Hello. Made setting for communication Alfresco with Active Directory on windows 2012, all users were transferred to alfresco, was created for each home user space and there is an opportunity to be authorized by the domain user through a web browser, but authorization through the Windows Explorer works only for the users added manually in Alfresco. Tell me how to make it possible to log in and domain users through Windows Explorer. Integration with Active Directory made by adding in /alfresco-global.properties of the following records:
# MS Active Directory Integration
authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap-ad
ntlm.authentication.sso.enabled=false
ldap.authentication.active=true
ldap.authentication.allowGuestLogin=true
ldap.authentication.userNameFormat=%s@domain.lan
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://dc.domain.lan:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=admin
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=admin@domain.lan
ldap.synchronization.java.naming.security.credentials=password
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.attributeBatchSize=1000
ldap.synchronization.groupQuery=(objectclass\=group)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(whenChanged<\={0})))
ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(whenChanged<\={0})))
ldap.synchronization.groupSearchBase=DC\=domain,DC\=lan
ldap.synchronization.userSearchBase=DC\=domain,DC\=lan
ldap.synchronization.modifyTimestampAttributeName=whenChanged
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=cn
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProviderr
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupDisplayNameAttributeName=displayName
ldap.synchronization.groupType=group
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.enableProgressEstimation=true
ldap.authentication.java.naming.read.timeout=5000
If you have AD configured and you can successfully log in to Alfresco Share as one of the AD users, then you already have what you need to be able to map a drive from Windows Explorer using WebDAV. The URL would look something like:
http://localhost:8080/alfresco/webdav
When Windows prompts you for your credentials, provide your AD username and password and it will work.
If instead what you want is to automatically log in a user who is already logged in to the Windows domain, then what you need is to configure Alfresco for Kerberos authentication which is covered in the documentation here:
https://docs.alfresco.com/6.0/concepts/auth-kerberos-intro.html
The fact is that when you try to go to: http://IP:8080/alfresco/webdav through any web browser, domain user authorization works and the directory listing and home user space is opened. For windows Explorer:
Open up Windows Explorer and click 'Map network drive'
Click 'Connect to a Web site that you can use to store your documents and pictures'
Click 'Next' twice in the windows that opens.
http://IP:8080/alfresco/webdav
error is "windows cannot access"
Have you done the steps outlined in the "Kerberos Client Config for WebDAV" section here:
https://docs.alfresco.com/5.2/concepts/auth-kerberos-clientconfig.html
Thank you, I completed the steps in the "Kerberos Client Config for WebDAV" section now began to appear the authorization window to the alfresco server, but you can only log in by a user created in alfresco itself, domain users can not log in. Through a web browser authorization of domain users works
Did you try UNC path \\hostname@8080\alfresco\webdav\ ?
Additionally there are some Windows requirements for the "Web Client" windows services which is handling the communication between windows explorer and the webdav server (Alfresco) using IE.
I highly recommend to use https with trusted certs and port 443 to work around these restrictions.
Additionally if your clients don't have a proxy configured in IE and you use FQN hostname you need to configure AuthForwardServerList in Windows.
Be careful by using sso (kerberos.authentication.sso.enabled=true): Alfresco does not support fallback to "normal" authentication which may lock out non domain members.
"AuthForwardServerList" is configured. I tried UNC path \\ hostname @ 8080 \ alfresco \ webdav \, also changed the value of the BasicAuthLevel parameter to 2 in HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ WebClient \ Parameters. The result is the same, I can’t log in as a domain user.
Make shure WebClient service is started.
https://docs.alfresco.com/5.2/concepts/troubleshoot-webdav.html
p.s. for microsoft clients alfresco recomend use aos insted webdav. Try http://localhost:8080/alfresco/aos
Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.
Related links:
By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods). If you are not ok with these terms, please do not use this website.