留言板

  1. 主页
  2. Portal
  3. Ntlm Issue

Ntlm Issue

thumbnail
Ramanjeneyulu Bodepudi,修改在8 年前。

Ntlm Issue

Junior Member 帖子: 42 加入日期: 12-2-24 最近的帖子
07:18:15,189 ERROR [http-bio-7080-exec-10][NtlmFilter:235] Unable to perform NTLM authentication
com.liferay.portal.security.ntlm.NtlmLogonException: Unable to authenticate due to communication failure with server
at com.liferay.portal.security.ntlm.Netlogon.logon(Netlogon.java:93)
at com.liferay.portal.security.ntlm.NtlmManager.authenticate(NtlmManager.java:69)
at com.liferay.portal.servlet.filters.sso.ntlm.NtlmFilter.processFilter(NtlmFilter.java:230)
at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:59)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918)
at java.lang.Thread.run(Thread.java:662)
Caused by: jcifs.smb.SmbAuthException: Logon failure: unknown user name or bad password.
at jcifs.smb.SmbTransport.checkStatus(SmbTransport.java:528)
at jcifs.smb.SmbTransport.send(SmbTransport.java:645)
at jcifs.smb.SmbSession.sessionSetup(SmbSession.java:395)
at jcifs.smb.SmbSession.send(SmbSession.java:224)
at jcifs.smb.SmbTree.treeConnect(SmbTree.java:176)
at jcifs.smb.SmbFile.doConnect(SmbFile.java:906)
at jcifs.smb.SmbFile.connect(SmbFile.java:949)
at jcifs.smb.SmbFile.connect0(SmbFile.java:875)
at jcifs.smb.SmbFileInputStream.<init>(SmbFileInputStream.java:76)
at jcifs.smb.TransactNamedPipeInputStream.<init>(TransactNamedPipeInputStream.java:38)
at jcifs.smb.SmbNamedPipe.getNamedPipeInputStream(SmbNamedPipe.java:166)
at jcifs.dcerpc.DcerpcPipeHandle.doSendFragment(DcerpcPipeHandle.java:66)
at jcifs.dcerpc.DcerpcHandle.sendrecv(DcerpcHandle.java:181)
at jcifs.dcerpc.DcerpcHandle.bind(DcerpcHandle.java:126)
at com.liferay.portal.security.ntlm.NetlogonConnection.connect(NetlogonConnection.java:89)
at com.liferay.portal.security.ntlm.Netlogon.logon(Netlogon.java:49)
... 19 more
thumbnail
Juan Gonzalez,修改在8 年前。

Move to more appropiate category

Liferay Legend 帖子: 3089 加入日期: 08-10-28 最近的帖子
Move to more appropiate category
thumbnail
Miroslav Ligas,修改在8 年前。

RE: Ntlm Issue

Regular Member 帖子: 152 加入日期: 14-7-29 最近的帖子
Logon failure: unknown user name or bad password


Did you create a proper Service Account for NTLM? It need to be a system account on AD. Also consider to move away form NTLM it's more a legacy option now.
thumbnail
Ramanjeneyulu Bodepudi,修改在8 年前。

RE: Ntlm Issue

Junior Member 帖子: 42 加入日期: 12-2-24 最近的帖子
Dear Miroslav,


I have created local ldap in my machine and done ldap configuration in liferay portal, Ldap is working fine after configure.

I am facing issue with ntlm only(Using apache directory studio).

附件:

thumbnail
Miroslav Ligas,修改在8 年前。

RE: Ntlm Issue

Regular Member 帖子: 152 加入日期: 14-7-29 最近的帖子
Install Wireshark and have a look at the communication between liferay and apache DS. You may find something there (https://cwiki.apache.org/confluence/display/DIRxSRVx11/SASL+NTLM+Support)
And I don't know about ApacheDS but MS AD had usually problems with certificates. You need to have same certificates in Liferay (java keystore) and on the server. I don't know if this applies if you have both servers localy.