java.naming.security.principal">
          <value>WINDOWSDOMAIN\directoryadmin</value>
        </entry>
        <!-- The password for the user defined above -->
        <entry key="java.naming.security.credentials">
          <value>directoryadminpassword</value>
        </entry>
      </map>
    </property>
  </bean>
  <!-- Ldap Syncronisation support -->
 
  <!--     There can be more than one stack of beans that import users or groups. For example, it may be easier to have a version of ldapPeopleExportSource, and associated beans, for each sub-tree of your ldap directory from which you want to        import users. You could then limit users to be imported from two or more sub tress and ignore users found else where. The same applies to the import of groups.         
  -->
  <!-- Extract user information from LDAP and transform this to XML -->
  <bean id="ldapPeopleExportSource" class="org.alfresco.repo.security.authentication.ldap.LDAPPersonExportSource">
    <!--
      The query to select objects that represent the users to import. For Active Directory: (objectclass=user)
    -->
    <property name="personQuery">
      <value>(objectclass=user)</value>
    </property>
    <!--
      The search base restricts the LDAP query to a sub section of tree on the LDAP server.
      In this particular example we imported only the IT Department users.
    -->
    <property name="searchBase">
      <value>ou=IT Department,dc=mycompany,dc=org</value>
    </property>
    <!--
      The unique identifier for the user.THIS MUST MATCH WHAT THE USER TYPES IN AT THE LOGIN PROMPT   
      For simple LDAP authentication this is likely to be "cn" or, less friendly, "distinguishedName"
      In Active Directory this is most likely to be "sAMAccountName". This property is mandatory and must appear on all users found by the query defined above.
    -->
    <property name="userIdAttributeName">
      <value>sAMAccountName</value>
    </property>
    <!-- Services -->
    <property name="LDAPInitialDirContextFactory">
      <ref bean="ldapInitialDirContextFactory" />
    </property>
    <property name="personService">
      <ref bean="personService"></ref>
    </property>
    <property name="namespaceService">
      <ref bean="namespaceService" />
    </property>
    <!--
      This property defines a mapping between attributes held on LDAP user objects and the properties of user objects held in the repository. The key is the QName of an attribute in the repository, the value is the attribute name from the user/       inetOrgPerson/.. object in the LDAP repository.     
    -->
    <property name="attributeMapping">
      <map>
        <entry key="cm:userName">
          <!-- Must match the same attribute as userIdAttributeName -->
          <value>sAMAccountName</value>
        </entry>
        <entry key="cm:firstName">
          <!-- Active Directory: "givenName" -->
          <value>givenName</value>
        </entry>
        <entry key="cm:lastName">
          <!-- Active Directory: "sn" -->
          <value>sn</value>
        </entry>
        <entry key="cm:email">
          <!-- Active Directory: "???" -->
          <value>mail</value>
        </entry>
        <entry key="cm:organizationId">
          <!-- Active Directory: "???" -->
          <value>o</value>
        </entry>
        <!-- Always use the default -->
        <entry key="cm:homeFolderProvider">
          <null />
        </entry>
      </map>
    </property>
    <!-- Set a default home folder provider. We configured it to create user home folder under  "User Homes" space-->
    <property name="attributeDefaults">
      <map>
        <entry key="cm:homeFolderProvider">
          <value>userHomesHomeFolderProvider</value>
        </entry>
      </map>
    </property>
  </bean>
  <!-- Extract group information from LDAP and transform this to XML -->
  <bean id="ldapGroupExportSource" class="org.alfresco.repo.security.authentication.ldap.LDAPGroupExportSource">
    <!--
      The query to select objects that represent the groups to import.
      For Active Directory: (objectclass=group)
    -->
    <property name="groupQuery">
      <value>(objectclass=group)</value>
    </property>
    <!-- The seach base restricts the LDAP query to a sub section of tree on the LDAP server. We reduced it to IT departments internal groups  -->
    <property name="searchBase">
      <value>ou=IT Department,dc=mycompany,dc=org</value>
    </property>
    <!--        The unique identifier for the user. This must match the userIdAttributeName on the ldapPeopleExportSource bean above.        -->
    <property name="userIdAttributeName">
      <value>sAMAccountName</value>
    </property>
    <!--   An attribute that is a unique identifier for each group found. This is also the name of the group with the current group implementation.This is mandatory for any groups found.       
      Active Directory: "cn"  -->
    <property name="groupIdAttributeName">
      <value>cn</value>
    </property>
    <!--  The objectClass attribute for group members. For each member of a group, the distinguished name is given.The object is looked up by its DN. If the object is of this class it is treated as a group. -->
    <property name="groupType">
      <value>group</value>
    </property>
    <!-- The objectClass attribute for person members.For each member of a group, the distinguished name is given.The object is looked up by its DN. If the object is of this class it is treated as a person -->
    <property name="personType">
      <value>user</value>
    </property>
    <property name="LDAPInitialDirContextFactory">
      <ref bean="ldapInitialDirContextFactory" />
    </property>
    <property name="namespaceService">
      <ref bean="namespaceService" />
    </property>
    <!--
      The repeating attribute on group objects (found by query or as sub groups) used to define membership of the group. This is assumed to hold distinguished names oF other groups or users/people; the above types are used to determine this.       
      Active Directory: "member"   -->
    <property name="memberAttribute">
      <value>member</value>
    </property>
    <property name="authorityDAO">
      <ref bean="authorityDAO" />
    </property>
  </bean>
  <!-- Job definitions to import LDAP people and groups -->
  <!-- The triggers register themselves with the scheduler -->
  <!-- You may comment in the default scheduler to enable these triggers -->
  <!-- If a cron base trigger is what you want seee scheduled-jobs-context.xml for examples. -->
  <!-- Trigger to load poeple Note you can have more than one initial (context, trigger, import job and export source) seT. This would allow you to load people from more than one ldap store -->
  <bean id="ldapPeopleTrigger" class="org.alfresco.util.TriggerBean">
    <property name="jobDetail">
      <bean id="ldapPeopleJobDetail" class="org.springframework.scheduling.quartz.JobDetailBean">
        <property name="jobClass">
          <value>org.alfresco.repo.importer.ImporterJob</value>
        </property>
        <property name="jobDataAsMap">
          <map>
            <entry key="bean">
              <ref bean="ldapPeopleImport" />
            </entry>
          </map>
        </property>
      </bean>
    </property>
    <!-- Start after 5 minutes of starting the repository -->
    <property name="startDelay">
      <value>180000</value>
    </property>
    <!-- Repeat every hour -->
    <property name="repeatInterval">
      <value>3600000</value>
    </property>
    <property name="scheduler">
      <ref bean="schedulerFactory" />
    </property>
  </bean>
  <bean id="ldapGroupTrigger" class="org.alfresco.util.TriggerBean">
    <property name="jobDetail">
      <bean id="ldapGroupJobDetail" class="org.springframework.scheduling.quartz.JobDetailBean">
        <property name="jobClass">
          <value>org.alfresco.repo.importer.ImporterJob</value>
        </property>
        <property name="jobDataAsMap">
          <map>
            <entry key="bean">
              <ref bean="ldapGroupImport" />
            </entry>
          </map>
        </property>
      </bean>
    </property>
    <!-- Start after 5 minutes of starting the repository -->
    <property name="startDelay">
      <value>180000</value>
    </property>
    <!-- Repeat every hour -->
    <property name="repeatInterval">
      <value>3600000</value>
    </property>
    <property name="scheduler">
      <ref bean="schedulerFactory" />
    </property>
  </bean>
 
  <!-- The bean that imports xml describing people -->
 
  <bean id="ldapPeopleImport" class="org.alfresco.repo.importer.ExportSourceImporter">
    <property name="importerService">
      <ref bean="importerComponentWithBehaviour" />
    </property>
    <property name="transactionService">
      <ref bean="transactionComponent" />
    </property>
    <property name="authenticationComponent">
      <ref bean="authenticationComponent" />
    </property>
    <property name="exportSource">
      <ref bean="ldapPeopleExportSource" />
    </property>
 
    <!-- The store that contains people - this should not be changed -->
    <property name="storeRef">
      <value>${spaces.store}</value>
    </property>
 
    <!-- The location of people nodes within the store defined above - this should not be changed -->
    <property name="path">
      <value>/${system.system_container.childname}/${system.people_container.childname}</value>
    </property>
 
    <!-- If true, clear all existing people before import, if false update/add people from the xml -->
    <property name="clearAllChildren">
      <value>false</value>
    </property>
    <property name="nodeService">
      <ref bean="nodeService" />
    </property>
    <property name="searchService">
      <ref bean="searchService" />
    </property>
    <property name="namespacePrefixResolver">
      <ref bean="namespaceService" />
    </property>
 
 
    <property name="caches">
      <set>
        <ref bean="permissionsAccessCache" />
      </set>
    </property>
  </bean>
 
  <!-- The bean that imports xml descibing groups -->
 
  <bean id="ldapGroupImport" class="org.alfresco.repo.importer.ExportSourceImporter">
    <property name="importerService">
      <ref bean="importerComponentWithBehaviour" />
    </property>
    <property name="transactionService">
      <ref bean="transactionComponent" />
    </property>
    <property name="authenticationComponent">
      <ref bean="authenticationComponent" />
    </property>
    <property name="exportSource">
      <ref bean="ldapGroupExportSource" />
    </property>
    <!-- The store that contains group information - this should not be changed -->
    <property name="storeRef">
      <value>${alfresco_user_store.store}</value>
    </property>
 
    <!-- The location of group information in the store above - this should not be changed -->
    <property name="path">
      <value>/${alfresco_user_store.system_container.childname}/${alfresco_user_store.authorities_container.childname}</value>
    </property>
 
    <!-- If true, clear all existing groups before import, if false update/add groups from the xml -->
    <property name="clearAllChildren">
      <value>true</value>
    </property>
    <property name="nodeService">
      <ref bean="nodeService" />
    </property>
    <property name="searchService">
      <ref bean="searchService" />
    </property>
    <property name="namespacePrefixResolver">
      <ref bean="namespaceService" />
    </property>
 
    <!-- caches to clear on import of groups -->
    <property name="caches">
      <set>
        <ref bean="userToAuthorityCache" />
        <ref bean="permissionsAccessCache" />
      </set>
    </property>
 
    <!-- userToAuthorityCache -->
  </bean>
 
</beans> 

- Enable automatic scheduled jobs starting editing the file $ALF_CLASSES/scheduled-jobs-context.xml by setting the autoStartup property to true in the the schedulerFactory bean definition:

    <!-- Task scheduler -->
    <!-- Triggers should not appear here - the scheduler should be injected into the trigger definition -->
    <!-- This bean should not need to appear else where in extension configuration -->
<!-- Task scheduler -->
<!-- Triggers should not appear here - the scheduler should be injected into the trigger definition -->
<!-- This bean should not need to apear else where in extension configuration -->
<bean id="schedulerFactory" class="org.springframework.scheduling.quartz.SchedulerFactoryBean">
  <property name="waitForJobsToCompleteOnShutdown">
    <value>true</value>
  </property>
  <property name="configLocation">
    <value>classpath:alfresco/domain/quartz.properties</value>
  </property>
  <property name="schedulerName">
    <value>DefaultScheduler</value>
  </property>
  <!-- Do not auto start the scheduler - this is done at the end of the bootstrap process -->
  <property name="autoStartup">
    <value>true</value>
  </property>
</bean> 

- Restart alfresco and you should see (after waiting the defined time + some import time) the user/groups created in Alfresco

NOTE:
- In order to have a better understanding/debugging of the import process please note that if users are correctly imported from LDAP temporary XML files are written in $ALF_HOME/tomcat/temp/Alfresco/ExportSource*
- For a finer debugging of the whole process you may want to raise log levels for interested components, by editing $ALF_HOME/webapps/alfresco/WEB-INF/classes/log4j.properties setting the following categories to debug:

log4j.logger.org.alfresco.smb.protocol=debug
log4j.logger.org.alfresco.smb.protocol.auth=debug
log4j.logger.org.alfresco.repo.action=debug
log4j.org.alfresco.repo.security.authentication.ldap=debug
log4j.logger.org.alfresco.acegi=debug
# Thx SCHNEIKA
log4j.logger.org.alfresco.repo.security.authentication.ldap=debug 

~~~~~%%%%~~~~~

That should be it. Hope this helps.

Ciao!

[1] ihttp://wiki.alfresco.com/wiki/Configuring_NTLM#Enabling_NTLM_users
[2] http://wiki.alfresco.com/wiki/Enterprise_Security_and_Authentication_Configuration#Which_authentication_components_are_compatible_with_which_web_authentication_filters_and_filesystem_security.3F
[3] http://www.sourcesense.com

Artificial intelligence in one statement:

Keyboard not found. Press F1 to continue.

You have done a great job. :!:
With your manual i was able to establish a NTLM-Autologin and a LDAP-Synchronisation against MS-ADS in 15 Minutes instead of struggling many days with trial and error. Thanx very much. Perhaps you will publish your manual in the Wiki?

Thx :-)

Thanks,
it's always important to have feedback and cross-checking when describing achievements or howto's.
As per the wiki, dunno if I can just start writing it in there or should I wait for some alfresco guy to validate the howto first?

WDYT?

Gab

Artificial intelligence in one statement:

Keyboard not found. Press F1 to continue.

Its very important to set up all the configuration.xml-files exactly as described in mindthegaps HowTo (of course except local variables).

Particulary such details like ntlm-authentication-context.xml, where in the original-sample a complete property (transactionService) is missing and so on.

Just one typo in log4j.properties:

You should try this for ldap-debug-logs:

Quote:
log4j.logger.org.alfresco.repo.security.authentication.ldap=debug

thx!

I updated the post. Thx!
Gonna put it into the wiki

Artificial intelligence in one statement:

Keyboard not found. Press F1 to continue.

i followed the instructions for SSO/NTLM, and in firefox, after typing in credentials the first time, it works like the post explained -- but in IE, it does not let me past the pop-up. it does not single sign on, rather it prompts me with the windows user/password window and no combination of username/password will let me in (though it went through just fine in firefox)

does that sound like anything you have seen?

CIFS error and Exception using the Webclient

Hi,

I have configured Alfresco according to this manual.

It seems to work fine. I can log in ok.

But:

using the webclient i get the following error:

javax.faces.el.EvaluationException: Cannot get value for expression '#{!NavigationBean.isGuest && NavigationBean.guestHomeVisible}'
caused by:
javax.servlet.jsp.el.ELException: An error occurred while getting property "guestHomeVisible" from an instance of class org.alfresco.web.bean.NavigationBean

starting the server i get the following error:

13:19:49,536 User:System ERROR [alfresco.smb.protocol] Failed to get local domain/workgroup name, using default of WORKGROUP
13:19:49,537 User:System ERROR [alfresco.smb.protocol] (This may be due to firewall settings or incorrect <broadcast> setting)
13:19:49,572 User:System ERROR [smb.protocol.auth] No valid CIFS authentication combination available
13:19:49,573 User:System ERROR [smb.protocol.auth] Either enable Kerberos support or use an authentication component that supports MD4 hashed passwords
13:19:49,575 User:System ERROR [alfresco.smb.protocol] CIFS server configuration error, Invalid CIFS authenticator configuration
org.alfresco.error.AlfrescoRuntimeException: Invalid CIFS authenticator configuration
at org.alfresco.filesys.server.auth.EnterpriseCifsAuthenticator.initialize(EnterpriseCifsAuthenticator.java:378)
at org.alfresco.filesys.server.config.ServerConfiguration.setAuthenticator(ServerConfiguration.java:3503)
at org.alfresco.filesys.server.config.ServerConfiguration.processSecurityConfig(ServerConfiguration.java:2453)
at org.alfresco.filesys.server.config.ServerConfiguration.init(ServerConfiguration.java:689)
at org.alfresco.filesys.server.config.ServerConfiguration.onBootstrap(ServerConfiguration.java:4200)
at org.alfresco.util.AbstractLifecycleBean.onApplicationEvent(AbstractLifecycleBean.java:62)
at org.springframework.context.event.SimpleApplicationEventMulticaster$1.run(SimpleApplicationEventMulticaster.java:77)
at org.springframework.core.task.SyncTaskExecutor.execute(SyncTaskExecutor.java:49)
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:75)
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:241)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:349)
at org.springframework.web.context.support.AbstractRefreshableWebApplicationContext.refresh(AbstractRefreshableWebApplicationContext.java:156)
at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:246)
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:184)
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:49)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3764)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4216)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:825)
at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:714)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:490)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:448)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)

Thanx for any hints on what i did wrong...
Cheers Bjoern

Hi

your documentation is great, allowed me to have the AD authentication without any problem. I spent my last week trying to get it operational :D

Now the problem, SSO works great with Firefox or Opera, I tried SSO with Explorer 7 and I het error in passthrough function.
Looks like IE pass credentials after the web page has been displayed.
This happens JUST with IE7 !!!

On the IE browser I get thi eror:

net.sf.acegisecurity.AuthenticationServiceException: Failed to open passthru auth session

and this is the log
23:10:49,612 WARN [org.springframework.remoting.rmi.RmiRegistryFactoryBean] Could not detect RMI registry - creating new one
23:11:01,155 INFO [org.alfresco.repo.domain.schema.SchemaBootstrap] Schema managed by database dialect org.hibernate.dialect.SQLServerDialect.
23:11:07,608 INFO [org.alfresco.repo.domain.schema.SchemaBootstrap] No changes were made to the schema.
23:11:14,274 WARN [org.alfresco.repo.admin.ConfigurationChecker] The Alfresco 'dir.root' property is set to a relative path './alf_data'. 'dir.root' should be overridden to point to a specific folder.
23:11:14,275 INFO [org.alfresco.repo.admin.ConfigurationChecker] The Alfresco root data directory ('dir.root') is: ./alf_data
23:11:14,357 INFO [org.alfresco.repo.admin.patch.PatchExecuter] Checking for patches to apply ...
23:11:16,620 INFO [org.alfresco.repo.module.ModuleServiceImpl] Found 0 module(s).
23:11:17,239 INFO [org.alfresco.service.descriptor.DescriptorService] Alfresco JVM - v1.6.0_04-b12; maximum heap size 506.313MB
23:11:17,240 INFO [org.alfresco.service.descriptor.DescriptorService] Alfresco started (Community Network): Current version 2.9.0 (B 683) schema 116 - Installed version 2.9.0 (B 683) schema 116
23:12:05,730 ERROR [org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/alfresco].[Faces Servlet]] Servlet.service() for servlet Faces Servlet threw exception
net.sf.acegisecurity.AuthenticationServiceException: Failed to open passthru auth session
at org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.authenticatePassthru(NTLMAuthenticationComponentImpl.java:793)
at org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.authenticate(NTLMAuthenticationComponentImpl.java:550)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:281)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:187)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:154)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:107)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:210)
at $Proxy17.authenticate(Unknown Source)
at org.alfresco.web.app.servlet.NTLMAuthenticationFilter.processType1(NTLMAuthenticationFilter.java:523)
at org.alfresco.web.app.servlet.NTLMAuthenticationFilter.doFilter(NTLMAuthenticationFilter.java:395)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
at java.lang.Thread.run(Thread.java:619)

Any idea? evantually I I need to swith off SSO keeping operational the AD authentication, what's I've to modify?

Thnks in advance

Regards

Daniele

Re: NTLM and CIFS configuration

Hi,

I've the same problem - did anyone managed to get around the problem. Can you please share the solution? Actually, I don't even need passthru - it is fine that IE prompts for the AD username and password, but this is not working. I'm using IE6.

15:57:48,572 ERROR [org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/alfresco].[Faces Servlet]] Servlet.service() for servlet Faces Servlet threw exception
net.sf.acegisecurity.AuthenticationServiceException: Failed to open passthru auth session
        at org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.authenticatePassthru(NTLMAuthenticationComponentImpl.java:793)
        at org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.authenticate(NTLMAuthenticationComponentImpl.java:550)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:585)
        at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:281)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:187)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:154)
        at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:107)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)
        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:210)
        at $Proxy18.authenticate(Unknown Source)
        at org.alfresco.web.app.servlet.NTLMAuthenticationFilter.processType1(NTLMAuthenticationFilter.java:523)
        at org.alfresco.web.app.servlet.NTLMAuthenticationFilter.doFilter(NTLMAuthenticationFilter.java:395)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870)
        at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
        at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
        at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
        at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
        at java.lang.Thread.run(Thread.java:595)

BR,

Durian

Re: NTLM and CIFS configuration

Guys:
Alfresco forum migration broken my post.
So now we only have until step A while there were 4 steps and the complete configuration.
I'm discussing this with Alfresco privately, but otherwise I'll try to found some time to rewrite the post (and save it myself...)

Hateful :(

Artificial intelligence in one statement:

Keyboard not found. Press F1 to continue.

Re: NTLM and CIFS configuration

I'm facing just now this problem, and it's a pity we can't count on your post.

Do you have any news about this topic?

Thanks.

Re: NTLM and CIFS configuration

I'm discussing the topic with Alfresco, we will restore it ASAP.

I'll come back to you,
Gab

Artificial intelligence in one statement:

Keyboard not found. Press F1 to continue.

Re: NTLM and CIFS configuration

Old post (before migration) can be found here:

link removed by admin - this post has been restored

I'm asking Alfresco to restore this one, please report it in case you see other problems like this one.

Ciao and HTH,
Gab

Artificial intelligence in one statement:

Keyboard not found. Press F1 to continue.

Re: NTLM and CIFS configuration

Thanks so much.

By the way, do you know if it is still working on Alfresco 2.9?

Regards.

Re: NTLM and CIFS configuration

Thanks for this post.
It's really useful.

On the version 2.9b is a little bit different, but i got it working.

Re: NTLM and CIFS configuration

On 2.9C, we get the following log file entries when enabling NTLM passthru for CIFS. Is this a known issue?

07:06:15,811 DEBUG [smb.protocol.auth] No PassthruDetails for WSNB0

07:06:15,826 DEBUG [smb.protocol.auth] No PassthruDetails for WSNB0

07:06:15,826 DEBUG [smb.protocol.auth] No PassthruDetails for WSNB0

07:06:15,826 DEBUG [smb.protocol.auth] No PassthruDetails for WSNB0

07:06:18,967 DEBUG [smb.protocol.auth] No PassthruDetails for WSNB1

07:06:18,967 DEBUG [smb.protocol.auth] No PassthruDetails for WSNB1

07:06:27,045 DEBUG [smb.protocol.auth] No PassthruDetails for WSNB0

07:08:54,402 DEBUG [smb.protocol.auth] No PassthruDetails for WSNB2

07:08:54,496 DEBUG [smb.protocol.auth] No PassthruDetails for WSNB2

07:08:58,668 DEBUG [smb.protocol.auth] No PassthruDetails for WSNB2

07:08:58,699 DEBUG [smb.protocol.auth] No PassthruDetails for WSNB2

07:08:58,715 DEBUG [smb.protocol.auth] No PassthruDetails for WSNB2

07:08:58,840 DEBUG [smb.protocol.auth] No PassthruDetails for WSNB2

07:08:58,887 DEBUG [smb.protocol.auth] No PassthruDetails for WSNB2

07:08:58,918 DEBUG [smb.protocol.auth] No PassthruDetails for WSNB2

Regards,

Oliver Stein

Re: NTLM and CIFS configuration

Being a DEBUG line, I don't think this is a issue. You can stop it from logging by lowering the appropriate log category.
Unless you have functional issues related to that one.

Ciao!

Artificial intelligence in one statement:

Keyboard not found. Press F1 to continue.

Re: NTLM and CIFS configuration

sorry for the confusion - the log file entries are not the problem per se, it's the fact that the passthrough is not working for CIFS...

Can anybody post a working configuration with AD authentification for 2.9C please?

Regards,

Oliver Stein

Re: NTLM and CIFS configuration

Anybody please?

Regards,

Oliver Stein

Re: NTLM and CIFS configuration

This is a very good post. For Alfresco 2.2 Enterprise and additional step is required to disable Tomcats session persistence. Please look at this post for details http://forums.alfresco.com/viewtopic.php?f=9&t=12156&p=40893#p40656.

- Aniruddh

Re: NTLM and CIFS configuration

I'm seeing similar warnings to ostein, running 2.9C on Windows.

If I use the configuration suggested by mindthegab, then I get the following errors on startup:

16:57:26,265 User:System ERROR [smb.protocol.auth] No valid CIFS authentication combination available
16:57:26,265 User:System ERROR [smb.protocol.auth] Either enable Kerberos support or use an authentication component that supports MD4 hashed passwords
16:57:26,265 User:System ERROR [alfresco.smb.protocol] CIFS server configuration error, Invalid CIFS authenticator configuration
org.alfresco.error.AlfrescoRuntimeException: Invalid CIFS authenticator configuration
        at org.alfresco.filesys.auth.cifs.EnterpriseCifsAuthenticator.initialize(EnterpriseCifsAuthenticator.java:351)
        at org.alfresco.jlan.smb.server.CIFSConfigSection.setAuthenticator(CIFSConfigSection.java:556)
...

If I add the following to file-servers-custom.xml in the "CIFS Server" configuration:

<authenticator type="passthru">
  <Server>172.31.31.18</Server>
</authenticator>

Then Alfresco starts up without any errors, but when I try to login to CIFS I get "DEBUG [smb.protocol.auth] No PassthruDetails for WSNB2" logs in the console sometimes (possibly every dozen or so login attempts). Login fails, and defaults to "AXCELIA\admin". If I try to login as me, changing the user login to "AXCELIA\sam" I get an error dialog stating:

"The user name you typed is the same as the user name you logged in with. That user name has already been tried. A domain controller cannot be found to verify that user name."

I've also tried setting the field to be "AXCELIA\172.31.31.18". Our domain is AXCELIA, and 172.31.31.18 is our domain controller. I can login to the web interface using SSO from Firefox with no problem (my IE gives a DNS error, but other people's IE works fine - I think there's something wacky with IE on my machine).

Do I really need to configure Kerberos? I've seen the wiki page for this, and it looks like a lot of work, but since SSO for the web interface works fine I'm not convinced it's needed, and that it's really complaining about lack of hashed password support.

Anyone have any ideas?

Thanks,
Sam.

Re: NTLM and CIFS configuration

I used to work it around with chaining, e.g. configure a chaining auth with LDAP simple and internal alfresco authentication service in chain.
This way the 2 authentication will be tried in sequence (and they have "quasi" the same users, e.g. only newly added/removed from last LDAP synchronization can be non consistent), so that web client will authenticate directly against LDAP (or whatever SSO) and CIFS goes to the synced copy on the local alfresco.

As I said, it's a workaround as it's not 100% safe (imagine a user deleted because of company infringements and he's still able to login and delete CIFS stuff before new LDAP sync occurs) but it's the best I could got to work for LDAP simple + CIFS.

HTH,
Gab

Artificial intelligence in one statement:

Keyboard not found. Press F1 to continue.

Re: NTLM and CIFS configuration

Well, I moved back to 2.2, and your original instructions worked eventually. By forcing lots of attempts to login (actually whilst trying to get some debug out of it), it finally got the authentication information and allowed me to use CIFS using my domain account. It may have had something cached, or just had a dead connection (though Alfresco had been restarted many times). Anyway, it's working now.

Thanks,

Sam.

Re: NTLM and CIFS configuration

As of version 3.0 I am still having the problem:

Quote:
No PassthruDetails for WSNB1

I am trying to use Active Directory + NTLM + CIFS

Any comments?

Re: NTLM and CIFS configuration

hello every body

I am using alfresco 2.1 community on windows XP.
I followed the instructions for an integration NTLM+CIFS( it's ok with firefox but not for IE, i'll update my IE version and keep you abreast) + Windows AD(from the Windows Samll business Service Pack). I have problems with AD import

Gonna put my xml files I configured:

ldap-authentication-context.xml

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
 
<beans>
 
    <!-- DAO that rejects changes - LDAP is read only at the moment. It does allow users to be deleted with out warnings from the UI. -->
 
 
    <bean name="authenticationDao" class="org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao" >
        <property name="allowDeleteUser">
            <value>true</value>
        </property>
    </bean>    
 
 
    <!-- LDAP authentication configuration -->
 
    <!-- 
 
    You can also use JAAS authentication for Kerberos against Active Directory or NTLM if you also require single sign on from the
    web browser. You do not have to use LDAP authentication to synchronise groups and users from an LDAP store if it supports other
    authentication routes, like Active Directory.
 
    -->
 
 
    <bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl">
        <property name="LDAPInitialDirContextFactory">
            <ref bean="ldapInitialDirContextFactory"/>
        </property>
        <property name="userNameFormat">
            <!--
 
            This maps between what the user types in and what is passed through to the underlying LDAP authentication.
 
            "%s" - the user id is passed through without modification.
            Used for LDAP authentication such as DIGEST-MD5, anything that is not "simple".
 
            "cn=%s,ou=London,dc=company,dc=com" - If the user types in "Joe Bloggs" the authentricate as "cn=Joe Bloggs,ou=London,dc=company,dc=com" 
            Usually for simple authentication.
 
            -->
            <value>%s</value>
        </property>
    </bean>
 
 
    <!--
 
    This bean is used to support general LDAP authentication. It is also used to provide read only access to users and groups
    to pull them out of the LDAP reopsitory
 
    -->
 
 
 
 
    <bean id="ldapInitialDirContextFactory" class="org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl">
        <property name="initialDirContextEnvironment">
            <map>
                <!-- The LDAP provider -->
                <entry key="java.naming.factory.initial">
                    <value>com.sun.jndi.ldap.LdapCtxFactory</value>
                </entry>
 
                <!-- The url to the LDAP server -->
                <!-- Note you can use space separated urls - they will be tried in turn until one works -->
                <!-- This could be used to authenticate against one or more ldap servers (you will not know which one ....) -->
                <entry key="java.naming.provider.url">
                   <!--  <value>ldap://openldap.domain.com:389</value> -->
 
                        <value>ldap://server.domain.com:389</value>
 
                </entry>
 
                <!-- The authentication mechanism to use      -->
                <!-- Some sasl authentication mechanisms may require a realm to be set -->
                <!--                java.naming.security.sasl.realm -->
                <!-- The available options will depend on your LDAP provider -->
                <entry key="java.naming.security.authentication">
                   <value>DIGEST-MD5</value>
                </entry>
 
                <!-- The id of a user who can read group and user information -->
                <!-- This does not go through the pattern substitution defined above and is used "as is" -->
                <entry key="java.naming.security.principal">
                    <value>administratorlogin</value>
                </entry>
 
                <!-- The password for the user defined above -->
                <entry key="java.naming.security.credentials">
                    <value>administratorpassword</value>
                </entry>
            </map>
        </property>
    </bean>
 
    <!-- Ldap Syncronisation support -->
 
    <!-- 
 
    There can be more than one stack of beans that import users or groups. For example, it may be easier
    to have a version of ldapPeopleExportSource, and associated beans, for each sub-tree of your ldap directory
    from which you want to import users. You could then limit users to be imported from two or more sub tress and ignore 
    users found else where. The same applies to the import of groups. 
 
    The defaults shown below are for OpenLDAP.    
 
    -->
 
 
    <!-- Extract user information from LDAP and transform this to XML -->
 
    <bean id="ldapPeopleExportSource" class="org.alfresco.repo.security.authentication.ldap.LDAPPersonExportSource">
        <!-- 
        The query to select objects that represent the users to import.
 
        For Open LDAP, using a basic schema, the following is probably what you want:
        (objectclass=inetOrgPerson)
 
        For Active Directory:
        (objectclass=user)
        -->
 
 
        <property name="personQuery">
         <!-- <value>(objectclass=inetOrgPerson)</value> -->
            <value>(objectclass=user)</value>
        </property>
 
 
        <!--
        The seach base restricts the LDAP query to a sub section of tree on the LDAP server.
        -->
        <property name="searchBase">
           <value>ou=OU_name,dc=domain,dc=com</value>
        </property>
 
        <!--
        The unique identifier for the user.
 
        THIS MUST MATCH WHAT THE USER TYPES IN AT THE LOGIN PROMPT    
 
        For simple LDAP authentication this is likely to be "cn" or, less friendly, "distinguishedName"
 
        In OpenLDAP, using other authentication mechanisms "uid", but this depends on how you map
        from the id in the LDAP authentication request to search for the inetOrgPerson against which
        to authenticate.
 
        In Active Directory this is most likely to be "sAMAccountName" 
 
        This property is mandatory and must appear on all users found by the query defined above.
 
        -->
        <property name="userIdAttributeName">
            <value>sAMAccountName</value>
        </property>
 
        <!-- Services -->
        <property name="LDAPInitialDirContextFactory">
            <ref bean="ldapInitialDirContextFactory"/>
        </property>
        <property name="personService">
            <ref bean="personService"></ref>
        </property>
        <property name="namespaceService">
            <ref bean="namespaceService"/>
        </property>
 
        <!--
        This property defines a mapping between attributes held on LDAP user objects and
        the properties of user objects held in the repository. The key is the QName of an attribute in
        the repository, the value is the attribute name from the user/inetOrgPerson/.. object in the
        LDAP repository.     
        -->
        <property name="attributeMapping">
            <map>
                <entry key="cm:userName">
                    <!-- Must match the same attribute as userIdAttributeName -->         
 
              <value>sAMAccountName</value>
 
 
 
 
 
                </entry>
                <entry key="cm:firstName">
                    <!-- OpenLDAP: "givenName" -->
                    <!-- Active Directory: "givenName" -->
                    <value>givenName</value>
                </entry>
                <entry key="cm:lastName">
                    <!-- OpenLDAP: "sn" -->
                    <!-- Active Directory: "sn" -->
                    <value>sn</value>
                </entry>
 
               <!-- <entry key="cm:email"> -->
                    <!-- OpenLDAP: "mail" -->
                    <!-- Active Directory: "???" -->
                   <!-- <value>mail</value> -->
                  <!-- <value>???</value> -->
                <!--</entry> -->
 
              <!-- <entry key="cm:organizationId"> -->
                    <!-- OpenLDAP: "o" -->
                    <!-- Active Directory: "???" -->
                   <!-- <value>o</value> -->
                <!-- <value>???</value> -->
              <!-- </entry> -->
 
                <!-- Always use the default -->
                <entry key="cm:homeFolderProvider">
                    <null/>
                </entry>
            </map>
        </property>
        <!-- Set a default home folder provider -->
        <!-- Defaults only apply for values above -->
        <property name="attributeDefaults">
            <map>
                <entry key="cm:homeFolderProvider">
 
                    <!-- <value>personalHomeFolderProvider</value> -->
                <value>userHomesHomeFolderProvider</value>
 
 
                </entry>
            </map>
        </property>
    </bean>
 
    <!-- Extract group information from LDAP and transform this to XML -->
 
    <bean id="ldapGroupExportSource" class="org.alfresco.repo.security.authentication.ldap.LDAPGroupExportSource">
        <!--
        The query to select objects that represent the groups to import.
 
        For Open LDAP, using a basic schema, the following is probably what you want:
        (objectclass=groupOfNames)
 
        For Active Directory:
        (objectclass=group)
        -->
        <property name="groupQuery">
 
 
           <value>(objectclass=group)</value>
 
 
        </property>
 
        <!--
        The seach base restricts the LDAP query to a sub section of tree on the LDAP server.
        -->
        <property name="searchBase">
            <value>ou=OU_name,dc=domain,dc=com</value>
        </property>
 
        <!--
        The unique identifier for the user. This must match the userIdAttributeName on the ldapPeopleExportSource bean above.
        -->
        <property name="userIdAttributeName">
            <value>sAMAccountName</value>
        </property>
 
        <!--
        An attribute that is a unique identifier for each group found. 
        This is also the name of the group with the current group implementation.
        This is mandatory for any groups found.
 
        OpenLDAP: "cn" as it is mandatory on groupOfNames
        Active Directory: "cn"
 
        -->
        <property name="groupIdAttributeName">
            <value>cn</value>
        </property>
 
        <!-- 
        The objectClass attribute for group members.
        For each member of a group, the distinguished name is given.
        The object is looked up by its DN. If the object is of this class it is treated as a group. 
        -->
 
        <property name="groupType">
            <!-- <value>groupOfNames</value> -->
        <value>group</value>   
        </property>
 
        <!-- 
        The objectClass attribute for person members.
        For each member of a group, the distinguished name is given.
        The object is looked up by its DN. If the object is of this class it is treated as a person. 
        -->
 
 
        <property name="personType">
        <!-- <value>inetOrgPerson</value> -->
        <value>user</value>
        </property>
 
        <property name="LDAPInitialDirContextFactory">
            <ref bean="ldapInitialDirContextFactory"/>
        </property>
        <property name="namespaceService">
            <ref bean="namespaceService"/>
        </property>
 
        <!--
        The repeating attribute on group objects (found by query or as sub groups)
        used to define membership of the group. This is assumed to hold distinguished names of
        other groups or users/people; the above types are used to determine this.
 
        OpenLDAP: "member" as it is mandatory on groupOfNames
        Active Directory: "member"
 
        -->
        <property name="memberAttribute">
            <value>member</value>
        </property>
 
        <property name="authorityDAO">
            <ref bean="authorityDAO"/>
        </property>
    </bean>
 
    <!-- Job definitions to import LDAP people and groups -->
    <!-- The triggers register themselves with the scheduler -->
    <!-- You may comment in the default scheduler to enable these triggers -->
    <!-- If a cron base trigger is what you want seee scheduled-jobs-context.xml for examples. -->
 
    <!-- Trigger to load poeple -->
    <!-- Note you can have more than one initial (context, trigger, import job and export source) set -->
    <!-- This would allow you to load people from more than one ldap store -->
 
    <bean id="ldapPeopleTrigger" class="org.alfresco.util.TriggerBean">
        <property name="jobDetail">
            <bean id="ldapPeopleJobDetail" class="org.springframework.scheduling.quartz.JobDetailBean">
                <property name="jobClass">
                    <value>org.alfresco.repo.importer.ImporterJob</value>
                </property>
                <property name="jobDataAsMap">
                    <map>
                        <entry key="bean">
                            <ref bean="ldapPeopleImport"/>
                        </entry>
                    </map>
                </property>
            </bean>
        </property>
        <!-- Start after 5 minutes of starting the repository -->
        <property name="startDelay">
            <value>300000</value>
        </property>
        <!-- Repeat every hour -->
        <property name="repeatInterval">
            <value>3600000</value>
        </property>
 
 
<!-- enable-->
        <!-- Commented out to disable -->
        <property name="scheduler">
            <ref bean="schedulerFactory" />
        </property>
 
 
    </bean>
 
    <bean id="ldapGroupTrigger" class="org.alfresco.util.TriggerBean">
        <property name="jobDetail">
            <bean id="ldapGroupJobDetail" class="org.springframework.scheduling.quartz.JobDetailBean">
                <property name="jobClass">
                    <value>org.alfresco.repo.importer.ImporterJob</value>
                </property>
                <property name="jobDataAsMap">
                    <map>
                        <entry key="bean">
                            <ref bean="ldapGroupImport"/>
                        </entry>
                    </map>
                </property>
            </bean>
        </property>
        <!-- Start after 5 minutes of starting the repository -->
        <property name="startDelay">
            <value>300000</value>
        </property>
        <!-- Repeat every hour -->
        <property name="repeatInterval">
            <value>3600000</value>
        </property>
 
 
<!-- enable -->
        <!-- Commented out to disable -->
        <property name="scheduler">
            <ref bean="schedulerFactory" />
        </property>
 
    </bean>
 
    <!-- The bean that imports xml describing people -->
 
    <bean id="ldapPeopleImport" class="org.alfresco.repo.importer.ExportSourceImporter">
        <property name="importerService">
            <ref bean="importerComponentWithBehaviour"/>
        </property>
        <property name="transactionService">
            <ref bean="transactionComponent"/>
        </property>
        <property name="authenticationComponent">
            <ref bean="authenticationComponent"/>
        </property>
        <property name="exportSource">
            <ref bean="ldapPeopleExportSource"/>
        </property>
 
        <!-- The store that contains people - this should not be changed -->
        <property name="storeRef">
            <value>${spaces.store}</value>
        </property>
 
        <!-- The location of people nodes within the store defined above - this should not be changed -->
        <property name="path">
            <value>/${system.system_container.childname}/${system.people_container.childname}</value>
        </property>
 
        <!-- If true, clear all existing people before import, if false update/add people from the xml -->
        <property name="clearAllChildren">
            <value>false</value>
        </property>
        <property name="nodeService">
            <ref bean="nodeService"/>
        </property>
        <property name="searchService">
            <ref bean="searchService"/>
        </property>
        <property name="namespacePrefixResolver">
            <ref bean="namespaceService"/>
        </property>
 
 
        <property name="caches">
            <set>
                <ref bean="permissionsAccessCache"/>
            </set>
        </property>
    </bean>
 
    <!-- The bean that imports xml descibing groups -->
 
    <bean id="ldapGroupImport" class="org.alfresco.repo.importer.ExportSourceImporter">
        <property name="importerService">
            <ref bean="importerComponentWithBehaviour"/>
        </property>
        <property name="transactionService">
            <ref bean="transactionComponent"/>
        </property>
        <property name="authenticationComponent">
            <ref bean="authenticationComponent"/>
        </property>
        <property name="exportSource">
            <ref bean="ldapGroupExportSource"/>
        </property>
        <!-- The store that contains group information - this should not be changed -->
        <property name="storeRef">
            <value>${alfresco_user_store.store}</value>
        </property>
 
        <!-- The location of group information in the store above - this should not be changed -->
        <property name="path">
            <value>/${alfresco_user_store.system_container.childname}/${alfresco_user_store.authorities_container.childname}</value>
        </property>
 
        <!-- If true, clear all existing groups before import, if false update/add groups from the xml -->
        <property name="clearAllChildren">
            <value>true</value>
        </property>
        <property name="nodeService">
            <ref bean="nodeService"/>
        </property>
        <property name="searchService">
            <ref bean="searchService"/>
        </property>
        <property name="namespacePrefixResolver">
            <ref bean="namespaceService"/>
        </property>
 
        <!-- caches to clear on import of groups -->
        <property name="caches">
            <set>
                <ref bean="userToAuthorityCache"/>
                <ref bean="permissionsAccessCache"/>
            </set>
        </property>
 
        <!-- userToAuthorityCache -->
    </bean>
 
</beans>

scheduled-jobs-context.xml

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
 
<beans>
 
    <!-- Task scheduler -->
    <!-- Triggers should not appear here - the scheduler should be injected into the trigger definition -->
    <!-- This bean should not need to apear else where in extension configuration -->
    <bean id="schedulerFactory" class="org.springframework.scheduling.quartz.SchedulerFactoryBean">
        <property name="waitForJobsToCompleteOnShutdown">
            <value>true</value>
        </property>
        <property name="configLocation">
            <value>classpath:alfresco/domain/quartz.properties</value>
        </property>
        <property name="schedulerName">
            <value>DefaultScheduler</value>
        </property>
        <!-- Do not auto start the scheduler - this is done at the end of the bootstrap process -->
        <property name="autoStartup">
           <!--- put true value -->
            <value>true</value>
 
        </property>
    </bean>
 
    <!--                 -->
    <!-- Scheduled tasks -->
    <!--                 -->
 
    <bean id="ftsIndexerTrigger" class="org.alfresco.util.TriggerBean">
        <property name="jobDetail">
            <bean id="ftsIndexerJobDetail" class="org.springframework.scheduling.quartz.JobDetailBean">
                <property name="jobClass">
                    <value>org.alfresco.repo.search.impl.lucene.fts.FTSIndexerJob</value>
                </property>
                <property name="jobDataAsMap">
                    <map>
                        <entry key="bean">
                            <ref bean="LuceneFullTextSearchIndexer" />
                        </entry>
                    </map>
                </property>
            </bean>
        </property>
        <property name="scheduler">
            <ref bean="schedulerFactory" />
        </property>
        <property name="startDelayMinutes">
            <value>1</value>
        </property>
        <property name="repeatIntervalMinutes">
            <value>1</value>
        </property>
    </bean>
 
    <!-- This has now been moved into the bootstrap process and is not required here -->
    <!--
    <bean id="indexRecoveryTrigger" class="org.alfresco.util.TriggerBean">
        <property name="jobDetail">
            <bean class="org.springframework.scheduling.quartz.JobDetailBean">
                <property name="jobClass">
                    <value>org.alfresco.repo.node.index.IndexRecoveryJob</value>
                </property>
                <property name="jobDataAsMap">
                    <map>
                        <entry key="indexRecoveryComponent">
                            <ref bean="indexRecoveryComponent" />
                        </entry>
                    </map>
                </property>
            </bean>
        </property>
        <property name="scheduler">
            <ref bean="schedulerFactory" />
        </property>
        <property name="startDelayMinutes">
            <value>1</value>
        </property>
        <property name="repeatCount">
            <value>0</value>
        </property>
    </bean>
    -->
 
    <bean id="tempFileCleanerTrigger" class="org.alfresco.util.TriggerBean">
        <property name="jobDetail">
            <bean id="tempFileCleanerJobDetail" class="org.springframework.scheduling.quartz.JobDetailBean">
                <property name="jobClass">
                    <value>org.alfresco.util.TempFileProvider$TempFileCleanerJob</value>
                </property>
                <property name="jobDataAsMap">
                    <map>
                        <entry key="protectHours">
                            <value>1</value>
                        </entry>
                    </map>
                </property>
            </bean>
        </property>
        <property name="scheduler">
            <ref bean="schedulerFactory" />
        </property>
        <!-- start after half an hour and repeat hourly -->
        <property name="startDelayMinutes">
            <value>30</value>
        </property>
        <property name="repeatIntervalMinutes">
            <value>60</value>
        </property>
    </bean>
 
    <bean id="fileContentStoreCleanerJobDetail" class="org.springframework.scheduling.quartz.JobDetailBean">
        <property name="jobClass">
            <value>org.alfresco.repo.content.cleanup.ContentStoreCleanupJob</value>
        </property>
        <property name="jobDataAsMap">
            <map>
                <entry key="contentStoreCleaner">
                    <ref bean="contentStoreCleaner" />
                </entry>
            </map>
        </property>
    </bean>
    <bean id="contentStoreCleanerTrigger" class="org.alfresco.util.CronTriggerBean">
        <property name="jobDetail">
            <ref bean="fileContentStoreCleanerJobDetail" />
        </property>
        <property name="scheduler">
            <ref bean="schedulerFactory" />
        </property>
        <!-- trigger at 4am each day -->
        <property name="cronExpression">
            <value>0 0 4 * * ?</value>
        </property>
    </bean>
 
    <bean id="indexBackupJobDetail" class="org.springframework.scheduling.quartz.JobDetailBean">
        <property name="jobClass">
            <value>org.alfresco.repo.search.impl.lucene.AbstractLuceneIndexerAndSearcherFactory$LuceneIndexBackupJob</value>
        </property>
        <property name="jobDataAsMap">
            <map>
                <entry key="luceneIndexBackupComponent">
                    <ref bean="luceneIndexBackupComponent" />
                </entry>
            </map>
        </property>
    </bean>
    <bean id="indexBackupTrigger" class="org.alfresco.util.CronTriggerBean">
        <property name="jobDetail">
            <ref bean="indexBackupJobDetail" />
        </property>
        <property name="scheduler">
            <ref bean="schedulerFactory" />
        </property>
        <!-- trigger at 3am each day -->
        <property name="cronExpression">
            <value>0 0 3 * * ?</value>
        </property>
    </bean>
 
    <!-- enable DEBUG for 'org.alfresco.repo.cache.EhCacheTracerJob' and enable scheduler property to activate -->
    <bean id="ehCacheTracerJob" class="org.alfresco.util.TriggerBean">
        <property name="jobDetail">
            <bean id="ehCacheTracerJobDetail" class="org.springframework.scheduling.quartz.JobDetailBean">
                <property name="jobClass">
                    <value>org.alfresco.repo.cache.EhCacheTracerJob</value>
                </property>
            </bean>
        </property>
 
 
 
 
<!-- activate the bean -->
 
        <!-- enable this to activate bean -->
        <property name="scheduler">
            <ref bean="schedulerFactory" />
        </property>
 
        <!-- start after an hour and repeat hourly -->
        <property name="startDelayMinutes">
            <value>60</value>
        </property>
        <property name="repeatIntervalMinutes">
            <value>60</value>
        </property>
    </bean>
 
    <bean id="avmOrphanReaperJob" class="org.alfresco.util.TriggerBean">
        <property name="jobDetail">
            <bean id="avmOrphanReaperJobDetail" class="org.springframework.scheduling.quartz.JobDetailBean">
                <property name="jobClass">
                    <value>org.alfresco.repo.avm.OrphanReaperJob</value>
                </property>
		        <property name="jobDataAsMap">
            		<map>
                		<entry key="orphanReaper">
                    		<ref bean="orphanReaper"/>
                		</entry>
            		</map>
        		</property>
            </bean>
        </property>
        <property name="scheduler">
            <ref bean="schedulerFactory"/>
        </property>
        <property name="startDelayMinutes">
            <value>1</value>
        </property>
        <property name="repeatIntervalMinutes">
            <value>1</value>
        </property>
    </bean>
 
    <!-- Job to scan for expired content in website staging areas -->
    <bean id="avmExpiredContentTrigger" class="org.alfresco.util.CronTriggerBean">
        <property name="jobDetail">
            <bean id="avmExpiredContentJobDetail" class="org.springframework.scheduling.quartz.JobDetailBean">
                <property name="jobClass">
                    <value>org.alfresco.repo.avm.AVMExpiredContentJob</value>
                </property>
                <property name="jobDataAsMap">
                    <map>
                       <entry key="expiredContentProcessor">
                           <ref bean="avmExpiredContentProcessor" />
                       </entry>
                    </map>
                </property>
            </bean>
        </property>
        <property name="scheduler">
            <ref bean="schedulerFactory" />
        </property>
        <!-- trigger at 3:30am each day -->
        <property name="cronExpression">
            <value>0 30 3 * * ?</value>
        </property>
    </bean>
</beans>

dans file-servers-custom j'ai activé l'authentification alfresco (avec CIFS+NTLM)

 <config evaluator="string-compare" condition="Filesystem Security">
<authenticator type="alfresco"/>
</config>

My alfresco.log

10:21:40,631 DEBUG [org.alfresco.smb.protocol.auth] Added passthru server [domain.com:IPaddress_of_ADserver:Offline:0,0]
10:21:40,990 DEBUG [org.alfresco.smb.protocol.auth] New auth session from name_of_alfrescoserver_1 to \\IPaddress_of_ADserver\IPC$\
10:21:41,084 DEBUG [org.alfresco.smb.protocol.auth] Trying IPaddress_of_ADserver
10:21:41,131 DEBUG [org.alfresco.smb.protocol.auth] Connected to address IPaddress_of_ADserver
10:21:41,209 DEBUG [org.alfresco.smb.protocol.auth] Connected session, protocol : TCP/IP NetBIOS
10:21:41,319 DEBUG [org.alfresco.smb.protocol.auth] SessionFactory: Negotiated SMB dialect NT LM 0.12
10:21:41,319 DEBUG [org.alfresco.smb.protocol.auth] Passthru server online, [domain.com:IPaddress_of_ADserver:Online:0,0]
10:21:49,463 WARN  [org.springframework.remoting.rmi.RmiRegistryFactoryBean] Could not detect RMI registry - creating new one
10:21:55,591 WARN  [org.alfresco.util.OpenOfficeConnectionTester] A connection to OpenOffice could not be established.
10:22:02,579 ERROR [org.springframework.web.context.ContextLoader] Context initialization failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapInitialDirContextFactory' defined in file [C:\Alfresco\tomcat\shared\classes\alfresco\extension\ldap-authentication-context.xml]: Invocation of init method failed; nested exception is java.lang.ClassFormatError: Truncated class file
Caused by: 
java.lang.ClassFormatError: Truncated class file
	at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2616)
	at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:287)
	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
	at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
	at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
	at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
	at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
	at javax.naming.InitialContext.init(InitialContext.java:223)
	at javax.naming.InitialContext.<init>(InitialContext.java:197)
	at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
	at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.afterPropertiesSet(LDAPInitialDirContextFactoryImpl.java:225)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1118)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1085)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:429)
	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:250)
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:141)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:247)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:161)
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:273)
	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:346)
	at org.springframework.web.context.support.AbstractRefreshableWebApplicationContext.refresh(AbstractRefreshableWebApplicationContext.java:156)
	at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:246)
	at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:184)
	at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:49)
	at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3764)
	at org.apache.catalina.core.StandardContext.start(StandardContext.java:4216)
	at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
	at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
	at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
	at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:825)
	at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:714)
	at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:490)
	at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138)
	at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
	at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
	at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
	at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
	at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
	at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
	at org.apache.catalina.core.StandardService.start(StandardService.java:448)
	at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
	at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
	at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
10:22:02,594 ERROR [org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/alfresco]] Exception lors de l'envoi de l'évènement contexte initialisé (context initialized) à l'instance de classe d'écoute (listener) org.springframework.web.context.ContextLoaderListener
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapInitialDirContextFactory' defined in file [C:\Alfresco\tomcat\shared\classes\alfresco\extension\ldap-authentication-context.xml]: Invocation of init method failed; nested exception is java.lang.ClassFormatError: Truncated class file
Caused by: 
java.lang.ClassFormatError: Truncated class file
	at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2616)
	at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:287)
	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
	at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
	at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
	at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
	at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
	at javax.naming.InitialContext.init(InitialContext.java:223)
	at javax.naming.InitialContext.<init>(InitialContext.java:197)
	at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
	at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.afterPropertiesSet(LDAPInitialDirContextFactoryImpl.java:225)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1118)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1085)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:429)
	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:250)
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:141)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:247)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:161)
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:273)
	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:346)
	at org.springframework.web.context.support.AbstractRefreshableWebApplicationContext.refresh(AbstractRefreshableWebApplicationContext.java:156)
	at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:246)
	at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:184)
	at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:49)
	at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3764)
	at org.apache.catalina.core.StandardContext.start(StandardContext.java:4216)
	at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
	at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
	at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
	at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:825)
	at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:714)
	at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:490)
	at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138)
	at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
	at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
	at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
	at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
	at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
	at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
	at org.apache.catalina.core.StandardService.start(StandardService.java:448)
	at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
	at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
	at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
10:22:02,610 ERROR [org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/alfresco]] Exception lors de l'envoi de l'évènement contexte initialisé (context initialized) à l'instance de classe d'écoute (listener) org.alfresco.web.app.ContextListener
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapInitialDirContextFactory' defined in file [C:\Alfresco\tomcat\shared\classes\alfresco\extension\ldap-authentication-context.xml]: Invocation of init method failed; nested exception is java.lang.ClassFormatError: Truncated class file
Caused by: 
java.lang.ClassFormatError: Truncated class file
	at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2616)
	at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:287)
	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
	at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
	at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
	at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
	at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
	at javax.naming.InitialContext.init(InitialContext.java:223)
	at javax.naming.InitialContext.<init>(InitialContext.java:197)
	at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
	at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.afterPropertiesSet(LDAPInitialDirContextFactoryImpl.java:225)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1118)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1085)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:429)
	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:250)
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:141)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:247)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:161)
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:273)
	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:346)
	at org.springframework.web.context.support.AbstractRefreshableWebApplicationContext.refresh(AbstractRefreshableWebApplicationContext.java:156)
	at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:246)
	at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:184)
	at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:49)
	at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3764)
	at org.apache.catalina.core.StandardContext.start(StandardContext.java:4216)
	at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
	at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
	at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
	at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:825)
	at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:714)
	at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:490)
	at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138)
	at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
	at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
	at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
	at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
	at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
	at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
	at org.apache.catalina.core.StandardService.start(StandardService.java:448)
	at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
	at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
	at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)

my catalina log

14 août 2008 10:17:05 org.apache.coyote.http11.Http11BaseProtocol init
INFO: Initialisation de Coyote HTTP/1.1 sur http-8080
14 août 2008 10:17:05 org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 2971 ms
14 août 2008 10:17:06 org.apache.catalina.core.StandardService start
INFO: Démarrage du service Catalina
14 août 2008 10:17:06 org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/5.5.23
14 août 2008 10:17:06 org.apache.catalina.core.StandardHost start
INFO: XML validation disabled
14 août 2008 10:17:08 org.apache.catalina.startup.HostConfig deployWAR
INFO: Déploiement de l'archive alfresco.war de l'application web
14 août 2008 10:20:24 org.apache.catalina.startup.Catalina stopServer
GRAVE: Catalina.stop:
java.net.ConnectException: Connection refused: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:195)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
at java.net.Socket.connect(Socket.java:519)
at java.net.Socket.connect(Socket.java:469)
at java.net.Socket.<init>(Socket.java:366)
at java.net.Socket.<init>(Socket.java:180)
at org.apache.catalina.startup.Catalina.stopServer(Catalina.java:395)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.stopServer(Bootstrap.java:344)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:435)
14 août 2008 10:20:36 org.apache.coyote.http11.Http11BaseProtocol init
INFO: Initialisation de Coyote HTTP/1.1 sur http-8080
14 août 2008 10:20:36 org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 2940 ms
14 août 2008 10:20:36 org.apache.catalina.core.StandardService start
INFO: Démarrage du service Catalina
14 août 2008 10:20:36 org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/5.5.23
14 août 2008 10:20:36 org.apache.catalina.core.StandardHost start
INFO: XML validation disabled
14 août 2008 10:20:38 org.apache.catalina.startup.HostConfig deployWAR
INFO: Déploiement de l'archive alfresco.war de l'application web
14 août 2008 10:22:02 org.apache.catalina.core.StandardContext start
GRAVE: Error listenerStart
14 août 2008 10:22:02 org.apache.catalina.core.StandardContext start
GRAVE: Erreur de démarrage du contexte [/alfresco] suite aux erreurs précédentes
14 août 2008 10:22:06 org.apache.coyote.http11.Http11BaseProtocol start
INFO: Démarrage de Coyote HTTP/1.1 sur http-8080
14 août 2008 10:22:06 org.apache.catalina.storeconfig.StoreLoader load
INFO: Find registry server-registry.xml at classpath resource
14 août 2008 10:22:07 org.apache.catalina.startup.Catalina start
INFO: Server startup in 91125 ms

I set the categories in log4j.properties for debugging too.

It seems that the problem is this error

    org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapInitialDirContextFactory' defined in file [C:\Alfresco\tomcat\shared\classes\alfresco\extension\ldap-authentication-context.xml]: Invocation of init method failed; nested exception is java.lang.ClassFormatError: Truncated class file Caused by:
    java.lang.ClassFormatError: Truncated class file

Are there other files to configure for AD import?

Could someone help me?

Re: NTLM and CIFS configuration

it's OK now! :D

Re: NTLM and CIFS configuration

Hi
I am evaluating Alfresco Enterprise version 3.0 but I am also facing the same issue:

No PassthruDetails for WSNB1

I have used Active Directory + CIFS

please help

Sudhir Korde

Re: NTLM and CIFS configuration

Still no solution to the "No PassthruDetails"-error?

I've tried the enterprise today and got the same error so i guess it is a configuration-problem. I'm trying to get the cifs authentication to work with AD.

Re: NTLM and CIFS configuration

hello... I am having the same problem with AD + CIFS (DIGEST-MD5)...

I cannot logon, and the log shows these lines that are not errors but should mean something...

PLEASE HELP!

Quote:

12:50:09,071 INFO [alfresco.linkvalidation.LinkValidationServiceImpl] LinkValidationService disabled (pollInterval <= 0)
13:02:07,335 DEBUG [smb.protocol.auth] No PassthruDetails for WSNB1
13:02:07,351 DEBUG [smb.protocol.auth] Null CIFS logon allowed
13:02:08,398 DEBUG [smb.protocol.auth] No PassthruDetails for WSNB1
13:02:08,460 DEBUG [smb.protocol.auth] No PassthruDetails for WSNB1

Re: NTLM and CIFS configuration

Enalbe SSO in your Alfresco server and use alfresco as authentication type insted of passthrough in your file-server.xml

Sudhir Korde

Re: NTLM and CIFS configuration

Hi, I am using lab 3c. I've tried everything I read in this thread, but I still have not gotten CIFS to work with NTLM SSO authentication. Mine is a very classic case of authenticating versus an Microsoft Active Directory using NTLM w/ SSO, so I am very curious of what could possibly go wrong.

I can login the alfresco website using AD credentials already, so I suppose this means NTLM SSO is working. And when I do 'nbtstat -n', I do see my "MACHINENAMEA" entry (MACHINENAMEA <00> UNIQUE Registered), so I suppose that means the CIFS server is running too, as that is also indicated in the log.

NOW, when I tried to map the drive "\\MACHINENAMEA\alfresco", it tells me this:

Quote:
The mapped network drive could not be created because the following error has occurred:
An extended error has occurred.

Is there any way I can tell what this extended error is?

If I type in "\\MACHINENAMEA\alfresco" directly in a windows exploror I see this:

Quote:
Windows cannot find '\\MACHINENAMEA\alfresco'. Check the spelling and try again, or try searching for the item by clicking the Start button and then clicking Search.

and this in the log file:
Quote:

13:01:48,618 DEBUG [smb.protocol.auth] Null CIFS logon allowed
13:01:58,003 DEBUG [smb.protocol.auth] Null CIFS logon allowed
13:02:00,220 DEBUG [smb.protocol.auth] Null CIFS logon allowed

Does anybody have a clue what might be preventing this to work? Do I have to do anything with in file-servers.xml?
PLEASE HELP!

Attached my config files:
ntlm-authentication-context.xml:

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
<bean id="authenticationDao" class="org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao" >
<property name="allowSetEnabled" value="true" />
<property name="allowGetEnabled" value="true" />
<property name="allowDeleteUser" value="true" />
<property name="allowCreateUser" value="true" />
</bean>
<bean id="authenticationComponent"
class="org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl"
parent="authenticationComponentBase">
<property name="useLocalServer">
<value>false</value>
</property>
<property name="servers">
<value>192.168.1.10</value>
</property>
<property name="personService">
<ref bean="personService" />
</property>
<property name="nodeService">
<ref bean="nodeService" />
</property>
<property name="transactionService">
<ref bean="transactionComponent" />
</property>
<property name="guestAccess">
<value>true</value>
</property>
</bean>
</beans>

file-servers-custom.xml
    <alfresco-config area="file-servers">
<config evaluator="string-compare" condition="CIFS Server">
<serverEnable enabled="true" />
<!-- Insert here IP or hostname of this alfresco server, and the NT domain name in which you want to integrate-->
<host name="MYMACHINEA" domain="MYDOMAIN" />
<comment>Alfresco CIFS Server</comment>
<!-- Set to the broadcast mask for the subnet -->
<broadcast>255.255.255.255</broadcast>
<sessionDebug flags="Negotiate,Socket" />
<authenticator type="alfresco"/>
</config>
 
<config evaluator="string-compare" condition="Filesystems" replace="true">
<filesystems>
<filesystem name="Alfresco">
<store>workspace://SpacesStore</store>
<rootPath>/app:company_home</rootPath>
<!-- Add a URL file to each folder that links back to the web client -->
<urlFile>
<filename>__Alfresco.url</filename>
<webpath>http://${localname}:8080/alfresco/</webpath>
</urlFile>
<!-- Mark locked files as offline -->
<offlineFiles />
<!-- Desktop actions -->
<desktopActions>
<global>
<path>alfresco/desktop/Alfresco.exe</path>
<webpath>http://${localname}:8080/alfresco/</webpath>
</global>
<action>
<class>org.alfresco.filesys.repo.desk.CheckInOutDesktopAction</class>
<name>CheckInOut</name>
<filename>__CheckInOut.exe</filename>
</action>
<action>
<class>org.alfresco.filesys.repo.desk.JavaScriptDesktopAction</class>
<name>JavaScriptURL</name>
<filename>__ShowDetails.exe</filename>
<script>alfresco/desktop/showDetails.js</script>
<attributes>anyFiles</attributes>
<preprocess>copyToTarget</preprocess>
</action>
</desktopActions>
</filesystem>
<!-- AVM virtualization view of all stores/versions for WCM -->
<avmfilesystem name="AVM">
<virtualView />
</avmfilesystem>
</filesystems>
</config>
 
<!-- Authenticator should be of type alfresco -->
<config evaluator="string-compare" condition="Filesystem Security" replace="true">
<authenticator type="alfresco" />
</config>
</alfresco-config>

web.xml:
<?xml version='1.0' encoding='UTF-8'?>
 
<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
 
<web-app>
<display-name>Alfresco Web Client</display-name>
 
<description>Alfresco Web Client</description>
 
<context-param>
<param-name>org.jboss.jbossfaces.WAR_BUNDLES_JSF_IMPL</param-name>
<param-value>true</param-value>
</context-param>
 
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>server</param-value>
</context-param>
 
<context-param>
<param-name>javax.faces.CONFIG_FILES</param-name>
<param-value>/WEB-INF/faces-config-app.xml,/WEB-INF/faces-config-beans.xml,/WEB-INF/faces-config-navigation.xml,/WEB-INF/faces-config-common.xml,/WEB-INF/faces-config-repo.xml,/WEB-INF/faces-config-wcm.xml,/WEB-INF/faces-config-custom.xml</param-value>
</context-param>
 
<context-param>
<param-name>org.apache.myfaces.ALLOW_JAVASCRIPT</param-name>
<param-value>true</param-value>
</context-param>
 
<context-param>
<param-name>org.apache.myfaces.DETECT_JAVASCRIPT</param-name>
<param-value>false</param-value>
<description>This is an EXPERIMENTAL feature, so leave it off for now!</description>
</context-param>
 
<context-param>
<param-name>org.apache.myfaces.SERIALIZE_STATE_IN_SESSION</param-name>
<param-value>false</param-value>
<description>Stop MyFaces from Serializing the state to the session</description>
</context-param>
 
<!-- TODO: Change this to false for production -->
<context-param>
<param-name>org.apache.myfaces.PRETTY_HTML</param-name>
<param-value>true</param-value>
<description>
If true, rendered HTML code will be formatted, so that it is "human readable".
i.e. additional line separators and whitespace will be written, that do not
influence the HTML code.
Default: "true"
</description>
</context-param>
 
<context-param>
<param-name>org.apache.myfaces.AUTO_SCROLL</param-name>
<param-value>false</param-value>
<description>
If true, a javascript function will be rendered that is able to restore the
former vertical scroll on every request. Convenient feature if you have pages
with long lists and you do not want the browser page to always jump to the top
if you trigger a link or button action that stays on the same page.
Default: "false"
</description>
</context-param>
 
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:alfresco/application-context.xml
classpath:alfresco/webscript-framework-application-context.xml
classpath:alfresco/web-client-application-context.xml
classpath:alfresco/web-scripts-application-context.xml
classpath:alfresco/web-services-application-context.xml
 
<!--
To give final control over the tuning of the custom environment,
the custom-web-context.xml file is processed last (note:
custom-web-context.xml isn't part of the source tree itself).
-->
classpath*:alfresco/extension/custom-web-context.xml
 
</param-value>
<description>Spring config file locations</description>
</context-param>
 
<!-- These were previously init params for the WebDAV servlet,
but since they are also needed to MT-enable the
ExternalAccess servlet, I have made them context wide. -->
<context-param>
<param-name>store</param-name>
<param-value>workspace://SpacesStore</param-value>
</context-param>
<context-param>
<param-name>rootPath</param-name>
<param-value>/app:company_home</param-value>
</context-param>
 
 
<filter>
<filter-name>Authentication Filter</filter-name>
<!--
<filter-class>org.alfresco.web.app.servlet.AuthenticationFilter</filter-class>
-->
<!-- For NTLM authentication support use the following filter, also see the filter-mapping section -->
<filter-class>org.alfresco.web.app.servlet.NTLMAuthenticationFilter</filter-class>
 
<!-- For Novell IChain support use the following filter -->
<!--
<filter-class>org.alfresco.web.app.servlet.NovellIChainsHTTPRequestAuthenticationFilter</filter-class>
-->
</filter>
 
<!-- For NTLM authentication support use the following filter, also see the filter-mapping section -->
 
<filter>
<filter-name>WebScript NTLM Authentication Filter</filter-name>
<filter-class>org.alfresco.web.app.servlet.WebScriptNTLMAuthenticationFilter</filter-class>
</filter>
 
 
<filter>
<filter-name>WebDAV Authentication Filter</filter-name>
<!--
<filter-class>org.alfresco.repo.webdav.auth.AuthenticationFilter</filter-class>
-->
<!-- For NTLM authentication support use the following filter -->
<filter-class>org.alfresco.repo.webdav.auth.NTLMAuthenticationFilter</filter-class>
</filter>
 
<filter>
<filter-name>Admin Authentication Filter</filter-name>
<filter-class>org.alfresco.web.app.servlet.AdminAuthenticationFilter</filter-class>
</filter>
 
 
<!-- For NTLM authentication support enable the following mappings -->
<!-- after enabling the NTLMAuthenticationFilter filter class above -->
 
<filter-mapping>
<filter-name>Authentication Filter</filter-name>
<url-pattern>/navigate/*</url-pattern>
</filter-mapping>
 
<filter-mapping>
<filter-name>Authentication Filter</filter-name>
<url-pattern>/command/*</url-pattern>
</filter-mapping>
 
<filter-mapping>
<filter-name>Authentication Filter</filter-name>
<url-pattern>/download/*</url-pattern>
</filter-mapping>
 
<filter-mapping>
<filter-name>Authentication Filter</filter-name>
<url-pattern>/template/*</url-pattern>
</filter-mapping>
 
<filter-mapping>
<filter-name>Authentication Filter</filter-name>
<url-pattern>/n/*</url-pattern>
</filter-mapping>
 
<filter-mapping>
<filter-name>Authentication Filter</filter-name>
<url-pattern>/c/*</url-pattern>
</filter-mapping>
 
<filter-mapping>
<filter-name>Authentication Filter</filter-name>
<url-pattern>/t/*</url-pattern>
</filter-mapping>
 
<filter-mapping>
<filter-name>Authentication Filter</filter-name>
<url-pattern>/d/*</url-pattern>
</filter-mapping>
 
<filter-mapping>
<filter-name>WebScript NTLM Authentication Filter</filter-name>
<url-pattern>/wcservice/*</url-pattern>
</filter-mapping>
 
<filter-mapping>
<filter-name>WebScript NTLM Authentication Filter</filter-name>
<url-pattern>/wcs/*</url-pattern>
</filter-mapping>
 
<filter-mapping>
<filter-name>Authentication Filter</filter-name>
<url-pattern>/ajax/*</url-pattern>
</filter-mapping>
 
 
 
<filter-mapping>
<filter-name>Authentication Filter</filter-name>
<url-pattern>/faces/*</url-pattern>
</filter-mapping>
 
<filter-mapping>
<filter-name>WebDAV Authentication Filter</filter-name>
<url-pattern>/webdav/*</url-pattern>
</filter-mapping>
 
<filter-mapping>
<filter-name>Admin Authentication Filter</filter-name>
<url-pattern>/faces/jsp/admin/*</url-pattern>
</filter-mapping>
 
<filter-mapping>
<filter-name>Admin Authentication Filter</filter-name>
<url-pattern>/faces/jsp/categories/*</url-pattern>
</filter-mapping>
 
<filter-mapping>
<filter-name>Admin Authentication Filter</filter-name>
<url-pattern>/faces/jsp/groups/*</url-pattern>
</filter-mapping>
 
<filter-mapping>
<filter-name>Admin Authentication Filter</filter-name>
<url-pattern>/faces/jsp/users/delete-user.jsp</url-pattern>
</filter-mapping>
 
<filter-mapping>
<filter-name>Admin Authentication Filter</filter-name>
<url-pattern>/faces/jsp/users/users.jsp</url-pattern>
</filter-mapping>
 
<filter-mapping>
<filter-name>Admin Authentication Filter</filter-name>
<url-pattern>/faces/jsp/admin/system-info.jsp</url-pattern>
</filter-mapping>
 
 
<listener>
<listener-class>org.apache.myfaces.webapp.StartupServletContextListener</listener-class>
</listener>
 
<listener>
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener>
 
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
 
<listener>
<listener-class>org.alfresco.web.app.ContextListener</listener-class>
</listener>
 
<!-- Faces Servlet -->
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
 
<servlet>
<servlet-name>uploadFile</servlet-name>
<servlet-class>org.alfresco.web.app.servlet.UploadFileServlet</servlet-class>
</servlet>
 
<servlet>
<servlet-name>uploadContent</servlet-name>
<servlet-class>org.alfresco.web.app.servlet.UploadContentServlet</servlet-class>
</servlet>
 
<servlet>
<servlet-name>downloadContent</servlet-name>
<servlet-class>org.alfresco.web.app.servlet.DownloadContentServlet</servlet-class>
</servlet>
 
<servlet>
<servlet-name>downloadRawContent</servlet-name>
<servlet-class>org.alfresco.web.app.servlet.DownloadRawContentServlet</servlet-class>
</servlet>
 
<servlet>
<servlet-name>guestDownloadContent</servlet-name>
<servlet-class>org.alfresco.web.app.servlet.GuestDownloadContentServlet</servlet-class>
</servlet>
 
<servlet>
<servlet-name>guestTemplateContent</servlet-name>
<servlet-class>org.alfresco.web.app.servlet.GuestTemplateContentServlet</servlet-class>
</servlet>
 
<servlet>
<servlet-name>externalAccess</servlet-name>
<servlet-class>org.alfresco.web.app.servlet.ExternalAccessServlet</servlet-class>
</servlet>
 
<servlet>
<servlet-name>templateContent</servlet-name>
<servlet-class>org.alfresco.web.app.servlet.TemplateContentServlet</servlet-class>
</servlet>
 
<servlet>
<servlet-name>commandServlet</servlet-name>
<servlet-class>org.alfresco.web.app.servlet.CommandServlet</servlet-class>
</servlet>
 
<servlet>
<servlet-name>ajaxServlet</servlet-name>
<servlet-class>org.alfresco.web.app.servlet.ajax.AjaxServlet</servlet-class>
</servlet>
 
<servlet>
<servlet-name>axis</servlet-name>
<servlet-class>org.apache.axis.transport.http.AxisServlet</servlet-class>
<load-on-startup>5</load-on-startup>
</servlet>
 
<servlet>
<servlet-name>CXFServlet</servlet-name>
<servlet-class>org.apache.cxf.transport.servlet.CXFServlet</servlet-class>
<load-on-startup>6</load-on-startup>
</servlet>
 
<servlet>
<servlet-name>WebDAV</servlet-name>
<servlet-class>org.alfresco.repo.webdav.WebDAVServlet</servlet-class>
<load-on-startup>5</load-on-startup>
</servlet>
 
<servlet>
<servlet-name>apiServlet</servlet-name>
<servlet-class>org.alfresco.web.scripts.servlet.WebScriptServlet</servlet-class>
<init-param>
<param-name>authenticator</param-name>
<param-value>webscripts.authenticator.basic</param-value>
</init-param>
</servlet>
 
<servlet>
<servlet-name>wcapiServlet</servlet-name>
<servlet-class>org.alfresco.web.scripts.servlet.WebScriptServlet</servlet-class>
<init-param>
<param-name>authenticator</param-name>
<param-value>webscripts.authenticator.webclient</param-value>
</init-param>
</servlet>
 
<servlet>
<servlet-name>portalapiServlet</servlet-name>
<servlet-class>org.alfresco.web.scripts.servlet.WebScriptServlet</servlet-class>
<init-param>
<param-name>authenticator</param-name>
<param-value>webscripts.authenticator.webclient</param-value>
</init-param>
</servlet>
 
<servlet>
<servlet-name>facebookServlet</servlet-name>
<servlet-class>org.alfresco.web.scripts.facebook.FacebookServlet</servlet-class>
<init-param>
<param-name>authenticator</param-name>
<param-value>webscripts.authenticator.facebook</param-value>
</init-param>
</servlet>
 
<servlet>
<servlet-name>fbapiServlet</servlet-name>
<servlet-class>org.alfresco.web.scripts.facebook.FacebookAPIServlet</servlet-class>
<init-param>
<param-name>authenticator</param-name>
<param-value>webscripts.authenticator.facebook</param-value>
</init-param>
</servlet>
 
<servlet>
<servlet-name>proxyServlet</servlet-name>
<servlet-class>org.alfresco.web.scripts.servlet.HTTPProxyServlet</servlet-class>
</servlet>
 
<servlet>
<servlet-name>workflowDefinitionImageServlet</servlet-name>
<servlet-class>org.alfresco.web.app.servlet.WorkflowDefinitionImageServlet</servlet-class>
</servlet>
 
<servlet>
<servlet-name>JBPMDeployProcessServlet</servlet-name>
<servlet-class>org.alfresco.web.app.servlet.JBPMDeployProcessServlet</servlet-class>
</servlet>
 
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
 
<servlet-mapping>
<servlet-name>uploadFile</servlet-name>
<url-pattern>/uploadFileServlet</url-pattern>
</servlet-mapping>
 
<servlet-mapping>
<servlet-name>uploadContent</servlet-name>
<url-pattern>/upload/*</url-pattern>
</servlet-mapping>
 
<servlet-mapping>
<servlet-name>downloadContent</servlet-name>
<url-pattern>/download/*</url-pattern>
</servlet-mapping>
 
<servlet-mapping>
<servlet-name>downloadContent</servlet-name>
<url-pattern>/d/*</url-pattern>
</servlet-mapping>
 
<servlet-mapping>
<servlet-name>downloadRawContent</servlet-name>
<url-pattern>/dr</url-pattern>
</servlet-mapping>
 
<servlet-mapping>
<servlet-name>guestDownloadContent</servlet-name>
<url-pattern>/guestDownload/*</url-pattern>
</servlet-mapping>
 
<servlet-mapping>
<servlet-name>guestDownloadContent</servlet-name>
<url-pattern>/gd/*</url-pattern>
</servlet-mapping>
 
<servlet-mapping>
<servlet-name>templateContent</servlet-name>
<url-pattern>/template/*</url-pattern>
</servlet-mapping>
 
<servlet-mapping>
<servlet-name>templateContent</servlet-name>
<url-pattern>/t/*</url-pattern>
</servlet-mapping>
 
<servlet-mapping>
<servlet-name>guestTemplateContent</servlet-name>
<url-pattern>/guestTemplate/*</url-pattern>
</servlet-mapping>
 
<servlet-mapping>
<servlet-name>guestTemplateContent</servlet-name>
<url-pattern>/gt/*</url-pattern>
</servlet-mapping>
 
<servlet-mapping>
<servlet-name>externalAccess</servlet-name>
<url-pattern>/navigate/*</url-pattern>
</servlet-mapping>
 
<servlet-mapping>
<servlet-name>externalAccess</servlet-name>
<url-pattern>/n/*</url-pattern>
</servlet-mapping>
 
<servlet-mapping>
<servlet-name>commandServlet</servlet-name>
<url-pattern>/command/*</url-pattern>
</servlet-mapping>
 
<servlet-mapping>
<servlet-name>commandServlet</servlet-name>
<url-pattern>/c/*</url-pattern>
</servlet-mapping>
 
<servlet-mapping>
<servlet-name>ajaxServlet</servlet-name>
<url-pattern>/ajax/*</url-pattern>
</servlet-mapping>
 
<servlet-mapping>
<servlet-name>axis</servlet-name>
<url-pattern>/api/*</url-pattern>
</servlet-mapping>
 
<servlet-mapping>
<servlet-name>CXFServlet</servlet-name>
<url-pattern>/cmis/*</url-pattern>
</servlet-mapping>
 
<servlet-mapping>
<servlet-name>WebDAV</servlet-name>
<url-pattern>/webdav/*</url-pattern>
</servlet-mapping>
 
<servlet-mapping>
<servlet-name>apiServlet</servlet-name>
<url-pattern>/service/*</url-pattern>
</servlet-mapping>
 
<servlet-mapping>
<servlet-name>apiServlet</servlet-name>
<url-pattern>/s/*</url-pattern>
</servlet-mapping>
 
<servlet-mapping>
<servlet-name>wcapiServlet</servlet-name>
<url-pattern>/wcservice/*</url-pattern>
</servlet-mapping>
 
<servlet-mapping>
<servlet-name>wcapiServlet</servlet-name>
<url-pattern>/wcs/*</url-pattern>
</servlet-mapping>
 
<servlet-mapping>
<servlet-name>portalapiServlet</servlet-name>
<url-pattern>/168service/*</url-pattern>
</servlet-mapping>
 
<servlet-mapping>
<servlet-name>portalapiServlet</servlet-name>
<url-pattern>/168s/*</url-pattern>
</servlet-mapping>
 
<servlet-mapping>
<servlet-name>facebookServlet</servlet-name>
<url-pattern>/facebook/*</url-pattern>
</servlet-mapping>
 
<servlet-mapping>
<servlet-name>facebookServlet</servlet-name>
<url-pattern>/fb/*</url-pattern>
</servlet-mapping>
 
<servlet-mapping>
<servlet-name>fbapiServlet</servlet-name>
<url-pattern>/fbservice/*</url-pattern>
</servlet-mapping>
 
<servlet-mapping>
<servlet-name>fbapiServlet</servlet-name>
<url-pattern>/fbs/*</url-pattern>
</servlet-mapping>
 
<servlet-mapping>
<servlet-name>proxyServlet</servlet-name>
<url-pattern>/proxy</url-pattern>
</servlet-mapping>
 
<servlet-mapping>
<servlet-name>JBPMDeployProcessServlet</servlet-name>
<url-pattern>/jbpm/deployprocess</url-pattern>
</servlet-mapping>
 
<servlet-mapping>
<servlet-name>workflowDefinitionImageServlet</servlet-name>
<url-pattern>/workflowdefinitionimage/*</url-pattern>
</servlet-mapping>
 
<session-config>
<session-timeout>60</session-timeout>
</session-config>
 
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
 
<error-page>
<exception-type>java.lang.Exception</exception-type>
<location>/jsp/error.jsp</location>
</error-page>
 
</web-app>

Re: NTLM and CIFS configuration

Thank you Jesus, thank you Lord, thank you thank you thank you.

I looked at the "Event Viewer" from "My Computer" -> "Manage", and saw this:

Quote:
There were password errors using the Credential Manager. To remedy, launch the Stored User Names and Passwords control panel applet, and reenter the password for the credential MYDOMAIN\admin.

so turns out my computer stored the wrong credentials... MUST BE CORRECTED!
Now it works =) Thanks for the useful article, mindthegab.

Re: NTLM and CIFS configuration

Hi mindthegab,
I am using Alfresco3.3 Community edition. I am using it as a standalone server wihtout deploying it with any other portal servers.
I wanna integrate it with NTLM.

I saw your post. In my web.xml file in Alfresco\tomcat\webapps\alfresco\WEB-INF i cant find the following filter
--

Authentication Filter
org.alfresco.web.app.servlet.AuthenticationFilter

--

It is having another filter class "org.alfresco.repo.web.filter.beans.BeanProxyFilter".

How can i change it.

I dont find the file "ntlm-authentication-context.xml".

Is there any other way to enable NTLM authentication and sso with Alfresco 3.3 as a standalone server

Thanks in advance

Re: NTLM and CIFS configuration

You need to use instructions for newer Alfresco versions 3.2+. Quick google search on active directory integration will point you to what you need.

forums index