manualshive.com logo in svg

Alfresco JLAN, Installation Manual

"Alfresco JLAN" is a cutting-edge collaboration tool designed to enhance your document management experience. This user-friendly platform enables effortless sharing, editing, and organizing of files within your organization. For hassle-free installation, our comprehensive "Installation Manual" is available for "free download" at manualshive.com.

Share
Download
background image

an Active Directory client or the host name for a client that is not an Active Directory 
client, ie. not logged onto the domain.
Some versions of the 

ktpass

 command will add the SPN for the principal so you may 

only need to add the NetBIOS/short name versions of the SPNs. Use the 

setspn -l 

<account-name>

 command to check if the 

ktpass

 command set the SPN.

4. Copy the 

cifs.keytab

 file to the server where the JLAN Server will run. Copy the 

file to a protected are such as C:\etc\ or /etc.

5. Setup the Kerberos ini file on the server that the JLAN Server will run, the 

default location is C:\winnt\krb5.ini or /etc/krb5.conf. A sample krb5.ini is 
shown below.

[libdefaults]
default-realm = ALFRESCO.ORG

[realms]
ALFRESCO.ORG = {
  kdc = adsrv.alfresco.org
  admin-server = adsrv.alfresco.org
}

[domain-realm]
adsrv.alfresco.org = ALFRESCO.ORG
.adsrv.alfresco.org = ALFRESCO.ORG

Note: The realm should be specified in uppercase.

6. Setup the Java login configuration file. This would usually be in the 

JRE\lib\security

 folder. Create a file named 

jlan.login.config

 with the following 

entry :-

JLANServerCIFS {
 com.sun.security.auth.module.Krb5LoginModule required
 storeKey=true
 useKeyTab=true
 keytab=”

C:/etc/cifs.keytab

 principal=”cifs/<jlan-server-name>.<domain>”;
};

7. Enable the login config file in the main Java security configuration file, usually 

at 

JRE\lib\security\java.security

. Add the following line :-

login.config.url.1=

file:$

{java.home}/lib/security/jlan.login.config

8. Configure the JLAN CIFS server to use the Enterprise authenticator with 

Kerberos enabled :-

<authenticator>
 <class>
 org.alfresco.jlan.server.auth.EnterpriseCifsAuthenticator
 </class>
 <mode>USER</mode>
 <allowGuest/>
 <Debug/>
 <KDC>adsrv.starlasoft.co.uk</KDC>
 <Realm>STARLASOFT.CO.UK</Realm>
 <Password>...</Password>
 <Principal>cifs/<cifs-server-name>.<domain></Principal>
</authenticator>

48

Summary of Contents for JLAN

Page 1: ...Alfresco JLAN Server Installation Guide For Alfresco JLAN Server v6 0 Author GK Spencer Alfresco 2007 2011 All rights reserved ...

Page 2: ...figuration 21 2 4 7 2 1 DatabaseInterface Configuration 25 2 4 7 2 2 FileLoader Configuration 26 2 4 7 2 3 Sample Configurations 29 2 4 8 Security Configuration 33 2 4 8 1 LocalAuthenticator 34 2 4 8 2 PassthruAuthenticator 36 2 4 8 3 Enterprise Authenticator 37 2 4 9 Share Mapper Configuration 38 2 4 10 Drive Mappings Configuration 38 2 4 11 Debug Configuration 39 2 4 11 1 Cluster Debug Configura...

Page 3: ... key components that may be replaced customized are Virtual filesystem driver classes Authentication classes Server configuration classes Virtual filesystem mapping class Access control manager and access control rules Quota manager The JLAN Server kit contains a virtual filesystem driver class that maps to the local filesystem using the java io File class and a database filesystem that stores the...

Page 4: ...ar files includes in the JLAN Server kit alfresco jlan jar Contains the core server applications but does not contain the database interface code for mySQL Oracle or Cloudscape Derby alfresco jlan db jar Contains the core server applications plus the mySQL Oracle and Derby database interface classes The database filesystem version of the Jar also requires the appropriate JDBC classes to be on the ...

Page 5: ...the demo kit jlanserver xml The sample configuration file is setup to use the Win32 NetBIOS interface To use the NetBIOS over TCP IP and or native SMB interfaces the network broadcast mask must be configured before the sample configuration file can be used The runsrv bat batch file may also be used to start the server under Windows 2 3 org alfresco jlan app JLANServerService The JLANServerService ...

Page 6: ...ate the configuration jlanserver dtd The configuration is contained within the jlanserver section of the configuration file The server is configured via the servers global SMB FTP NFS shares security shareMapper DriveMappings cluster and debug sub sections Configuration items added in recent versions of the JLAN Server are shown in bold type 2 4 1 Server Configuration The servers section defines t...

Page 7: ...oadcast 90 1 255 255 broadcast smbdialects smbdialects Enables the SMB dialects that the server will negotiate with a client The available dialects are Core LanMan and NT smbdialects Core LanMan NT smbdialects comment comment Server comment sent out as part of the host announcement and also returned by various server workstation information requests comment JLAN SMB Server comment bindto n n n n b...

Page 8: ...ied using the adapter attribute The adapter name is the name returned by the NetworkInterface class such as eth0 or en0 The platforms attribute may be specified to control which platforms the NetBIOS SMB component will be enabled on The platforms value is a comma delimeted list of platform names where the valid names are linux macosx windows solaris and aix NetBIOS over TCP IP may be enabled at th...

Page 9: ...nly be accessible from the local host The lana attribute can be used to specify which NetBIOS LAN adapter the Win32 NetBIOS interface will use If not specified the first available LANA will be used The api attribute is used to specify the native code interface to be used The valid values are netbios for the original Win32 Netbios API based code or winsock for the new Winsock Netbios based code The...

Page 10: ...lue in seconds The default session timeout is 15 minutes If no I O occurs on the session within this time then the session will be closed by the server Windows clients send keep alive requests usually within 15 minutes disableNIO Disables the new NIO based CIFS server code and reverts to using the older socket and JNI based code The SMB server has many debug settings which are controlled by the fo...

Page 11: ...quests PKTTYPE Output received packet type DCERPC DCE RPC handling NOTIFY Change notification processing STREAMS NTFS streams SOCKET Low level connections LOCK File byte range locks unlocks STATECACHE File state caching TIMING Request response timing PKTPOOL Memory pool allocations deallocations PKTSTATS Dump memory pool statistics during server shutdown THREADPOOL Thread pool BENCHMARK Benchmarki...

Page 12: ...lass class authenticator The authenticator configuration sub section is used to enable a custom FTP authentication class that implements the org alfresco jlan ftp FTPAuthenticator interface The class must be specified other configuration parameters may be specified as required bindto n n n n bindto bindto adapter Specifies which network adapter to bind to if the host has multiple network adapters ...

Page 13: ... site specific extensions to the FTP server The class must be specified and must implement the org alfresco jlan ftp FTPSiteInterface interface Other configuration parameters may be specified as required keyStore keyStore Path to the keys store file when FTPS is enabled trustStore trustStore Path to the trust store file when FTPS is enabled storePassphrase storePassphrase Store passphrase requireS...

Page 14: ...P Debug Levels TIMING Request response timing SSL FTPS SSL A sample FTP server configuration section is shown below FTP bindto 192 168 1 2 bindto allowAnonymous debug flags File FileIO Search Error FTP 14 ...

Page 15: ...et pool should be two to three times the thread pool size for optimum performance ThreadPool n ThreadPool Number of worker threads to allocate to the thread pool that processes RPC requests from NFS clients The thread pool is now shared between the TCP and UDP connections Defaults to 16 worker threads debug flags Enable various NFS server debug output mountServerDebug Enables mount server debug ou...

Page 16: ...acheDebug Enable file cache debug output The following table lists the available NFS debug levels NFS Debug Levels RXDATA Received session data TXDATA Transmitted session data SEARCH File directory searches INFO Information requests FILE File access FILEIO File read write ERROR Request errors DIRECTORY Directory related commands A sample NFS server configuration section is shown below NFS enablePo...

Page 17: ... to map or mount the virtual filesystem The optional comment is returned by various information requests diskshare name JLAN comment Test area driver Specifies the start of the disk share driver class definition block accessControl accessControl default Specifies the access control rules block The default attribute specifies the default access for clients that do not match any of the access contro...

Page 18: ...lass org alfresco jlan smb server disk JavaFileDiskDriver class The accessControl sub section contains the access control rules that are used to allow read or read write access to the share or to disallow access to the share The accessControl block may be empty if a default access of Read or Write is specified for example accessControl default Read The following table details the access control ru...

Page 19: ...he callers domain name This rule only applies to SMB CIFS sessions A sample access control block is shown below diskshare name TESTAREA driver class org alfresco jlan smb server disk JavaFileDiskDriver class LocalPath N TestArea LocalPath driver volume label TESTLABEL size totalSize 2T freeSize 100G accessControl default Read user name gkspencer access Write user name GK Spencer access Write addre...

Page 20: ... disk package The driver sub section configuration parameters are shown below JavaFileDiskDriver Configuration LocalPath LocalPath Specifies the local path to map the virtual filesystem to A sample JavaFileDiskDriver share configuration section is shown below shares diskshare name JLAN comment Test share class org alfresco jlan smb server disk JavaFileDiskDriver class LocalPath R JLAN LocalPath di...

Page 21: ...ame Description SimpleFileLoader Provides a simple file loader that loads saves files to the local filesystem maintaining the same directory structure The loader class is org alfresco jlan server filesys loader SimpleFileLoader DBFileLoader Loads saves file data to database BLOB fields using a thread pool of worker threads to load save the file data in background A queue of load save requests is m...

Page 22: ...andalone server cache cluster for the clustered cache or custom for a custom cache implementation The standalone state cache has the following configuration values Standalone State Cache Configuration fileStateExpire n fileStateExpire Specifies the file state expiry interval in seconds This is the number of seconds a file state may be held in the state cache after the file has been closed by the l...

Page 23: ...een nodes in the cluster nearCache disable nearCache timeout n Used to disable the near cache or set the near cache timeout value If the near cache is disabled clustered state cache lookups may require a network access to fetch the required file state The default near cache timeout value is 5 seconds the minimum allowed value is 3 seconds the maximum allowed value is 120 seconds 2 minutes cacheDeb...

Page 24: ...RENAME Rename state FILEDATAUPDATE File data updates FILESTATUS File status changes exist not exist 24 ...

Page 25: ...ucture details Defaults to JLANFileSys if not specified StreamsTable StreamsTable Name of the database table that holds the NTFS streams details Defaults to JLANStreams if not specified RetentionTable RetentionTable Name of the database table that holds the file folder retention details Defaults to JLANRetain if not specified QueueTable QueueTable Name of the database table used to hold the backgr...

Page 26: ...ileLoader Configuration class class Specifies the file loader class which must be an implementation of the org alfresco jlan smb loader FileLoader interface For the JDBCFileLoader the class is org alfresco jlan smb disk jdbc JDBCFileLoader FragmentSize n FragmentSize Specifies the maximum size of file data to be stored per blob If the file is larger than this value it will be split up into multipl...

Page 27: ... the database for more file requests The default level is 50 SmallFileSize n SmallFileSize Enables packing of small files that are below the specified size into Jar files The file size may be specified as n bytes or nK for kilobytes FilesPerJar n FilesPerJar Specifies the maximum number of small files to pack into each Jar file when the Jar packing feature is enabled The SizePerJar setting may als...

Page 28: ... 0 no compression KeepJars Indicates that the generated Jar files should not be deleted from the temporary cache are after they have been saved by the file loader This setting is useful for testing purposes Debug Enables JDBCFileLoader debug output 28 ...

Page 29: ...nectionPool 10 20 ConnectionPool DatabaseInterface FileLoader class org alfresco jlan server filesys loader SimpleFileLoader class RootPath N DerbyFileSys RootPath FileLoader driver diskshare The following sample configuration uses a mySQL database to hold the filesystem structure load save queues and file data The file data is stored using BLOB fields The configuration enables the packing of smal...

Page 30: ...ng BLOB fields When files are opened the file data will be copied to temporary cache files in the N oracleTemp directory A retention period of seven days will be applied to files folders created on the filesystem to prevent them from being deleted or modified during the retention period The background load save thread pool will allocate six thread for file loading and two threads for file saving d...

Page 31: ... used so that all nodes in the cluster can co ordinate access to files implement cluster wide locking and notify each other of file updates The near cache is enabled to improve cluster performance Debug output is enabled to monitor file state cache expiry and file access requests diskshare name MySQLBlob comment MySQL virtual filesystem driver class org alfresco jlan server filesys db DBDiskDriver...

Page 32: ...izePerJar 1000K SizePerJar JarCompressionLevel 9 JarCompressionLevel FileLoader stateCache type cluster clusterName MySQLCluster clusterName clusterTopic MySQLTopic clusterTopic nearCache timeout 10 cacheDebug flags Expire FileAccess stateCache driver diskshare 32 ...

Page 33: ... of access control rules can be specified that are applied to all shares that do not have access control rules assigned Security Configuration authenticator Defines the authentication class to be used and the security mode for the server accessControlManager Defines the access control manager class debug output status and additional custom rules globalAccessControl Defines a set of access control ...

Page 34: ...access control manager debug output rule rule Specifies custom access control rule classes to be added to the available access control rule types The value specifies a class that extends the org alfresco jlan server auth acl AccessControlParser abstract class If the new access control rule has the same name type as one of the default access control rules it will replace the original rule type Mult...

Page 35: ...t account is an administrator account home home Specifies a home directory on the local filesystem for this user When using the default share mapper the user can map to a share called HOME that will map to the specified directory A sample security configuration section is shown below security JCEProvider cryptix jce provider CryptixCrypto JCEProvider authenticator class org alfresco jlan server au...

Page 36: ...e or TCP IP address of a server to be used to autheticate users against The authenticator will make a test connection to the server protocolOrder protocolOrder Specifies the type of protocols and the order of connection for passthru authentication sessions The default is to use NetBIOS if that fails then try to connect using native SMB port 445 Specify either a single protocol type or a comma deli...

Page 37: ...security mode This should be set to USER for the passthru authenticator KDC KDC IP address or DNS name of the Active Directory server Realm Realm Kerberos realm Password Password Account password used by the server to get a service ticket LoginEntry LoginEntry Java security login configuration file entry name Defaults is JLANServerCIFS disallowNTLMV1 Do not allow weaker NTLMv1 logins kerberosDebug...

Page 38: ...apper class debug shareMapper 2 4 10 Drive Mappings Configuration The DriveMappings section defines local drive mappings that will be added when the JLAN Server SMB CIFS server starts This can be useful when using the JLAN Server to provide custom filesystems to the local host The drives are mapped after the SMB CIFS server component has started and removed as the SMB CIFS server shuts down DriveM...

Page 39: ...classes The org alfresco jlan debug ConsoleDebug class outputs all debug information to the console The org alfresco jlan debug LogFileDebug class outputs all debug information to a file The org alfresco debug JDKLoggingDebug class outputs all debug information using the JDK Logging APIs The org alfresco debug cluster ClusterDebug class sends all debug output to other nodes within the cluster as w...

Page 40: ...ging server for the cluster is configured to be a receive only node for the debug interface This node does not broadcast its debug output to the cluster The cluster debug interface sends a copy of the debug output to the cluster and passes a copy to another debug interface to handle the local output This may be the console file or JDK logging debug interface or a custom debug interface of your own...

Page 41: ...nd acting as the central debug logger for the cluster debug output class org alfresco jlan debug cluster ClusterDebug class debugTopic AlfrescoJLANDebug debugTopic receiveOnly localOutput class org alfresco jlan debug LogFileDebug class logFile jlansrv log logFile append localOutput output debug 41 ...

Page 42: ...001 Native SMB CIFS is enabled by default Changing the value to zero and rebooting the system will disable native SMB CIFS support The native SMB CIFS service is designed to use DNS to lookup host names 3 2 Windows NetBIOS Over TCP IP NetBIOS over TCP uses a combination of TCP sockets and UDP datagrams A session is established using a TCP IP socket connection to port 139 on the file server The Net...

Page 43: ... native SMB CIFS implementation under Windows requires that the Windows native SMB CIFS server be disabled The JLAN Server kit includes the port445 reg registry file which can apply the relevant change to disable the Windows natvie SMB CIFS server a reboot is required after applying this change The followng SMB CIFS XML configuration section is the minimum configuration required to enable JLAN Ser...

Page 44: ... support SMB host name JLANSRV domain ALFRESCO netBIOSSMB broadcast 192 168 1 255 broadcast host SMB The above configuration will bind globally to all available network adapters The network adapter that the NetBIOS over TCP IP handler binds to can also be specified SMB host name JLANSRV domain ALFRESCO netBIOSSMB broadcast 192 168 1 255 broadcast bindto 192 168 1 2 bindto host SMB To have the JLAN...

Page 45: ...tBIOS support SMB host name JLANSRV domain ALFRESCO Win32NetBIOS host SMB If there are multiple network adapters in the server system you may need to specify the NetBIOS logical adapter known as a LANA The easiest way to determine the available LANAs is to enable the Socket debug level using the sessionDebug flags setting within the SMB configuration section this will dump out a list of the availa...

Page 46: ... SMB host name JLANSRV domain ALFRESCO Win32NetBIOS Win32Announce interval 5 host SMB 46 ...

Page 47: ...tion types for this account and Do not require Kerberos preauthentication options in the Account Options section 2 Use the ktpass utility to generate a key table The ktpass utility is a free download from the Microsoft site and is also part of the Win2003 Resource Kit There is a restriction in the Microsoft ktpass utility use this commandline on the Domain Controller only ktpass princ cifs cifs se...

Page 48: ...resco org ALFRESCO ORG adsrv alfresco org ALFRESCO ORG Note The realm should be specified in uppercase 6 Setup the Java login configuration file This would usually be in the JRE lib security folder Create a file named jlan login config with the following entry JLANServerCIFS com sun security auth module Krb5LoginModule required storeKey true useKeyTab true keytab C etc cifs keytab principal cifs j...

Page 49: ...ord from step 1 To help diagnose problems with the Kerberos Active Directory setup you can enable debug output from the Java security APIs by defining the following property on the command line of the JVM Dsun security krb5 debug true 49 ...

Reviews:

No comments

Related manuals for JLAN

NEC Univerge SV8100 Information Sheet preview
Univerge SV8100
Brand: NEC Pages: 2
Panasonic KX-NCP Series Software Manual preview
KX-NCP Series
Brand: Panasonic Pages: 16
Cobalt Digital Inc Cobalt Qube 2 User Manual preview
Cobalt Qube 2
Brand: Cobalt Digital Inc Pages: 218
Thecus N12000 series User Manual preview
N12000 series
Brand: Thecus Pages: 120
Lantronix xPort Pro XPP1004000-02R Integration Manual preview
xPort Pro XPP1004000-02R
Brand: Lantronix Pages: 17
Supermicro SuperServer E300-9A-4C User Manual preview
SuperServer E300-9A-4C
Brand: Supermicro Pages: 109
xFusion Digital Technologies FusionServer 1288H V5 Technical Paper preview
FusionServer 1288H V5
Brand: xFusion Digital Technologies Pages: 96
myTEM MTSER-100-WL Quick Start Manual preview
MTSER-100-WL
Brand: myTEM Pages: 2
Planet FPS-1101 User Manual preview
FPS-1101
Brand: Planet Pages: 83
San Telequip SC10E16A1 Series User Manual preview
SC10E16A1 Series
Brand: San Telequip Pages: 85
Octagon TRAX-10 Technical Manual preview
TRAX-10
Brand: Octagon Pages: 17
Red Hat DIRECTORY SERVER 8.0 Installation Manual preview
DIRECTORY SERVER 8.0
Brand: Red Hat Pages: 128
Black Box RAS-PutIn Installation And User Manual preview
RAS-PutIn
Brand: Black Box Pages: 93
Allnet ALL60200 User Manual preview
ALL60200
Brand: Allnet Pages: 91
Wadia m330 media server Owner'S Manual preview
m330 media server
Brand: Wadia Pages: 24
Inspur NF5170M4 User Manual preview
NF5170M4
Brand: Inspur Pages: 112
Inspur AGX-5 User Manual preview
AGX-5
Brand: Inspur Pages: 170
3onedata NP5100 Series Quick Installation Manual preview
NP5100 Series
Brand: 3onedata Pages: 4

Brands by name

Popular brands

Load more brands