0

We have two nodes in a clustered enviornment (Alfresco and tomcat) with passthru authentication along with ldap and NTLM configured. protocol order is TCPIP, NETBIOS. It works fine most of the time, but sometimes and for some users authentication screen comes again and again.

Below is stack trace. Any pointer will be helpful.

net.sf.acegisecurity.AuthenticationServiceException: I/O error; nested exception is java.net.SocketException: Socket closed at org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.authenticatePassthru(NTLMAuthenticationComponentImpl.java:908) at org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.authenticate(NTLMAuthenticationComponentImpl.java:555) at sun.reflect.GeneratedMethodAccessor812.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:107) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202) at $Proxy220.authenticate(Unknown Source) at org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter.processType3(BaseNTLMAuthenticationFilter.java:536) at org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter.authenticateRequest(BaseNTLMAuthenticationFilter.java:291) at org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter.doFilter(BaseSSOAuthenticationFilter.java:134) at sun.reflect.GeneratedMethodAccessor543.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:103) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202) at $Proxy229.doFilter(Unknown Source) at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:82) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.alfresco.web.app.servlet.WebScriptSSOAuthenticationFilter.doFilter(WebScriptSSOAuthenticationFilter.java:128) at sun.reflect.GeneratedMethodAccessor543.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:103) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202) at $Proxy229.doFilter(Unknown Source) at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:82) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.alfresco.web.app.servlet.GlobalLocalizationFilter.doFilter(GlobalLocalizationFilter.java:58) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489) at java.lang.Thread.run(Thread.java:662) Caused by: java.net.SocketException: Socket closed at java.net.SocketInputStream.read(SocketInputStream.java:162) at java.io.DataInputStream.read(DataInputStream.java:132) at org.alfresco.jlan.netbios.NetBIOSSession.Receive(NetBIOSSession.java:1836) at org.alfresco.jlan.server.auth.passthru.SMBPacket.ExchangeSMB(SMBPacket.java:286) at org.alfresco.jlan.server.auth.passthru.AuthenticateSession.doSessionSetup(AuthenticateSession.java:1158) at org.alfresco.jlan.server.auth.passthru.AuthenticateSession.doSessionSetup(AuthenticateSession.java:992) at org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.authenticatePassthru(NTLMAuthenticationComponentImpl.java:834) ... 48 more

Sicco
  • 6,167
  • 5
  • 45
  • 61
Shiv Mishra
  • 1

1 Answers1

1

You don't mention what type of Domain Controller you are using to authenticate against and what your network architecture is, but based on the stack trace it looks like the connection is being closed unexpectedly.

This could indicate a problem with the network or the DC, but you would need to look at the traffic going over the wire to really tell what is going on.

Lastly it might also be worth checking in the logs of your DC to see if it is reporting any problems from its end.

Will Abson
  • 1,562
  • 7
  • 13
  • I am not able to name the domain cotroller, but i might be able to find out if it is required. – Shiv Mishra Sep 11 '12 at 09:55
  • Some times the exception comes randomly for all or some users. This we beleive is due to authorisation socket getting closed after few unauthenticated requests. However for some users it regularly comes. Also we have some other Alfresco application on the same servers with same base files. There is no exception in those applications. It seems this authentication problem with unsurmountable credential boxes popping up comes when certain web-scripts are being accessed. We are not able to name the scripts, and we are not trying hard to find those scripts as we want some permanent solution. – Shiv Mishra Sep 11 '12 at 09:56
  • One theory is that IE may be sending wrong credentials. When we access the applications in Firefox, we have to give credentials for the first time but then credentials is never asked again. While in IE credential boxes keep popping up. – Shiv Mishra Sep 11 '12 at 09:57
  • Also from log files: The client sent a NTLMv1 type 3 message without prior type 1 in session – Shiv Mishra Sep 11 '12 at 12:33
  • have you tried adding your server (where alfresco is hosted) IP or hostname to the trusted sites in Firefox or IE? – Teqnology Sep 13 '12 at 12:42