Cannot login anymore on Alfresco

cancel
Showing results for 
Search instead for 
Did you mean: 
marius_dumitrac
Active Member II

Re: Cannot login anymore on Alfresco

Jump to solution

I think the problem is with the AD server - I've stoped the AD server and got the same error at login. Start again the AD server and the admin login works.

I've checked the ldap user format used to retrieve users and it seems ok (the same format from the alfresco-global.properties file).

heiko_robert
Senior Member

Re: Cannot login anymore on Alfresco

Jump to solution

You configured your Alfresco with passthru which is no longer supported and not a good option anyway. You should switch to kerberos. I bet a windows server update killed your passthru authentication with the latest windows update. By enableing ldap authentication you will be able to authenticate users as defined in your ldap config which is:

SearchBase=ou\=users,dc\=domain,dc\=intern

but only the ones sitting directly in users,dc\=domain_name,dc\=intern

please check the ldap-ad properties example which fit better for AD and/or read LDAP configuration properties | Alfresco Documentation 

Cesar also posted link to a blog in another post: Best Practices for Using Active Directory with Alfresco which may help you to get the right track. Do you also use CIFS? If yes you also need to configure kerberos authentication on top.

Additionally you should add alfrescoNtlm to your chain as mentioned before since admin and guest are created in the internal store.

marius_dumitrac
Active Member II

Re: Cannot login anymore on Alfresco

Jump to solution

Hi Robert

You are right, the problem appeared after a windows update.

I've taken out the passthru settings and CIFS ones in the config file and restarted alfresco, but the same problem - admin account can login, the rest of the users not (i get the same error message Your authentication details have not been recognized or Alfresco may not be available at this time.).

 

Do I need to setup kerberos for the login to work properly for the other users? I thought to leave this out for now.

Here is the updated settings file (red line is added as Caesar's post recommends)

### Authentication chains
authentication.chain=ldap1:ldap-ad

ldap.authentication.active=true
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://192.168.19.254:389
ldap.authentication.userNameFormat=cn\=%s,ou\=users,dc\=domain,dc\=intern
ldap.authentication.defaultAdministratorUsernNames=admin
ldap.authentication.java.naming.security.principal=admin@domain
ldap.authentication.java.naming.security.credentials=12345678

ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=admin@domain
ldap.synchronization.java.naming.security.credentials=12345678
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.userSearchBase=ou\=users,dc\=domain,dc\=intern
ldap.synchronization.groupSearchBase=ou\=users,dc\=domain,dc\=intern
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.groupIdAttributeName=cn

synchronization.synchronizeChangesOnly=true
synchronization.import.cron=0 0/15 * * * ?

heiko_robert
Senior Member

Re: Cannot login anymore on Alfresco

Jump to solution

your ldap config is not correct. Please fix that following the docs I linked. At least your userNameFormat will expect all the users in ou=users,dc=domain,dc=intern.

marius_dumitrac
Active Member II

Re: Cannot login anymore on Alfresco

Jump to solution

Hi Robert,

Thanks for help. I've modified the ldap settings as you recommended and now it's up&running.

nilesh
Member II

Re: Cannot login anymore on Alfresco

Jump to solution

Hello Expert, 
Can anyone please help me? trying form last 3 days but had no luck,
alfresco not allowed to log in any user, using community version ( 5.2.g 2001707)

all Subsystems are not starting 


2023-08-10 13:49:40,985 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Stopping 'Replication' subsystem, ID: [Replication, default]
2023-08-10 13:49:40,985 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Stopped 'Replication' subsystem, ID: [Replication, default]

and I'm using alfreco native authentication method default one. 


@heiko_robert wrote:

your ldap config is not correct. Please fix that following the docs I linked. At least your userNameFormat will expect all the users in ou=users,dc=domain,dc=intern.