cancel
Showing results for 
Search instead for 
Did you mean: 

Windows 7 Broke my CIFS (3.2r2)

ofrxnz
Champ in-the-making
Champ in-the-making
So, i have Alfresco 3.2r2 configured to use Kerberos against Active directory (2k3r2)

HTTP authentication works (non-sso)
CIFS authentication on XP-SP3 works flawsley (sso)

but, when i try to use a domin Windows 7 box, i get different errors

if i use \\server \\server.domain.tld i receive a popup that says "the specified server cannot perform the requested operation."

and if i use \\server\alfresco or \\server.domain.tld\alfresco i receive the never ending log in prompt that always comes back as a bad password.

I have followed the procedure http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems#Kerberos several times and since it works in XP i assume everything is fine. 

The logs indicate that i successfully authenticated against alfresco but im guessing windows 7 isn't playing nice. 

Does anyone know anywhere to look in windows 7? registry tweeks, etc?  The XP box sitting next to me works flawlessly. 

I configured acceptable kerberos encryption types in local security policy to "RC4_HMAC_MD5, AES128_HMAC_SHA, AES256_HMAC_SHA11 and future encryption types" i have also tried "no minimum" but this didn't do the trick

maybe there is some strange network security thing since, the server is on a different subnet and probably using a different AD server than the client (more than one replicating)

Thanks in advance

Adam


some log bits
10:57:24,493 DEBUG [org.alfresco.smb.protocol.auth] Logged on using principal cifs/server.domain.tld@DOMAIN.TLD10:57:24,493 DEBUG [org.alfresco.smb.protocol.auth] Enabling mechTypes :-10:57:24,493 DEBUG [org.alfresco.smb.protocol.auth]   Kerberos510:57:24,493 DEBUG [org.alfresco.smb.protocol.auth]   MS-Kerberos5…11:00:51,726 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup SPNEGO, MID=8, UID=0, PID=6527911:00:52,064 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction11:00:52,069 DEBUG [org.alfresco.smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=1220,Authenticator=EncType=23,Kvno=-1,Len=338]11:00:52,071 DEBUG [org.alfresco.smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ11:00:52,333 DEBUG [org.alfresco.smb.protocol.auth] Using OID MS Kerberos5 for NegTokenTarg11:00:52,338 DEBUG [org.alfresco.smb.protocol.auth] Created NegTokenTarg using updated AP-REP, added subkey11:00:52,339 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction11:00:52,341 DEBUG [org.alfresco.smb.protocol.auth] Logged on using Kerberos, user real.user11:00:52,343 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction11:00:52,566 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction11:00:52,790 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup SPNEGO, MID=16, UID=0, PID=6527911:00:52,867 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction11:00:52,868 DEBUG [org.alfresco.smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=1220,Authenticator=EncType=23,Kvno=-1,Len=338]11:00:52,868 DEBUG [org.alfresco.smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ11:00:53,290 DEBUG [org.alfresco.smb.protocol.auth] Using OID MS Kerberos5 for NegTokenTarg11:00:53,291 DEBUG [org.alfresco.smb.protocol.auth] Created NegTokenTarg using updated AP-REP, added subkey11:00:53,291 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction11:00:53,293 DEBUG [org.alfresco.smb.protocol.auth] Logged on using Kerberos, user real.user11:00:53,294 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction11:00:53,296 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction11:01:06,329 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup SPNEGO, MID=8, UID=0, PID=6527911:01:06,330 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction11:01:06,331 DEBUG [org.alfresco.smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=1220,Authenticator=EncType=23,Kvno=-1,Len=338]11:01:06,331 DEBUG [org.alfresco.smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ11:01:06,333 DEBUG [org.alfresco.smb.protocol.auth] Using OID MS Kerberos5 for NegTokenTarg11:01:06,334 DEBUG [org.alfresco.smb.protocol.auth] Created NegTokenTarg using updated AP-REP, added subkey11:01:06,334 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction11:01:06,336 DEBUG [org.alfresco.smb.protocol.auth] Logged on using Kerberos, user real.user11:01:06,336 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction11:01:06,338 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction11:01:06,404 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup SPNEGO, MID=16, UID=0, PID=6527911:01:06,405 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction11:00:53,296 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction11:01:06,329 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup SPNEGO, MID=8, UID=0, PID=6527911:01:06,330 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction11:01:06,331 DEBUG [org.alfresco.smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=1220,Authenticator=EncType=23,Kvno=-1,Len=338]11:01:06,331 DEBUG [org.alfresco.smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ11:01:06,333 DEBUG [org.alfresco.smb.protocol.auth] Using OID MS Kerberos5 for NegTokenTarg11:01:06,334 DEBUG [org.alfresco.smb.protocol.auth] Created NegTokenTarg using updated AP-REP, added subkey11:01:06,334 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction11:01:06,336 DEBUG [org.alfresco.smb.protocol.auth] Logged on using Kerberos, user real.user11:01:06,336 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction11:01:06,338 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction11:01:06,404 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup SPNEGO, MID=16, UID=0, PID=6527911:01:06,405 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction11:01:06,405 DEBUG [org.alfresco.smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=1220,Authenticator=EncType=23,Kvno=-1,Len=338]11:01:06,406 DEBUG [org.alfresco.smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ11:01:06,408 DEBUG [org.alfresco.smb.protocol.auth] Using OID MS Kerberos5 for NegTokenTarg11:01:06,409 DEBUG [org.alfresco.smb.protocol.auth] Created NegTokenTarg using updated AP-REP, added subkey11:01:06,409 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction11:01:06,409 DEBUG [org.alfresco.smb.protocol.auth] Logged on using Kerberos, user real.user11:01:06,411 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction11:01:06,413 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction11:01:14,063 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup SPNEGO, MID=8, UID=0, PID=6527911:01:14,063 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction11:01:14,064 DEBUG [org.alfresco.smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=1220,Authenticator=EncType=23,Kvno=-1,Len=338]11:01:14,064 DEBUG [org.alfresco.smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ11:01:14,066 DEBUG [org.alfresco.smb.protocol.auth] Using OID MS Kerberos5 for NegTokenTarg11:01:14,066 DEBUG [org.alfresco.smb.protocol.auth] Created NegTokenTarg using updated AP-REP, added subkey11:01:14,066 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction11:01:14,068 DEBUG [org.alfresco.smb.protocol.auth] Logged on using Kerberos, user real.user11:01:14,068 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction11:01:14,070 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction11:01:14,132 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup SPNEGO, MID=16, UID=0, PID=6527911:01:14,133 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction11:01:14,133 DEBUG [org.alfresco.smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=1220,Authenticator=EncType=23,Kvno=-1,Len=338]11:01:14,133 DEBUG [org.alfresco.smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ11:01:14,135 DEBUG [org.alfresco.smb.protocol.auth] Using OID MS Kerberos5 for NegTokenTarg11:01:14,136 DEBUG [org.alfresco.smb.protocol.auth] Created NegTokenTarg using updated AP-REP, added subkey11:01:14,136 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction11:01:14,138 DEBUG [org.alfresco.smb.protocol.auth] Logged on using Kerberos, user real.user11:01:14,138 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction11:01:14,140 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction11:01:14,200 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup SPNEGO, MID=24, UID=0, PID=6527911:01:14,200 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction11:01:14,200 DEBUG [org.alfresco.smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=1220,Authenticator=EncType=23,Kvno=-1,Len=338]11:01:14,200 DEBUG [org.alfresco.smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ11:01:14,202 DEBUG [org.alfresco.smb.protocol.auth] Using OID MS Kerberos5 for NegTokenTarg11:01:14,203 DEBUG [org.alfresco.smb.protocol.auth] Created NegTokenTarg using updated AP-REP, added subkey11:01:14,203 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction11:01:14,204 DEBUG [org.alfresco.smb.protocol.auth] Logged on using Kerberos, user real.user11:01:14,205 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction11:01:14,206 DEBUG [org.alfresco.smb.protocol.auth] Using Write transaction11:01:14,260 DEBUG [org.alfresco.smb.protocol.auth] NT Session setup SPNEGO, MID=32, UID=0, PID=6527911:01:14,260 DEBUG [org.alfresco.smb.protocol.auth] Using Write transactionand it goes on like that….‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍
5 REPLIES 5

ofrxnz
Champ in-the-making
Champ in-the-making
It looks like i am successfully authenticating, so im thinking this is an SMB protocol issue not an authentication.  Any chance this has to do with a SMB Version change? and if so does anyone know how to alter it?

maximus007
Champ in-the-making
Champ in-the-making
Did you find a solution to this? I am getting the same error, even though I have set up NTLM authentication (not kerberos).

clancydamon
Champ in-the-making
Champ in-the-making
Same here. Any way you want to do, Windows XP can map CIFS drives without the slightest issue. Windows 7 keeps telling me bad user name or password for the mapping of the drives. It has to be a security thing, but I wouldn't even know where to start looking.

clancydamon
Champ in-the-making
Champ in-the-making
I don't know what to make of this, but it might help someone with more knowledge.

I have a two machines on my network. One is running windows XP, the other is running windows 7. I log into the windows 7 machine and I cannot map drives to Alfresco spaces. It continually tells me unknown user name or bad password.

I log into the windows XP box using the same user name. I can map alfresco spaces just fine. No problem. I can use them. No problem. I turn back to my windows 7 box, which I have not logged out of. Now, I can map and use the spaces that I have mapped and used on the windows xp box.

I don't know how exactly Alfresco is handling the authentication, but it seems that you only need to authenticate for CIFS once. After that, you don't need to re-authenticate. Something about windows 7 is preventing this initial authentication, and I have no idea what that might be.

clancydamon
Champ in-the-making
Champ in-the-making
Okay, this is just starting to drive me insane. I left my win7 box on and did some other things. I come back after an unknown amount of time and test the drive mapping. Suddenly, CIFS seems fine. So there's a time delay? I restart the box and start testing every couple of minutes to see when that might kick in. After about forty minutes, I give up. I shut down, and again leave the box alone while I do some other things. After an unknown amount of time that is definitely less than forty minutes, I try to map on the win7 box again. CIFS is working now.

So basically, if I leave all of the computers on overnight and try mapping in the morning, everything should work - assuming I never log off again. What the hell?
Welcome to the new Hyland Connect. Get started or submit feedback.