Combination View Flat View Tree View
Threads [ Previous | Next ]
toggle
william pelletier
Liferay 6.1 with NTLM
May 9, 2012 6:23 AM
Answer

william pelletier

Rank: New Member

Posts: 4

Join Date: February 13, 2012

Recent Posts

Hello,

I've configured my Liferay 6.1 with LDAP (Active Directory), authentication and all works a lot.
When i want to activate NTLM, authentication doesn't work fine.
I've used some note of the community but i don't know why this doesn't work.

my configuration :
Domain controller : IP address of my AD server
Domain Controller Name : Name of my AD server
Domain : rxx.axx.cnxx
Service Account : NameOfLiferayServer$@rxx.axx.cnxx
Service Password : Password integrate in AD with vbs script

Have you any idea of my problem
Thank you for your help

Best regards
William
Alberto Chaparro
RE: Liferay 6.1 with NTLM
May 9, 2012 10:42 AM
Answer

Alberto Chaparro

LIFERAY STAFF

Rank: Regular Member

Posts: 134

Join Date: April 25, 2011

Recent Posts

Hi William,

Have you created a computer account in your LDAP? You have to use this account as Service Account in the NTLM configuration. Then you have to generate the password using the vbs script.

If you can't connect to the server after doing that , please, add the log with the connection error.

Best.
william pelletier
RE: Liferay 6.1 with NTLM
May 10, 2012 12:18 AM
Answer

william pelletier

Rank: New Member

Posts: 4

Join Date: February 13, 2012

Recent Posts

Hi Alberto,

Thanks for your answer.
Yes, i've created acomputer account in LDAP, i use it as a service account in NTLM configuration. And, i've generated the password with the vbs script.
Now, you can the error log when i want to log with NTLM and i upload a screenshot. I've this authentication box when i click on signin :

09:06:25,870 ERROR [NtlmFilter:233] Unable to perform NTLM authentication
com.liferay.portal.security.ntlm.NtlmLogonException: Unable to authenticate user: Logon failure: unknown user name or bad password.
at com.liferay.portal.security.ntlm.Netlogon.logon(Netlogon.java:87)
at com.liferay.portal.security.ntlm.NtlmManager.authenticate(NtlmManager.java:69)
at com.liferay.portal.servlet.filters.sso.ntlm.NtlmFilter.processFilter(NtlmFilter.java:228)
at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:48)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:203)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:105)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:113)
at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:121)
at com.liferay.portal.sharepoint.SharepointFilter.processFilter(SharepointFilter.java:80)
at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:48)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:203)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:105)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:113)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:184)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:92)
at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:738)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:203)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:105)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:164)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:92)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:164)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:92)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:184)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:92)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilter.doFilter(InvokerFilter.java:70)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)

Thanks for your help
Regards
William
Attachment

Attachments: mirelogin.jpg (25.2k)
Alberto Chaparro
RE: Liferay 6.1 with NTLM
May 10, 2012 1:44 AM
Answer

Alberto Chaparro

LIFERAY STAFF

Rank: Regular Member

Posts: 134

Join Date: April 25, 2011

Recent Posts

Hi William,

I think that exist a problem with the service account or the account you are using to authenticate due to if one the rest of the fields related to the domain was wrong the probable errors would be something like this:

- Session key negotiation failed
- Failed to connect
- DCERPC pipe is no longer open

Then focusing on the problem with the accounts, could you verify the following points?:

- Select authentication by Screen Name in control panel/portal settings/authentication. LogonName and ScreenName have to match in order to connect with the server.
- Please be completely sure that the service account is properly created and the password is correct because if one of those fileds is wrong the error returned is that you indicated
- Be sure the computer where you are trying to connect is in the same domain as LDAP.

I hope this helps you. Let me know your progress.

Best.
william pelletier
RE: Liferay 6.1 with NTLM
May 11, 2012 2:14 AM
Answer

william pelletier

Rank: New Member

Posts: 4

Join Date: February 13, 2012

Recent Posts

Hello Alberto,

Thanks for your reply.
I've verified all of my configuration, i've taken your recommendation. But, this doesn't works fine.

I've made some trace with tcpdump, communication between liferay and LDAP is OK.
In a LDAP Browser, if I look the attribute lastlogon of the service account, the value was modified when i want to signin.

I don't know where is the problem.

Have any idea ?

Thanks for your help
Best regards

William
Alberto Chaparro
RE: Liferay 6.1 with NTLM
May 11, 2012 4:13 AM
Answer

Alberto Chaparro

LIFERAY STAFF

Rank: Regular Member

Posts: 134

Join Date: April 25, 2011

Recent Posts

Hi William,

Does the service account password has special characters ((!@#$%^&*()_-+=)?

Sometimes when we set the password in the LDAP server the encoding or the keyboard language are different and we introduce incorrect characters.

If your password has special characters, try to set another password without them and do the test again.

Best.
Jitendra Rajput
RE: Liferay 6.1 with NTLM
May 14, 2012 1:36 AM
Answer

Jitendra Rajput

Rank: Liferay Master

Posts: 858

Join Date: January 7, 2011

Recent Posts

Hi Alberto ,

We are also trying to integrate NTLMV2 SSO with Liferay 5.2.SP4.
But when ever we try to access portal we are getting below error .

110:06:01,971 ERROR [Netlogon:100]
2java.lang.NullPointerException
3    at com.liferay.portal.security.ntlm.msrpc.NetlogonNetworkInfo.encode(NetlogonNetworkInfo.java:64)
4    at com.liferay.portal.security.ntlm.msrpc.NetrLogonSamLogon.encode_in(NetrLogonSamLogon.java:88)
5    at jcifs.dcerpc.DcerpcMessage.encode(DcerpcMessage.java:84)



Can you please guild me what this NTLM 100 error code means ?
Mahendra Mahakle
RE: Liferay 6.1 with NTLM
May 15, 2012 6:47 AM
Answer

Mahendra Mahakle

Rank: Junior Member

Posts: 81

Join Date: March 14, 2011

Recent Posts

Hi Alberto,
I want Single sign on in my project .I have enable NTLM from Control panel and tried to hit my project URL but it is not logging automaticaly.
Note that my Ldap is working fine.

But when I am clicking on "sign in" tab from home page then it is giving me error as "Unable to Authenticate NTLM server."

My requirment is that whenever user hit my project URL then he/she should have to login automatically.Is it possible with NTLM?

could you please tell me whats wrong with me.

Thanks,
Mahendra Mahakle
Andrew Clements
RE: Liferay 6.1 with NTLM
September 26, 2012 11:18 PM
Answer

Andrew Clements

Rank: New Member

Posts: 17

Join Date: June 5, 2008

Recent Posts

I too have an NTLM issue on 6.1:

06:04:15,688 ERROR [http-bio-8181-exec-4][NtlmFilter:235] Unable to perform NTLM authentication
com.liferay.portal.security.ntlm.NtlmLogonException: Unable to authenticate due to communication failure with server


I'm upgrading SO 1.5b to LR6.1/SO2 - a fairly painful process it has to be said, and looking worse every minute (it seems to wipe all ones data). Anyway, the latest in a long list of errors is this NTLM one. I have never used NTLM with Liferay, and have not configured for AD/NTLM and really have no idea why it suddenly needs a Windows login (which fails no matter what I enter). However, it does make Liferay completely inaccessible.

tomcat is running as admin on a Windows server.
Chiến Ngọc
RE: Liferay 6.1 with NTLM
June 3, 2014 1:43 AM
Answer

Chiến Ngọc

Rank: Junior Member

Posts: 35

Join Date: October 9, 2013

Recent Posts

I have same issues ,
Anyone please help me .