Foros de discusión
Liferay 6.1 with NTLM
william pelletier, modificado hace 11 años.
Liferay 6.1 with NTLM
New Member Mensajes: 4 Fecha de incorporación: 13/02/12 Mensajes recientes
Hello,
I've configured my Liferay 6.1 with LDAP (Active Directory), authentication and all works a lot.
When i want to activate NTLM, authentication doesn't work fine.
I've used some note of the community but i don't know why this doesn't work.
my configuration :
Domain controller : IP address of my AD server
Domain Controller Name : Name of my AD server
Domain : rxx.axx.cnxx
Service Account : NameOfLiferayServer$@rxx.axx.cnxx
Service Password : Password integrate in AD with vbs script
Have you any idea of my problem
Thank you for your help
Best regards
William
I've configured my Liferay 6.1 with LDAP (Active Directory), authentication and all works a lot.
When i want to activate NTLM, authentication doesn't work fine.
I've used some note of the community but i don't know why this doesn't work.
my configuration :
Domain controller : IP address of my AD server
Domain Controller Name : Name of my AD server
Domain : rxx.axx.cnxx
Service Account : NameOfLiferayServer$@rxx.axx.cnxx
Service Password : Password integrate in AD with vbs script
Have you any idea of my problem
Thank you for your help
Best regards
William
Alberto Chaparro, modificado hace 11 años.
RE: Liferay 6.1 with NTLM
Liferay Master Mensajes: 549 Fecha de incorporación: 25/04/11 Mensajes recientes
Hi William,
Have you created a computer account in your LDAP? You have to use this account as Service Account in the NTLM configuration. Then you have to generate the password using the vbs script.
If you can't connect to the server after doing that , please, add the log with the connection error.
Best.
Have you created a computer account in your LDAP? You have to use this account as Service Account in the NTLM configuration. Then you have to generate the password using the vbs script.
If you can't connect to the server after doing that , please, add the log with the connection error.
Best.
william pelletier, modificado hace 11 años.
RE: Liferay 6.1 with NTLM
New Member Mensajes: 4 Fecha de incorporación: 13/02/12 Mensajes recientes
Hi Alberto,
Thanks for your answer.
Yes, i've created acomputer account in LDAP, i use it as a service account in NTLM configuration. And, i've generated the password with the vbs script.
Now, you can the error log when i want to log with NTLM and i upload a screenshot. I've this authentication box when i click on signin :
09:06:25,870 ERROR [NtlmFilter:233] Unable to perform NTLM authentication
com.liferay.portal.security.ntlm.NtlmLogonException: Unable to authenticate user: Logon failure: unknown user name or bad password.
at com.liferay.portal.security.ntlm.Netlogon.logon(Netlogon.java:87)
at com.liferay.portal.security.ntlm.NtlmManager.authenticate(NtlmManager.java:69)
at com.liferay.portal.servlet.filters.sso.ntlm.NtlmFilter.processFilter(NtlmFilter.java:228)
at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:48)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:203)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:105)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:113)
at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:121)
at com.liferay.portal.sharepoint.SharepointFilter.processFilter(SharepointFilter.java:80)
at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:48)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:203)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:105)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:113)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:184)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:92)
at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:738)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:203)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:105)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:164)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:92)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:164)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:92)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:184)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:92)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilter.doFilter(InvokerFilter.java:70)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
Thanks for your help
Regards
William
Thanks for your answer.
Yes, i've created acomputer account in LDAP, i use it as a service account in NTLM configuration. And, i've generated the password with the vbs script.
Now, you can the error log when i want to log with NTLM and i upload a screenshot. I've this authentication box when i click on signin :
09:06:25,870 ERROR [NtlmFilter:233] Unable to perform NTLM authentication
com.liferay.portal.security.ntlm.NtlmLogonException: Unable to authenticate user: Logon failure: unknown user name or bad password.
at com.liferay.portal.security.ntlm.Netlogon.logon(Netlogon.java:87)
at com.liferay.portal.security.ntlm.NtlmManager.authenticate(NtlmManager.java:69)
at com.liferay.portal.servlet.filters.sso.ntlm.NtlmFilter.processFilter(NtlmFilter.java:228)
at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:48)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:203)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:105)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:113)
at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:121)
at com.liferay.portal.sharepoint.SharepointFilter.processFilter(SharepointFilter.java:80)
at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:48)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:203)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:105)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:113)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:184)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:92)
at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:738)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:203)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:105)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:164)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:92)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:164)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:92)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:184)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:92)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilter.doFilter(InvokerFilter.java:70)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
Thanks for your help
Regards
William
Archivos adjuntos:
Alberto Chaparro, modificado hace 11 años.
RE: Liferay 6.1 with NTLM
Liferay Master Mensajes: 549 Fecha de incorporación: 25/04/11 Mensajes recientes
Hi William,
I think that exist a problem with the service account or the account you are using to authenticate due to if one the rest of the fields related to the domain was wrong the probable errors would be something like this:
- Session key negotiation failed
- Failed to connect
- DCERPC pipe is no longer open
Then focusing on the problem with the accounts, could you verify the following points?:
- Select authentication by Screen Name in control panel/portal settings/authentication. LogonName and ScreenName have to match in order to connect with the server.
- Please be completely sure that the service account is properly created and the password is correct because if one of those fileds is wrong the error returned is that you indicated
- Be sure the computer where you are trying to connect is in the same domain as LDAP.
I hope this helps you. Let me know your progress.
Best.
I think that exist a problem with the service account or the account you are using to authenticate due to if one the rest of the fields related to the domain was wrong the probable errors would be something like this:
- Session key negotiation failed
- Failed to connect
- DCERPC pipe is no longer open
Then focusing on the problem with the accounts, could you verify the following points?:
- Select authentication by Screen Name in control panel/portal settings/authentication. LogonName and ScreenName have to match in order to connect with the server.
- Please be completely sure that the service account is properly created and the password is correct because if one of those fileds is wrong the error returned is that you indicated
- Be sure the computer where you are trying to connect is in the same domain as LDAP.
I hope this helps you. Let me know your progress.
Best.
william pelletier, modificado hace 11 años.
RE: Liferay 6.1 with NTLM
New Member Mensajes: 4 Fecha de incorporación: 13/02/12 Mensajes recientes
Hello Alberto,
Thanks for your reply.
I've verified all of my configuration, i've taken your recommendation. But, this doesn't works fine.
I've made some trace with tcpdump, communication between liferay and LDAP is OK.
In a LDAP Browser, if I look the attribute lastlogon of the service account, the value was modified when i want to signin.
I don't know where is the problem.
Have any idea ?
Thanks for your help
Best regards
William
Thanks for your reply.
I've verified all of my configuration, i've taken your recommendation. But, this doesn't works fine.
I've made some trace with tcpdump, communication between liferay and LDAP is OK.
In a LDAP Browser, if I look the attribute lastlogon of the service account, the value was modified when i want to signin.
I don't know where is the problem.
Have any idea ?
Thanks for your help
Best regards
William
Alberto Chaparro, modificado hace 11 años.
RE: Liferay 6.1 with NTLM
Liferay Master Mensajes: 549 Fecha de incorporación: 25/04/11 Mensajes recientes
Hi William,
Does the service account password has special characters ((!@#$%^&*()_-+=)?
Sometimes when we set the password in the LDAP server the encoding or the keyboard language are different and we introduce incorrect characters.
If your password has special characters, try to set another password without them and do the test again.
Best.
Does the service account password has special characters ((!@#$%^&*()_-+=)?
Sometimes when we set the password in the LDAP server the encoding or the keyboard language are different and we introduce incorrect characters.
If your password has special characters, try to set another password without them and do the test again.
Best.
Jitendra Rajput, modificado hace 11 años.
RE: Liferay 6.1 with NTLM
Liferay Master Mensajes: 875 Fecha de incorporación: 7/01/11 Mensajes recientes
Hi Alberto ,
We are also trying to integrate NTLMV2 SSO with Liferay 5.2.SP4.
But when ever we try to access portal we are getting below error .
Can you please guild me what this NTLM 100 error code means ?
We are also trying to integrate NTLMV2 SSO with Liferay 5.2.SP4.
But when ever we try to access portal we are getting below error .
10:06:01,971 ERROR [Netlogon:100]
java.lang.NullPointerException
at com.liferay.portal.security.ntlm.msrpc.NetlogonNetworkInfo.encode(NetlogonNetworkInfo.java:64)
at com.liferay.portal.security.ntlm.msrpc.NetrLogonSamLogon.encode_in(NetrLogonSamLogon.java:88)
at jcifs.dcerpc.DcerpcMessage.encode(DcerpcMessage.java:84)Can you please guild me what this NTLM 100 error code means ?
Mahendra Mahakle, modificado hace 11 años.
RE: Liferay 6.1 with NTLM
Junior Member Mensajes: 80 Fecha de incorporación: 14/03/11 Mensajes recientes
Hi Alberto,
I want Single sign on in my project .I have enable NTLM from Control panel and tried to hit my project URL but it is not logging automaticaly.
Note that my Ldap is working fine.
But when I am clicking on "sign in" tab from home page then it is giving me error as "Unable to Authenticate NTLM server."
My requirment is that whenever user hit my project URL then he/she should have to login automatically.Is it possible with NTLM?
could you please tell me whats wrong with me.
Thanks,
Mahendra Mahakle
I want Single sign on in my project .I have enable NTLM from Control panel and tried to hit my project URL but it is not logging automaticaly.
Note that my Ldap is working fine.
But when I am clicking on "sign in" tab from home page then it is giving me error as "Unable to Authenticate NTLM server."
My requirment is that whenever user hit my project URL then he/she should have to login automatically.Is it possible with NTLM?
could you please tell me whats wrong with me.
Thanks,
Mahendra Mahakle
Andrew Clements, modificado hace 11 años.
RE: Liferay 6.1 with NTLM
New Member Mensajes: 17 Fecha de incorporación: 6/06/08 Mensajes recientes
I too have an NTLM issue on 6.1:
06:04:15,688 ERROR [http-bio-8181-exec-4][NtlmFilter:235] Unable to perform NTLM authentication
com.liferay.portal.security.ntlm.NtlmLogonException: Unable to authenticate due to communication failure with server
I'm upgrading SO 1.5b to LR6.1/SO2 - a fairly painful process it has to be said, and looking worse every minute (it seems to wipe all ones data). Anyway, the latest in a long list of errors is this NTLM one. I have never used NTLM with Liferay, and have not configured for AD/NTLM and really have no idea why it suddenly needs a Windows login (which fails no matter what I enter). However, it does make Liferay completely inaccessible.
tomcat is running as admin on a Windows server.
06:04:15,688 ERROR [http-bio-8181-exec-4][NtlmFilter:235] Unable to perform NTLM authentication
com.liferay.portal.security.ntlm.NtlmLogonException: Unable to authenticate due to communication failure with server
I'm upgrading SO 1.5b to LR6.1/SO2 - a fairly painful process it has to be said, and looking worse every minute (it seems to wipe all ones data). Anyway, the latest in a long list of errors is this NTLM one. I have never used NTLM with Liferay, and have not configured for AD/NTLM and really have no idea why it suddenly needs a Windows login (which fails no matter what I enter). However, it does make Liferay completely inaccessible.
tomcat is running as admin on a Windows server.
Chiến Ngọc, modificado hace 9 años.
RE: Liferay 6.1 with NTLM
Junior Member Mensajes: 35 Fecha de incorporación: 9/10/13 Mensajes recientes
I have same issues ,
Anyone please help me .
Anyone please help me .