Cannot login anymore on Alfresco

cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Active Member II

Cannot login anymore on Alfresco

Jump to solution

Hi guys,

I have the following problem with my alfresco instance: the login page in alfresco returns the following message

Your authentication details have not been recognized or Alfresco may not be available at this time.

The alfresco installation has the following details:

1. CentOS 6 (up to date) 

2. Postgres 9.3 (up to date) 

3. Apache 7.0.6

4. Alfresco ver 5.0d

I use AD connection for user management, the AD is up and running and accessible from the Alfresco machine.

Up to 5 hours ago, I had no problem with it. 

I've tried shutting it down and restart it (also postgres and apache server) with no success.

I got no errors in the log files - see them attached.

The alfresco app is running (http://server:8080/alfresco, I cannot login to console, because I don't have the initial admin password)

 

Can anyone help me on this?

1 Solution

Accepted Solutions
Highlighted
Senior Member

Re: Cannot login anymore on Alfresco

Jump to solution

your ldap config is not correct. Please fix that following the docs I linked. At least your userNameFormat will expect all the users in ou=users,dc=domain,dc=intern.

View solution in original post

14 Replies
Highlighted
Moderator
Moderator

Re: Cannot login anymore on Alfresco

Jump to solution

Could you see any errors in alfresco.log, share.log and catalina.out ? 

Can you also try <host>:<port>/alfresco/service/api/login?u=<userName>&pw=<password>  api call to see if you are getting response from repository 

~Abhinav
(ACSCE, AWS SAA-C02, GAIQ)
Highlighted
Active Member II

Re: Cannot login anymore on Alfresco

Jump to solution

Hi Abhinav,

No error in the logs (are attached to the post).

The response from the repository is this

<response>
<status>
<code>403</code>
<name>Forbidden</name>
<description> Server understood the request but refused to fulfill it. </description>
</status>
<message>06100727 Login failed</message>
<exception/>
<callstack> </callstack>
<server>Community v5.0.0 (d r99759-b2) schema 8,022</server>
<time>Jul 10, 2019 6:01:28 PM</time>
</response>

I think it's ok (I don't know the initial admin password, and password of admin account configured in AD is not accepted.)

Also I don't think there is a problem with the AD connection, the sync job is working fine - see below the log entries

2019-07-10 17:45:00,105 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-9] Synchronizing users and groups with user registry 'ldap1'
2019-07-10 17:45:00,106 WARN [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-9] Full synchronization with user registry 'ldap1'
2019-07-10 17:45:00,106 WARN [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-9] Some users and groups previously created by synchronization with this user registry may be removed.
2019-07-10 17:45:00,147 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-9] Retrieving all groups from user registry 'ldap1'
2019-07-10 17:45:00,152 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-9] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Commencing batch of 0 entries
2019-07-10 17:45:00,152 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-9] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Completed batch of 0 entries
2019-07-10 17:45:00,185 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-9] Retrieving users changed since Jul 10, 2019 11:05:30 AM from user registry 'ldap1'
2019-07-10 17:45:00,188 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-9] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Commencing batch of 1 entries
2019-07-10 17:45:00,521 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-9] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Processed 1 entries out of 1. 100% complete. Rate: 3 per second. 0 failures detected.
2019-07-10 17:45:00,521 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-9] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Completed batch of 1 entries
2019-07-10 17:45:00,531 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-9] Finished synchronizing users and groups with user registry 'ldap1'
2019-07-10 17:45:00,531 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [DefaultScheduler_Worker-9] 1 user(s) and 0 group(s) processed

Highlighted
Moderator
Moderator

Re: Cannot login anymore on Alfresco

Jump to solution

OOTB Default admin account should still work. The default user name is: admin and default password: admin

Repo auth api : http://127.0.0.1:8080/alfresco/service/api/login?u=admin&pw=admin

This should return alf_ticket if login is successful. The default admin password is also part of tomcat/shared/classes/alfresco-global.properties file. Its MD4 encrypted. You can decrypt it if required. but in general admin:admin is the default user name and password. Give it a try.

~Abhinav
(ACSCE, AWS SAA-C02, GAIQ)
Highlighted
Active Member II

Re: Cannot login anymore on Alfresco

Jump to solution

I've tried and the same response - Login failed Smiley Sad.

in catalina.out i got this line:

2019-07-10 19:02:26,347 INFO [web.site.EditionInterceptor] [ajp-apr-8009-exec-3] Unable to retrieve License information from Alfresco: 401

Also I've modified the alfresco-global.properties file to use de default authentication (authentication.chain=alfrescoNtlm1:alfrescoNtlm) with the same result - login failed.

But this time the licence was retrieved successfully

2019-07-10 19:11:26,302 INFO [web.site.EditionInterceptor] [ajp-apr-8009-exec-4] Successfully retrieved license information from Alfresco.

Any ideas?

Highlighted
Senior Member II

Re: Cannot login anymore on Alfresco

Jump to solution

Check this url :   http://127.0.0.1:8080/alfresco.

If it is not working that means your repo is not started.

Thanks & Regards,
Sanjay
Highlighted
Active Member II

Re: Cannot login anymore on Alfresco

Jump to solution

Hi Sanjay,

The repo is running (I mean the url is accessible). But I cannot login to the alfresco console. I've reset the admin password and no success either. 

Highlighted
Senior Member

Re: Cannot login anymore on Alfresco

Jump to solution

It looks like share cant connect to alfresco. First of all check connections.

Second give us to see configuration of Authentication subsystem and authentication chain. I can't see initialization of alfrescoNtlm subsystem, so you couldn't login by native Alfresco user 'admin'.

Highlighted
Senior Member

Re: Cannot login anymore on Alfresco

Jump to solution

your logs look OK. Do you have the alfresco internal auth system in your authentication chain?

e.g.

authentication.chain=ldap-ad1:ldap-ad,alfrescoNtlm1:alfrescoNtlm

you could set another internal user you know the password of as admin in your alfresco-global.properties - e.g. user test:

alfresco_user_store.adminusername=test‍

or

you write an well known password MD4 hash directly into the database. If you decide to change the password in the db you need to restart alfresco.

e.g. to change the admin password to 'admin':

echo -n "admin" | openssl md4 | awk '{print $2}'
f9d4049dd6a4dc35d40e5265954b2a46‍‍

check https://docs.alfresco.com/community/concepts/admin-password.html for details

EDIT: removed SQL and added link to documentation

Highlighted
Active Member II

Re: Cannot login anymore on Alfresco

Jump to solution

Hi guys,

A little success  - I've managed to log in (both in alfresco console and share) with the admin user and pass set up in ldap.

I had to change the below line from false to true:

ldap.authentication.active=false -> ldap.authentication.active=true

But with the rest of the users I get the same error message.

Here is the Authentication settings from alfresco-global.properties:

### Authentication chains
authentication.chain=passthru1Smiley Tongueassthru,ldap1:ldap-ad

#ntlm.authentication.sso.enabled=false
#ntlm.authentication.authenticateCIFS=false
#alfresco.authentication.authenticateCIFS=false
#alfresco.authentication.allowGuestLogin=false

### Passthru settings
passthru.authentication.sso.enabled=false
passthru.authentication.allowGuestLogin=false
passthru.authentication.authenticateFTP=false
passthru.authentication.servers=SERVER_NAME\\192.168.1.254,192.168.1.254
passthru.authentication.domain=
passthru.authentication.guestAccess=false
passthru.authentication.defaultAdministratorUserNames=admin
passthru.authentication.connectTimeout=5000
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=TCPIP
passthru.authentication.authenticateCIFS=true

ldap.authentication.active=true
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.java.naming.provider.url=ldap://192.168.1.254:389
ldap.authentication.userNameFormat=cn\=%s,ou\=users,dc\=domain_name,dc\=intern
ldap.authentication.defaultAdministratorUsernNames=admin
ldap.authentication.java.naming.security.principal=admin@domain
ldap.authentication.java.naming.security.credentials=12345678

ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=admin@doman
ldap.synchronization.java.naming.security.credentials=12345678
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.userSearchBase=ou\=users,dc\=domain,dc\=intern
ldap.synchronization.groupSearchBase=ou\=users,dc\=domain,dc\=intern
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.groupIdAttributeName=cn

synchronization.synchronizeChangesOnly=true
synchronization.import.cron=0 0/15 * * * ?