Fóruns

Início » Liferay Portal » English » 6. Portal Framework

Visualização combinada Visão plana Exibição em árvore
Tópicos [ Anterior | Próximo ]
toggle
Non-domain NTLM Authentication Robert Zahm 3 de Dezembro de 2007 07:28
RE: Non-domain NTLM Authentication Robert Zahm 5 de Dezembro de 2007 10:58
RE: Non-domain NTLM Authentication Robert Zahm 26 de Fevereiro de 2008 09:10
RE: Non-domain NTLM Authentication Jorge Ferrer 9 de Março de 2008 14:04
RE: Non-domain NTLM Authentication Bruno Farache 9 de Março de 2008 18:06
RE: Non-domain NTLM Authentication Robert Zahm 10 de Março de 2008 06:30
RE: Non-domain NTLM Authentication Scott Westbrook 3 de Outubro de 2008 12:58
RE: Non-domain NTLM Authentication Luca Costa 10 de Fevereiro de 2009 02:58
RE: Non-domain NTLM Authentication Jonas Yuan 9 de Março de 2009 09:26
RE: Non-domain NTLM Authentication Jonas Yuan 10 de Março de 2009 17:13
RE: Non-domain NTLM Authentication Luca Costa 11 de Março de 2009 05:17
RE: Non-domain NTLM Authentication jerin jacob 14 de Abril de 2009 21:34
RE: Non-domain NTLM Authentication Jonas Yuan 15 de Abril de 2009 09:34
RE: Non-domain NTLM Authentication Roman Orfinyak 30 de Abril de 2009 03:25
RE: Non-domain NTLM Authentication jerin jacob 7 de Maio de 2009 03:13
RE: Non-domain NTLM Authentication cometta cometta cometta 4 de Junho de 2009 03:14
RE: Non-domain NTLM Authentication cometta cometta cometta 4 de Junho de 2009 18:15
RE: Non-domain NTLM Authentication cometta cometta cometta 4 de Junho de 2009 20:15
RE: Non-domain NTLM Authentication Roman Orfinyak 9 de Junho de 2009 02:33
RE: Non-domain NTLM Authentication cometta cometta cometta 9 de Junho de 2009 18:26
RE: Non-domain NTLM Authentication cometta cometta cometta 10 de Junho de 2009 17:54
Re: [Liferay Forums][5. Portal Framework] RE: Non-domain NTLM Authenticatio cometta cometta cometta 10 de Junho de 2009 22:05
RE: Non-domain NTLM Authentication cometta cometta cometta 10 de Junho de 2009 22:06
RE: Non-domain NTLM Authentication Rathish R 27 de Junho de 2009 02:34
RE: Non-domain NTLM Authentication Roman Kuchvarskyy 30 de Junho de 2009 03:23
RE: Non-domain NTLM Authentication Roman Kuchvarskyy 22 de Junho de 2009 03:39
RE: Non-domain NTLM Authentication cometta cometta cometta 22 de Junho de 2009 06:24
RE: Non-domain NTLM Authentication Roman Kuchvarskyy 30 de Junho de 2009 03:06
RE: Non-domain NTLM Authentication cometta cometta cometta 30 de Junho de 2009 03:20
RE: Non-domain NTLM Authentication Roman Kuchvarskyy 30 de Junho de 2009 23:04
RE: Non-domain NTLM Authentication Roman Kuchvarskyy 21 de Julho de 2009 01:13
RE: Non-domain NTLM Authentication cometta cometta cometta 21 de Julho de 2009 02:06
RE: Non-domain NTLM Authentication Roman Kuchvarskyy 21 de Julho de 2009 06:24
RE: Non-domain NTLM Authentication cometta cometta cometta 21 de Julho de 2009 17:53
RE: Non-domain NTLM Authentication cometta cometta cometta 21 de Julho de 2009 17:54
RE: Non-domain NTLM Authentication Lisa Simpson 12 de Agosto de 2009 09:20
RE: Non-domain NTLM Authentication SZ khan 11 de Julho de 2010 10:28
RE: Non-domain NTLM Authentication Victor Zorin 18 de Agosto de 2009 21:06
RE: Non-domain NTLM Authentication jerin jacob 26 de Agosto de 2009 00:16
RE: Non-domain NTLM Authentication Victor Zorin 26 de Agosto de 2009 05:02
RE: Non-domain NTLM Authentication Michael Wang 23 de Setembro de 2009 20:16
RE: Non-domain NTLM Authentication Victor Zorin 23 de Setembro de 2009 20:40
RE: Non-domain NTLM Authentication Michael Wang 23 de Setembro de 2009 21:48
RE: Non-domain NTLM Authentication Victor Zorin 23 de Setembro de 2009 22:09
RE: Non-domain NTLM Authentication Michael Wang 23 de Setembro de 2009 22:55
RE: Non-domain NTLM Authentication Michael Wang 24 de Setembro de 2009 18:58
RE: Non-domain NTLM Authentication Victor Zorin 24 de Setembro de 2009 23:14
Robert Zahm
Non-domain NTLM Authentication
3 de Dezembro de 2007 07:28
Resposta

Robert Zahm

Ranking: Junior Member

Mensagens: 46

Data de entrada: 8 de Outubro de 2007

Mensagens recentes

I was able to get NTLM working so that an instance of IE from a domain account passes the username through without prompting the user. However, I ran into issues when trying this from non-domain instances of IE and other browsers such as FireFox. These browsers pop up username and password dialogs as they should. However, it doesn't matter what I enter in as the password, it always authenticates the username that I enter. This is obviously a very large security hole, am I doing something wrong?

Thanks,

Rob
Robert Zahm
RE: Non-domain NTLM Authentication
5 de Dezembro de 2007 10:58
Resposta

Robert Zahm

Ranking: Junior Member

Mensagens: 46

Data de entrada: 8 de Outubro de 2007

Mensagens recentes

Anyone have any ideas on this? Am I doing something wrong, or is this a hole in the NTLM security component?
Robert Zahm
RE: Non-domain NTLM Authentication
26 de Fevereiro de 2008 09:10
Resposta

Robert Zahm

Ranking: Junior Member

Mensagens: 46

Data de entrada: 8 de Outubro de 2007

Mensagens recentes

Can anyone tell me if this sounds like an issue with my configuration, or if this is a bug?

Thanks,

Rob
Jorge Ferrer
RE: Non-domain NTLM Authentication
9 de Março de 2008 14:04
Resposta

Jorge Ferrer

LIFERAY STAFF

Ranking: Liferay Legend

Mensagens: 2757

Data de entrada: 31 de Agosto de 2006

Mensagens recentes

Hi Robert,

I've never used this functionality but as nobody else in answering I'd like to, at least, try to guide you on how to find the root problem.

The NTLM functionality is implemented through two clases. The first one is NtlmFilter which can be configured through properties in portal(-ext).properties:

1    ntlm.auth.enabled=false
2    ntlm.auth.domain.controller=127.0.0.1
3    ntlm.auth.domain=EXAMPLE


This filter reads the HTTP Authentication headers and act accordingly. If it decides the user should be authenticated it leaves an attribute in the request.

The second class is NtlmAutoLogin. This class is responsible for the login and tries to authenticate the user If it finds in the request the attribute left by the filter.

I hope this info. helps you get started debugging the problem.
Bruno Farache
RE: Non-domain NTLM Authentication
9 de Março de 2008 18:06
Resposta

Bruno Farache

LIFERAY STAFF

Ranking: Liferay Master

Mensagens: 505

Data de entrada: 14 de Maio de 2007

Mensagens recentes

Hi Robert, what you mean and you say "non-domain instances of IE"? The user is accessing outside the domain?
Robert Zahm
RE: Non-domain NTLM Authentication
10 de Março de 2008 06:30
Resposta

Robert Zahm

Ranking: Junior Member

Mensagens: 46

Data de entrada: 8 de Outubro de 2007

Mensagens recentes

Thanks for the info, we have worked around this issue for the time being, but I am hoping to be able to revisit it, as allowing proper logins will make life much simpler for us.

What I've found is that NTLM works great for IE browsers where the user has logged into the domain. For machines outside the domain (including non-domain machines, users logged in to machines using local accounts and for Firefox), I have found that it prompts me for a username and password, and then simply signs me in with the username without actually validating that the password is correct.

The "non-domain" machine isn't really a big deal, I was just questioning whether or not the password was actually being validated.

Thanks,

Rob
Scott Westbrook
RE: Non-domain NTLM Authentication
3 de Outubro de 2008 12:58
Resposta

Scott Westbrook

Ranking: New Member

Mensagens: 14

Data de entrada: 11 de Fevereiro de 2008

Mensagens recentes

Unfortunately I am experiencing the same issue with using NTLM. Using an IE browser on the domain that has the Liferay portal (5.1.1) as a trusted or intranet site will login automatically once the user selects "Sign In" from the Dock menu without prompting.

However Firefox and Chrome will prompt for a username/password which isn't a problem. However any password is accepted and the user is logged in. If the user has never logged in before, their information is loaded via LDAP.

If the user logs in using the Sign In portlet, the user's credentials are validated correctly with LDAP.
Luca Costa
RE: Non-domain NTLM Authentication
10 de Fevereiro de 2009 02:58
Resposta

Luca Costa

Ranking: Junior Member

Mensagens: 72

Data de entrada: 5 de Março de 2008

Mensagens recentes

Same problem on liferay 5.2.1 + LDAP + NTLM:
password is not checked.

problem is solved?

Luca
Jonas Yuan
RE: Non-domain NTLM Authentication
9 de Março de 2009 09:26
Resposta

Jonas Yuan

Ranking: Liferay Master

Mensagens: 993

Data de entrada: 26 de Abril de 2007

Mensagens recentes

Any update on this issue?
Jonas Yuan
RE: Non-domain NTLM Authentication
10 de Março de 2009 17:13
Resposta

Jonas Yuan

Ranking: Liferay Master

Mensagens: 993

Data de entrada: 26 de Abril de 2007

Mensagens recentes

Just testing, it popped up a window for inputs of user name and password in FireFox 3.0.7 and IE 7.0.

The password is not checked ....

It seems that the users are not imported properly ....
Anexo

Anexos: LDAP-ADS.png (4,6k)
Luca Costa
RE: Non-domain NTLM Authentication
11 de Março de 2009 05:17
Resposta

Luca Costa

Ranking: Junior Member

Mensagens: 72

Data de entrada: 5 de Março de 2008

Mensagens recentes

I have same problems, if you successfully connect with your AD,
(select AD, reset, test all three LDAP test button,
I can see users, if you cannot see them I thin your AD is different from standard, mine goes immediately well)

just check "import at startup" and restart server.
Now users and groups should be in your server (I know, not the best, but works).

Now the other 2 points will remain:
I cannot automatically get in with IE7/FF when I'm in the domain,
always I have a user /password request, and password is not checked.

Luca
jerin jacob
RE: Non-domain NTLM Authentication
14 de Abril de 2009 21:34
Resposta

jerin jacob

Ranking: New Member

Mensagens: 11

Data de entrada: 23 de Março de 2009

Mensagens recentes

Any Fix for Non-Domain NTLM authentication ???? or any way to get around this problem ???
Jonas Yuan
RE: Non-domain NTLM Authentication
15 de Abril de 2009 09:34
Resposta

Jonas Yuan

Ranking: Liferay Master

Mensagens: 993

Data de entrada: 26 de Abril de 2007

Mensagens recentes

Hi Jerin,

This issue was fixed. You can refer to wiki page:

http://www.liferay.com/web/guest/community/wiki/-/wiki/Main/Integration+with+NTLM+plus+ADS

Hope that it helps.

Thanks

Jonas Yuan
Roman Orfinyak
RE: Non-domain NTLM Authentication
30 de Abril de 2009 03:25
Resposta

Roman Orfinyak

Ranking: New Member

Mensagens: 2

Data de entrada: 30 de Abril de 2009

Mensagens recentes

Jonas Yuan:
Hi Jerin,

This issue was fixed. You can refer to wiki page:

http://www.liferay.com/web/guest/community/wiki/-/wiki/Main/Integration+with+NTLM+plus+ADS

Hope that it helps.

Thanks

Jonas Yuan


Jonas, which issue you're referring to as fixed? I still see the bug in Jira LPS-2032 as open.

Also would like to stress that the problem is really severe both for non-domain and for domain NTLM authentication. A user can login to a portal knowing only user names of other users even if he is using IE which is domain. This can be done if one goes to the Tools -> Internet Options -> Security -> Choose a zone in which your site is -> Custom Level -> At the bottom of the page choose the radio button 'Prompt for user name and password'.

This will tell IE to give you a user name/password dialog box each time you enter the site with NTLM authenticaton configured. Knowing the user names of users one can login to the site *SUPPLYING ANY PASSWORD*.

Any feedback from Liferay community would be welcome.

Regards,
Roman.
jerin jacob
RE: Non-domain NTLM Authentication
7 de Maio de 2009 03:13
Resposta

jerin jacob

Ranking: New Member

Mensagens: 11

Data de entrada: 23 de Março de 2009

Mensagens recentes

HI Roman ,
You are exactly into the problem I am facing ..................

Any work around for this ............... Is there any alternate way so that we fix it ...........

Thanks
cometta cometta cometta
RE: Non-domain NTLM Authentication
4 de Junho de 2009 03:14
Resposta

cometta cometta cometta

Ranking: Regular Member

Mensagens: 109

Data de entrada: 26 de Abril de 2009

Mensagens recentes

i though i the only one facing this. will update you all if i found anything. any update so far on this?
cometta cometta cometta
RE: Non-domain NTLM Authentication
4 de Junho de 2009 18:15
Resposta

cometta cometta cometta

Ranking: Regular Member

Mensagens: 109

Data de entrada: 26 de Abril de 2009

Mensagens recentes

trying to troubleshoot on this..
maybe we can disucss on this.. from information that i have. ntlmfilter using ntlmssp to get user credential . in order to fix this, we need to getPassword() and compare it right? each time i do getPassword(), i will get null . any findings you folks wanna share ?
cometta cometta cometta
RE: Non-domain NTLM Authentication
4 de Junho de 2009 20:15
Resposta

cometta cometta cometta

Ranking: Regular Member

Mensagens: 109

Data de entrada: 26 de Abril de 2009

Mensagens recentes

Hello Gurus,
after dig here and there... i think i came out a fix and i want to get feedback from all of you .

I edited ntlmfilter.java file , search for keyword "ntlm = NtlmSsp.authenticate(request, response, challenge);" then below this line, i add

 1
 2
 3  try{
 4            SmbSession.logon(uniAddress, ntlm);
 5
 6           }
 7           catch( jcifs.smb.SmbException smbE){
 8               //only print brief error and skip
 9              _log.error("smbSession.logon error logon credential");
10              return null;
11           }



now, if the ntlm pop up appear , you enter wrong password, u will not be allow to log in . and foward to blank page . maybe forward to blank page is not a good idea. any suggestion ? maybe you folks can give me feedback . if this is the fix to the problem. can someone put this in SVN. your feedback is needed, so that i can comment something in issues.liferay.com on the bug reported
Roman Orfinyak
RE: Non-domain NTLM Authentication
9 de Junho de 2009 02:33
Resposta

Roman Orfinyak

Ranking: New Member

Mensagens: 2

Data de entrada: 30 de Abril de 2009

Mensagens recentes

cometta cometta cometta:
Hello Gurus,
after dig here and there... i think i came out a fix and i want to get feedback from all of you .

I edited ntlmfilter.java file , search for keyword "ntlm = NtlmSsp.authenticate(request, response, challenge);" then below this line, i add
....


hi Cometta,

We actually also came to that fix. It is working for us now.
cometta cometta cometta
RE: Non-domain NTLM Authentication
9 de Junho de 2009 18:26
Resposta

cometta cometta cometta

Ranking: Regular Member

Mensagens: 109

Data de entrada: 26 de Abril de 2009

Mensagens recentes



portal-impl/src/com/liferay/portal/servlet/filters/sso/ntlm/NtlmFilter.java
cometta cometta cometta
RE: Non-domain NTLM Authentication
10 de Junho de 2009 17:54
Resposta

cometta cometta cometta

Ranking: Regular Member

Mensagens: 109

Data de entrada: 26 de Abril de 2009

Mensagens recentes

download the source code . i'm using 5.2.2
cometta cometta cometta
Re: [Liferay Forums][5. Portal Framework] RE: Non-domain NTLM Authenticatio
10 de Junho de 2009 22:05
Resposta

cometta cometta cometta

Ranking: Regular Member

Mensagens: 109

Data de entrada: 26 de Abril de 2009

Mensagens recentes

in production u will only find the class file. i not sure it inside with jar. but if you compile everything from source it should work . good luck




________________________________
From: Rathish R from liferay.com <no-reply@liferay.com>
To: "mb.239391.3299211@events.liferay.com" <mb.239391.3299211@events.liferay.com>
Sent: Thursday, June 11, 2009 12:54:26 PM
Subject: [Liferay Forums][5. Portal Framework] RE: Non-domain NTLM Authentication <mb.239391.3299211@events.liferay.com>

Hi Cometta,

I can download the source code and make the changes. But my concern is that i have the portal already deployed in production environment and in that package i am not able find the file ntlmfilter.java. Is this file located in any jar files?? Do i need to unpack any jar files in order to view this file??


Regards,

Rathish
--
Liferay Message Boards
http://www.liferay.com/web/guest/community/forums/-/message_boards/message/3299211
mb.239391.3299211@events.liferay.com
http://www.liferay.com
cometta cometta cometta
RE: Non-domain NTLM Authentication
10 de Junho de 2009 22:06
Resposta

cometta cometta cometta

Ranking: Regular Member

Mensagens: 109

Data de entrada: 26 de Abril de 2009

Mensagens recentes

try compile from source and try that on your development environment first. if that work. then shift to production
Roman Kuchvarskyy
RE: Non-domain NTLM Authentication
22 de Junho de 2009 03:39
Resposta

Roman Kuchvarskyy

Ranking: New Member

Mensagens: 6

Data de entrada: 22 de Junho de 2009

Mensagens recentes

Hi Cometta!

Your fix work but,

I have a problem with login. I can login via NTLM only first time. And then I get Access denied! exception.

First user login successful, and when I try login by another user I got this exception.

Have you any suggestion about such problem?
cometta cometta cometta
RE: Non-domain NTLM Authentication
22 de Junho de 2009 06:24
Resposta

cometta cometta cometta

Ranking: Regular Member

Mensagens: 109

Data de entrada: 26 de Abril de 2009

Mensagens recentes

pls provide error screenshot or console exception error code, also better if you can include your nltmfilter file so that someone able to help up
Rathish R
RE: Non-domain NTLM Authentication
27 de Junho de 2009 02:34
Resposta

Rathish R

Ranking: Junior Member

Mensagens: 48

Data de entrada: 26 de Fevereiro de 2009

Mensagens recentes

I have downloaded the source and made the changes in ntlmfilter.java file. How do i compile the source code?
Roman Kuchvarskyy
RE: Non-domain NTLM Authentication
30 de Junho de 2009 03:06
Resposta

Roman Kuchvarskyy

Ranking: New Member

Mensagens: 6

Data de entrada: 22 de Junho de 2009

Mensagens recentes

Hi cometta,
Here is a screenshot of my exception and NTLMFilter.txt.
The exception throws after I try to login for the second time by another user. At first logon method login successful.
Maybe the problem is on the domain configuration?
Anexo

Anexos: NtlmFilter.txt (8,0k), error.jpg (29,5k)
Roman Kuchvarskyy
RE: Non-domain NTLM Authentication
30 de Junho de 2009 03:23
Resposta

Roman Kuchvarskyy

Ranking: New Member

Mensagens: 6

Data de entrada: 22 de Junho de 2009

Mensagens recentes

Do you have extension of your project?
If you have, you only must place this file on ext-impl/src/{file-path} and then run ant deploy target.
cometta cometta cometta
RE: Non-domain NTLM Authentication
30 de Junho de 2009 03:20
Resposta

cometta cometta cometta

Ranking: Regular Member

Mensagens: 109

Data de entrada: 26 de Abril de 2009

Mensagens recentes

i place logon at wrong place


ntlm = NtlmSsp.authenticate(request, response, challenge);

//*** modified start
try{
SmbSession.logon(uniAddress, ntlm); //ref:http://article.gmane.org/gmane.network.samba.java/501

}
catch( jcifs.smb.SmbException smbE){
//only print brief error and skip
_log.error("smbSession.logon error logon credential");
return null;
}

//*** modified end


session.setAttribute("NtlmHttpAuth", ntlm);
Roman Kuchvarskyy
RE: Non-domain NTLM Authentication
30 de Junho de 2009 23:04
Resposta

Roman Kuchvarskyy

Ranking: New Member

Mensagens: 6

Data de entrada: 22 de Junho de 2009

Mensagens recentes

Hi Cometta,

I found what are causing my Access denied exeception. The problem is that I connect to th IPC$ share. And It allowed only one connection. My domain is located on Windows 2003 server. Do you have the same problem?
Roman Kuchvarskyy
RE: Non-domain NTLM Authentication
21 de Julho de 2009 01:13
Resposta

Roman Kuchvarskyy

Ranking: New Member

Mensagens: 6

Data de entrada: 22 de Junho de 2009

Mensagens recentes

Can anybody help me with my problem?
The problem is, that I can Login only first time via NTLM. Second user(another user) couldn't login(but can if login first time). I user Windows 2003 server and tomcat.
cometta cometta cometta
RE: Non-domain NTLM Authentication
21 de Julho de 2009 02:06
Resposta

cometta cometta cometta

Ranking: Regular Member

Mensagens: 109

Data de entrada: 26 de Abril de 2009

Mensagens recentes

1. did u tried the code that i post on my previous post?
2. hope someone will respond on this. give some feedback to this user
Roman Kuchvarskyy
RE: Non-domain NTLM Authentication
21 de Julho de 2009 06:24
Resposta

Roman Kuchvarskyy

Ranking: New Member

Mensagens: 6

Data de entrada: 22 de Junho de 2009

Mensagens recentes

Yes I tried. Your fix work. But only for first user. If I go in my server(Win 2003) and kill the session to IPC$ the next user can login.
cometta cometta cometta
RE: Non-domain NTLM Authentication
21 de Julho de 2009 17:53
Resposta

cometta cometta cometta

Ranking: Regular Member

Mensagens: 109

Data de entrada: 26 de Abril de 2009

Mensagens recentes

so for i test 2-3 users login same times without problem.. any feedback from other members?
cometta cometta cometta
RE: Non-domain NTLM Authentication
21 de Julho de 2009 17:54
Resposta

cometta cometta cometta

Ranking: Regular Member

Mensagens: 109

Data de entrada: 26 de Abril de 2009

Mensagens recentes

by the way i'm using tomcat 6.0.18 +oracle 10g
Lisa Simpson
RE: Non-domain NTLM Authentication
12 de Agosto de 2009 09:20
Resposta

Lisa Simpson

Ranking: Liferay Legend

Mensagens: 2034

Data de entrada: 5 de Março de 2009

Mensagens recentes

Just to toss 2 cents in, why not shim the authentication path with something like CAS? It would certainly seem easier than all this stuff that all of you are doing now.
Victor Zorin
RE: Non-domain NTLM Authentication
18 de Agosto de 2009 21:06
Resposta

Victor Zorin

Ranking: Liferay Legend

Mensagens: 1176

Data de entrada: 14 de Abril de 2008

Mensagens recentes

Surprised that this is not fixed yet, because working solution was suggested by cometta a long time ago, works across IE, domain and non-domain FFs without problems. Public patch can be found here. Source code is inside zip/jar file.

Edited: For auto-sign-in in FF, do not forget to extend configuration parameter 'network.automatic-ntlm-auth.trusted-uris' with the comma-separated list of NTLM domains (using about:config screen)
jerin jacob
RE: Non-domain NTLM Authentication
26 de Agosto de 2009 00:16
Resposta

jerin jacob

Ranking: New Member

Mensagens: 11

Data de entrada: 23 de Março de 2009

Mensagens recentes

ya ... worked .. great .... Is there any way to login with out NTLM settings ???
Victor Zorin
RE: Non-domain NTLM Authentication
26 de Agosto de 2009 05:02
Resposta

Victor Zorin

Ranking: Liferay Legend

Mensagens: 1176

Data de entrada: 14 de Abril de 2008

Mensagens recentes

If NTLM auth does not pass, you should be redirected to login page automatically.
That's normal behavior. We use both sign-in processes simultaneously.
Michael Wang
RE: Non-domain NTLM Authentication
23 de Setembro de 2009 20:16
Resposta

Michael Wang

Ranking: Junior Member

Mensagens: 29

Data de entrada: 23 de Setembro de 2009

Mensagens recentes

We had tried the methods above, but Still No Luck and having the same issue when using the 5.2.4 version ,are there any updates on how to fix the bug ? Somebody,pl Help.....
Victor Zorin
RE: Non-domain NTLM Authentication
23 de Setembro de 2009 20:40
Resposta

Victor Zorin

Ranking: Liferay Legend

Mensagens: 1176

Data de entrada: 14 de Abril de 2008

Mensagens recentes

having the same issue...

Hi Michael. Usually single thread touches on many issues and flavors of those, what's the exact problem in this particular setup?
Michael Wang
RE: Non-domain NTLM Authentication
23 de Setembro de 2009 21:48
Resposta

Michael Wang

Ranking: Junior Member

Mensagens: 29

Data de entrada: 23 de Setembro de 2009

Mensagens recentes

Dear Victor,

Thanks for your concerns.The problem is that I can Login only first time via NTLM. Second user(another user) couldn't login(but can if login first time). I use Windows 2003 server and tomcat. Can you help me with the problem?

Thanks,
Victor Zorin
RE: Non-domain NTLM Authentication
23 de Setembro de 2009 22:09
Resposta

Victor Zorin

Ranking: Liferay Legend

Mensagens: 1176

Data de entrada: 14 de Abril de 2008

Mensagens recentes

Need more info about sequence of events:
- is it from the same desktop or different? For example:
step 1. You log in to desktop
step 2. You log in to portal
step 3. you log out from desktop
step 4. another person logs in to desktop with different credentials
step 5. another person con not log in to portal
... something like that

Do you have proxy on your network? If you do, disable until investigation is complete.
Michael Wang
RE: Non-domain NTLM Authentication
23 de Setembro de 2009 22:55
Resposta

Michael Wang

Ranking: Junior Member

Mensagens: 29

Data de entrada: 23 de Setembro de 2009

Mensagens recentes

Dear Victor,

Thanks for the kindly help, we didn't used any proxy on our network,we followed your ideas and the result are :

There are users A , B and C

1. User A login desktop then login portal. Successed!

2. User B login desktop then login portal. Failed.

3, User C login desktop and login portla used user A account, sucessed!
Michael Wang
RE: Non-domain NTLM Authentication
24 de Setembro de 2009 18:58
Resposta

Michael Wang

Ranking: Junior Member

Mensagens: 29

Data de entrada: 23 de Setembro de 2009

Mensagens recentes

Hello Victor,

Any updated advise on the problem ?
Victor Zorin
RE: Non-domain NTLM Authentication
24 de Setembro de 2009 23:14
Resposta

Victor Zorin

Ranking: Liferay Legend

Mensagens: 1176

Data de entrada: 14 de Abril de 2008

Mensagens recentes

Michael , sorry for the delay. Had to go through some painful releases.
On your NTLM issue, there must be something simple, though hard to figure out what's going on without seeing your system setup.

If I start asking detailed questions one by one, there could about ten 2-way interactions on the forum, which may take 10 days (one per question/answer).
So may be it is a good time for you to roll up your sleeves and learn how to resolve such situations quickly. That's what I usually do:
- create a Java project in Eclipse, that is configured to produce a single jar file
- set library path to point to liferay impl and service jars
- create a replica of a class which your would like to debug, e.g. in this case you would want to know what's going on when NTLM is executed, so you have to create a cut-and-paste copy of class com.liferay.portal.security.auth.NtlmAutoLogin, but with your own package name, e.g. com.myoffice.portal.security.auth.NtlmAutoLogin
- insert your own debugging statements into it
- build, create your own jar, put it into classpath
- modify your portal-ext.propeties file, by copying line auto.login.hooks=... from portal.properties
- in this line change the class com.liferay.portal.security.auth.NtlmAutoLogin to com.myoffice.portal.security.auth.NtlmAutoLogin
- so when NTLM is executed, your own class will be executed instead of liferay' one
- run the portal and see which way it is going

Once you are set like this and feel comfortable, the entire debugging and build process for future problems and investigations may only take 30 minutes.

You can certainly do such builds in ext environment, but I found that it is much easier to do it this way, probably because I used this style on liferay installations before ext environment existed, (e.g. 4 years ago)
SZ khan
RE: Non-domain NTLM Authentication
11 de Julho de 2010 10:28
Resposta

SZ khan

Ranking: Regular Member

Mensagens: 148

Data de entrada: 31 de Outubro de 2009

Mensagens recentes

I tried your update and FF is now working but IE is showing a login box too, which was not the case before. I am on 5.2.3 and using IE8. For me an idea solution will be that the pop up login box not show up in IE and FF both. Any suggestion ?
Thanks