Combination View Flat View Tree View
Threads [ Previous | Next ]
toggle
Configuring Liferay 6.0.6 with NTLM Mahesh Kumar June 29, 2011 8:36 AM
RE: Configuring Liferay 6.0.6 with NTLM Mourad EF August 10, 2011 1:33 AM
RE: Configuring Liferay 6.0.6 with NTLM Sam Collett August 10, 2011 6:35 AM
RE: Configuring Liferay 6.0.6 with NTLM Sreeraj AV August 26, 2011 10:55 AM
RE: Configuring Liferay 6.0.6 with NTLM Shuaib K August 28, 2011 11:32 PM
RE: Configuring Liferay 6.0.6 with NTLM Sreeraj AV August 29, 2011 12:20 AM
RE: Configuring Liferay 6.0.6 with NTLM Shuaib K August 29, 2011 2:47 AM
RE: Configuring Liferay 6.0.6 with NTLM Sreeraj AV August 29, 2011 4:55 AM
RE: Configuring Liferay 6.0.6 with NTLM Shuaib K September 3, 2011 10:55 PM
RE: Configuring Liferay 6.0.6 with NTLM Sreeraj AV September 3, 2011 11:00 PM
RE: Configuring Liferay 6.0.6 with NTLM Shuaib K September 3, 2011 11:27 PM
RE: Configuring Liferay 6.0.6 with NTLM Sreeraj AV September 4, 2011 5:36 AM
RE: Configuring Liferay 6.0.6 with NTLM Shuaib K September 5, 2011 12:20 AM
RE: Configuring Liferay 6.0.6 with NTLM Sreeraj AV September 5, 2011 4:19 AM
RE: Configuring Liferay 6.0.6 with NTLM Shuaib K September 5, 2011 4:31 AM
RE: Configuring Liferay 6.0.6 with NTLM Sreeraj AV September 5, 2011 4:39 AM
RE: Configuring Liferay 6.0.6 with NTLM Shuaib K September 5, 2011 11:46 PM
RE: Configuring Liferay 6.0.6 with NTLM Shuaib K September 10, 2011 9:32 PM
RE: Configuring Liferay 6.0.6 with NTLM Tom C September 14, 2011 1:14 PM
RE: Configuring Liferay 6.0.6 with NTLM Shuaib K September 14, 2011 11:53 PM
RE: Configuring Liferay 6.0.6 with NTLM Shuaib K September 15, 2011 5:18 AM
RE: Configuring Liferay 6.0.6 with NTLM Mahendra Mahakle May 16, 2012 2:48 AM
RE: Configuring Liferay 6.0.6 with NTLM Marc sdsdsss August 31, 2011 3:19 AM
Mahesh Kumar
Configuring Liferay 6.0.6 with NTLM
June 29, 2011 8:36 AM
Answer

Mahesh Kumar

Rank: New Member

Posts: 1

Join Date: June 29, 2011

Recent Posts

Hello Community,

i have installed Liferay 6.0.6 CE bundled with tomcat 6.0.
I'm trying to configure NTLM with Liferay 6.0.6. I have followed the documentation which is available in the web.
according to the documentation, I have created a Serice Account in AD to use NTLM for authentication.
But, I'm getting the following error :
15:05:35,968 ERROR [NtlmFilter:214] Unable to perform NTLM authentication
com.liferay.portal.security.ntlm.NtlmLogonException: Session key negotiation failed
at com.liferay.portal.security.ntlm.NetlogonConnection.connect(NetlogonConnection.java:112)
at com.liferay.portal.security.ntlm.Netlogon.logon(Netlogon.java:54)
at com.liferay.portal.security.ntlm.NtlmManager.authenticate(NtlmManager.java:70)
at com.liferay.portal.servlet.filters.sso.ntlm.NtlmFilter.processFilter(NtlmFilter.java:209)
at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:123)

The LDAP authentication works fine without NTLM. After configuring NTLM i'm getting the above error.
Can anyone please help me how to resolve this error?
Also is it required to change anything in the web.xml file for configuring NTLM with Liferay6.0.6 as it has already ntlmv2filter i guess?

Thanks,
Mahesh
Mourad EF
RE: Configuring Liferay 6.0.6 with NTLM
August 10, 2011 1:33 AM
Answer

Mourad EF

Rank: New Member

Posts: 21

Join Date: February 12, 2011

Recent Posts

Hello,
Did you resolve your problem ?

thanks
Sam Collett
RE: Configuring Liferay 6.0.6 with NTLM
August 10, 2011 6:35 AM
Answer

Sam Collett

Rank: Junior Member

Posts: 58

Join Date: November 13, 2008

Recent Posts

I've also been trying to get NTLM working and the documentation on doing it is not that great (since it doesn't work).

It sounds like NTLM has not been fully tested, because nothing I try seems to work (am on Windows 7, though that shouldn't make a difference). Reluctant to try on live site, since it may prevent me getting in if it is not quite set up right.
Sreeraj AV
RE: Configuring Liferay 6.0.6 with NTLM
August 26, 2011 10:55 AM
Answer

Sreeraj AV

Rank: Regular Member

Posts: 223

Join Date: April 26, 2010

Recent Posts

Mahesh Kumar:
Hello Community,

i have installed Liferay 6.0.6 CE bundled with tomcat 6.0.
I'm trying to configure NTLM with Liferay 6.0.6. I have followed the documentation which is available in the web.
according to the documentation, I have created a Serice Account in AD to use NTLM for authentication.
But, I'm getting the following error :
15:05:35,968 ERROR [NtlmFilter:214] Unable to perform NTLM authentication
com.liferay.portal.security.ntlm.NtlmLogonException: Session key negotiation failed
at com.liferay.portal.security.ntlm.NetlogonConnection.connect(NetlogonConnection.java:112)
at com.liferay.portal.security.ntlm.Netlogon.logon(Netlogon.java:54)
at com.liferay.portal.security.ntlm.NtlmManager.authenticate(NtlmManager.java:70)
at com.liferay.portal.servlet.filters.sso.ntlm.NtlmFilter.processFilter(NtlmFilter.java:209)
at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:123)

The LDAP authentication works fine without NTLM. After configuring NTLM i'm getting the above error.
Can anyone please help me how to resolve this error?
Also is it required to change anything in the web.xml file for configuring NTLM with Liferay6.0.6 as it has already ntlmv2filter i guess?

Thanks,
Mahesh


There is no need to editing any file(web.xml/java file) if you have installed AD in windows 2003 server machine.

but If it is installed in windows 2008 server then you need to modify a java file.. see this link

anyway in both cases you have to create a service account in the AD (ie a Computer account) and set its password using a vbscript.
Shuaib K
RE: Configuring Liferay 6.0.6 with NTLM
August 28, 2011 11:32 PM
Answer

Shuaib K

Rank: New Member

Posts: 19

Join Date: August 6, 2011

Recent Posts

Hi Raju,

I am using CE 6.0.6 and haven't changed any java files or web.xml. Just enabled NTLM using the Portal Settings screen and set the domain and service account information there. The AD used is 2003 and the LDAP imports all the users from it. I have created a service account and set its password using the vbscript found here : http://www.liferay.com/community/wiki/-/wiki/Main/NTLMv2+SSO+Configuration . It still goes to the login page whenever you browse to the Liferay portal. Am I missing something? Please help. Thanks.
Sreeraj AV
RE: Configuring Liferay 6.0.6 with NTLM
August 29, 2011 12:20 AM
Answer

Sreeraj AV

Rank: Regular Member

Posts: 223

Join Date: April 26, 2010

Recent Posts

Shuaib K:
Hi Raju,

I am using CE 6.0.6 and haven't changed any java files or web.xml. Just enabled NTLM using the Portal Settings screen and set the domain and service account information there. The AD used is 2003 and the LDAP imports all the users from it. I have created a service account and set its password using the vbscript found here : http://www.liferay.com/community/wiki/-/wiki/Main/NTLMv2+SSO+Configuration . It still goes to the login page whenever you browse to the Liferay portal. Am I missing something? Please help. Thanks.


hmm.. vbscript given by the liferay was not working for me... so i modified and it works fine.. I have attached the modified vbscript file..
u have to pass password with the argument line... First argument is service account details and second argument is password. chk the attached image how to use the vbscript.. you ll get "Password is set!!.." message if everything goes correct...

i hope you are giving ldap server host name in the Domain Controller Name field


WScript.echo "Hello World!!... "
Dim strArgument, strPassword

strArgument = WScript.arguments.item(0)
strPassword = WScript.arguments.item(1)

Set objComputer = GetObject("LDAP://" & strArgument)
objComputer.SetPassword strPassword

WScript.Echo "Password is set!!.."
WScript.Quit
Attachment

Attachments: helloworld.vbs (0.3k), scriptRun.PNG (6.3k)
Shuaib K
RE: Configuring Liferay 6.0.6 with NTLM
August 29, 2011 2:47 AM
Answer

Shuaib K

Rank: New Member

Posts: 19

Join Date: August 6, 2011

Recent Posts

I ran your vb code and it still goes to the login page when you browse to Liferay portal on IE (ver. 6). Following are the settings on the NTLM Portal Settings screen:

Domain Controller: 192.168.1.12
Domain Controller Name: testdc.testgroup.local
Domain: testgroup.local
Service Account: Liferay
Service Password: lfr1234

Following are the settings on the LDAP screen:

Base Provider URL: ldap://testdc:389
Base DN: ou=Test Users,dc=testgroup,dc=local
Principal: testwebservices@testgroup.local
Credentials: *********

Is there anything else that need to be set?
Sreeraj AV
RE: Configuring Liferay 6.0.6 with NTLM
August 29, 2011 4:55 AM
Answer

Sreeraj AV

Rank: Regular Member

Posts: 223

Join Date: April 26, 2010

Recent Posts

Shuaib K:
I ran your vb code and it still goes to the login page when you browse to Liferay portal on IE (ver. 6). Following are the settings on the NTLM Portal Settings screen:

Domain Controller: 192.168.1.12
Domain Controller Name: testdc.testgroup.local
Domain: testgroup.local
Service Account: Liferay
Service Password: lfr1234

Following are the settings on the LDAP screen:

Base Provider URL: ldap://testdc:389
Base DN: ou=Test Users,dc=testgroup,dc=local
Principal: testwebservices@testgroup.local
Credentials: *********

Is there anything else that need to be set?


chk the atatched images..
Attachment

Attachment

Attachments: AD Server SSO Config.png (84.9k), liferay SSO config.png (102.8k)
Marc sdsdsss
RE: Configuring Liferay 6.0.6 with NTLM
August 31, 2011 3:19 AM
Answer

Marc sdsdsss

Rank: New Member

Posts: 1

Join Date: August 31, 2011

Recent Posts

Hi,
i've similar problem, u resolved ?

Tnk
Marco
Shuaib K
RE: Configuring Liferay 6.0.6 with NTLM
September 3, 2011 10:55 PM
Answer

Shuaib K

Rank: New Member

Posts: 19

Join Date: August 6, 2011

Recent Posts

In the Liferay NTLM Settings, I see that you have used a $ character in the Service Account field. Is that needed? Also, is it case sensitive? Let me know. thanks.
Sreeraj AV
RE: Configuring Liferay 6.0.6 with NTLM
September 3, 2011 11:00 PM
Answer

Sreeraj AV

Rank: Regular Member

Posts: 223

Join Date: April 26, 2010

Recent Posts

Shuaib K:
In the Liferay NTLM Settings, I see that you have used a $ character in the Service Account field. Is that needed? Also, is it case sensitive? Let me know. thanks.



yep... u should use $@ characters in between service account and domain name.

I think only password is case sensitive..
Shuaib K
RE: Configuring Liferay 6.0.6 with NTLM
September 3, 2011 11:27 PM
Answer

Shuaib K

Rank: New Member

Posts: 19

Join Date: August 6, 2011

Recent Posts

One other thing, should the vbs code be run for the computer where the liferay is installed? If so, why do we need to set a password when that machine is already configured in the Domain Controller? The tutorial on Liferay talks about creating a computer account on AD. But it doesn't talk about a physical computer that account relates to. I am confused. Please help.
Sreeraj AV
RE: Configuring Liferay 6.0.6 with NTLM
September 4, 2011 5:36 AM
Answer

Sreeraj AV

Rank: Regular Member

Posts: 223

Join Date: April 26, 2010

Recent Posts

Shuaib K:
One other thing, should the vbs code be run for the computer where the liferay is installed? If so, why do we need to set a password when that machine is already configured in the Domain Controller? The tutorial on Liferay talks about creating a computer account on AD. But it doesn't talk about a physical computer that account relates to. I am confused. Please help.


I ran VB Script from the AD installed machine...

i dont know more about physical computer account...
Shuaib K
RE: Configuring Liferay 6.0.6 with NTLM
September 5, 2011 12:20 AM
Answer

Shuaib K

Rank: New Member

Posts: 19

Join Date: August 6, 2011

Recent Posts

Hi Raju,

Thanks for all the prompt replies. I have set everything as shown in your screenshots and on the liferay installed machine I get the attached error when trying to login as another domain user by right-clicking on the Internet Explorer icon and clicking on 'Run as...'. This happened after I ran the vb script. Please help!
Attachment

Attachments: Liferay_Error1.jpg (41.0k)
Sreeraj AV
RE: Configuring Liferay 6.0.6 with NTLM
September 5, 2011 4:19 AM
Answer

Sreeraj AV

Rank: Regular Member

Posts: 223

Join Date: April 26, 2010

Recent Posts

Shuaib K:
Hi Raju,

Thanks for all the prompt replies. I have set everything as shown in your screenshots and on the liferay installed machine I get the attached error when trying to login as another domain user by right-clicking on the Internet Explorer icon and clicking on 'Run as...'. This happened after I ran the vb script. Please help!



plz check this Microsoft article.... http://support.microsoft.com/kb/162797..
Shuaib K
RE: Configuring Liferay 6.0.6 with NTLM
September 5, 2011 4:31 AM
Answer

Shuaib K

Rank: New Member

Posts: 19

Join Date: August 6, 2011

Recent Posts

I did check that article but no success. did you face a similar error?

We set the computer account password through the vb script and according to Microsoft, the domain controller changes this password every 30 days. Is there a way to disable this password change?
Sreeraj AV
RE: Configuring Liferay 6.0.6 with NTLM
September 5, 2011 4:39 AM
Answer

Sreeraj AV

Rank: Regular Member

Posts: 223

Join Date: April 26, 2010

Recent Posts

Shuaib K:
I did check that article but no success. did you face a similar error?

We set the computer account password through the vb script and according to Microsoft, the domain controller changes this password every 30 days. Is there a way to disable this password change?



I didnt get any error msg.. i guess service account will never expire.. only user account will get expire after some time limit.. that's why liferay uses service account for NTLM configuration
Shuaib K
RE: Configuring Liferay 6.0.6 with NTLM
September 5, 2011 11:46 PM
Answer

Shuaib K

Rank: New Member

Posts: 19

Join Date: August 6, 2011

Recent Posts

Thank you Raju for all your help. I was able to fix the above issue. I disjoined the Liferay installed machine from the domain and then rejoined. I then created a new computer account on the Active Directory server and set the password to this account by running the vbscript. This computer account does not have any physical computer/node assigned to it. It's just a standalone account! I set this account details on the Liferay portal NTLM settings screen and then restarted the Tomcat server and to my surprise the Single Sign On started working.

However, I have one problem though. With the above changes, when I browse to the Liferay portal on Internet Explorer, I get the default login page. I then have to click on the 'Sign In' link at the top right corner of the page in order to get to the welcome page of the logged-in user without entering in any user name or password. Is this how the Single Sign On works in Liferay? Isn't there any way to go to the welcome page directly as soon as you enter in the Liferay portal URL on your browser? There should be a way to bypass the default login page. Please advise.
Shuaib K
RE: Configuring Liferay 6.0.6 with NTLM
September 10, 2011 9:32 PM
Answer

Shuaib K

Rank: New Member

Posts: 19

Join Date: August 6, 2011

Recent Posts

Anyone please reply to my above query. thanks.
Tom C
RE: Configuring Liferay 6.0.6 with NTLM
September 14, 2011 1:14 PM
Answer

Tom C

Rank: New Member

Posts: 1

Join Date: June 16, 2011

Recent Posts

From past experience, I've had to make the changes to web.xml outlined on the wiki page:

http://www.liferay.com/community/wiki/-/wiki/Main/NTLMv2+SSO+Configuration

<filter>
<filter-name>SSO Ntlm Filter</filter-name>
<filter-class>
com.liferay.portal.servlet.filters.sso.ntlm.Ntlmv2Filter
</filter-class>
</filter>

<filter-mapping>
<filter-name>SSO Ntlm Filter</filter-name>
<url-pattern>/c/portal/login</url-pattern>
</filter-mapping>
Note : default filter-mapping values is “/c/portal/login”. But if you need that any time user make request then first user needs to be authenticated if not authenticated then changed value like “/”. And you need to do minor customization in NTLMv2Filter replace following line.

if ((path != null) && path.endsWith("/login"))
with
if (path != null)

I've used <url-pattern>/c/portal/login</url-pattern> and also <url-pattern>/*</url-pattern>. My users have had a more consistent experience with the latter url-pattern. I've read about performance hits for the setting but it has little, if any, impact on my small deployment (Win2003 AD).

Hope that helps!
Shuaib K
RE: Configuring Liferay 6.0.6 with NTLM
September 14, 2011 11:53 PM
Answer

Shuaib K

Rank: New Member

Posts: 19

Join Date: August 6, 2011

Recent Posts

I couldn't find the NTLMV2Filter source file anywhere in the Liferay source code folder. Where is it located?
Shuaib K
RE: Configuring Liferay 6.0.6 with NTLM
September 15, 2011 5:18 AM
Answer

Shuaib K

Rank: New Member

Posts: 19

Join Date: August 6, 2011

Recent Posts

Btw, I am using Liferay 6.0.6 CE and I see no file named NTLMv2Filter.java in the source code folder. Let me know. Thanks.
Mahendra Mahakle
RE: Configuring Liferay 6.0.6 with NTLM
May 16, 2012 2:48 AM
Answer

Mahendra Mahakle

Rank: Junior Member

Posts: 81

Join Date: March 14, 2011

Recent Posts

Hi Sreeraj,

I am unable to set passowrd to service account.I have used following command line.
c:/>cscript setPasswordScript.vbs CN=machine02,OU=Users,OU=Technology,OU=Corporate" "Group,OU=Mumbai,DC=ad,DC=crisil,DC=com password_123

Then it is giving me error as " C:\setPasswordScript.vbs(5, 1) (null): There is no such object on the server.
"
I am running above script from my liferay server machine.Am i right?

please tell me whats wrong with me?.

Thanks,
Mahendra Mahakle