1. Startpagina
  2. Development
  3. RE: NTLM authentication not working in Liferay 7

RE: NTLM authentication not working in Liferay 7

Deepjyoti Nath, 9 Jaren geleden aangepast.
NTLM authentication not working in Liferay 7
Junior Member Berichten: 86 Aanmelddatum: 2-11-10 Recente berichten
Hi,
I tried to configure NTLM authentication with our AD server (configured in LDAP). But after the configuration, when I click on Sign-In button, in Liferay, it asks windows userid/password. But submitting with correct credentials also its not working.
Log shows connection error (attached the log file).

Has someone worked on NTLMv2 configuration in Liferay 7?

Thanks,
Deep

Bijlagen:

thumbnail
Andrew Jardine, 9 Jaren geleden aangepast.
RE: NTLM authentication not working in Liferay 7
Liferay Legend Berichten: 2416 Aanmelddatum: 22-12-10 Recente berichten
Hi Deepjyoti

Based on the log you attached, it looks like the Principal (service account) that you set up is not correct, or you have the wrong address for the endpoint perhaps?

06:41:41,369 ERROR [http-nio-8083-exec-1][NtlmFilter:297] Unable to perform NTLM authentication
com.liferay.portal.security.sso.ntlm.internal.NtlmLogonException: Unable to authenticate due to communication failure with server


I don't have a DXP server to try it on (or a windows machine for an NTLM connection in fact) so I can't say for sure that it's not a bug. If you are certian that it is a bug, then your best course of action is to open a LESA with Liferay and see what they say.
Deepjyoti Nath, 9 Jaren geleden aangepast.
RE: NTLM authentication not working in Liferay 7
Junior Member Berichten: 86 Aanmelddatum: 2-11-10 Recente berichten
Thanks Andrew. I also had the same feeling, and I tried the same configuration in Liferay 6.2 version, which resulted the same error. I will check with the administrator to confirm the service account credentials. Is there any way (tool) to manually check if the credentials entered in service account field is correct or not.

Thanks,
Deep
thumbnail
Andrew Jardine, 9 Jaren geleden aangepast.
RE: NTLM authentication not working in Liferay 7
Liferay Legend Berichten: 2416 Aanmelddatum: 22-12-10 Recente berichten
Not that I am aware of. The only "test" button I am familiar with is the one in the LDAP configuration.
thumbnail
Jack Bakker, 9 Jaren geleden aangepast.
RE: NTLM authentication not working in Liferay 7
Liferay Master Berichten: 978 Aanmelddatum: 3-1-10 Recente berichten
Deepivoti,

I've had to set the service account password with a VBScript. There are several out there including ones from Microsoft, and are similar to below

Dim objComputer
Set objComputer = GetObject("LDAP://CN=someName,CN=someServiceAccounts,DC=Example,DC=COM"")
objComputer.SetPassword "somePassword"
Wscript.Quit

Have you done this ?
EDIT: I've got NTLM this to work on Liferay v6.2EE but haven't tried in v7/DXP yet. I also had to adjust Internet Explorer configs, but I given your error you might not be at that step yet.
Roshan Qureshi, 7 Jaren geleden aangepast.
RE: NTLM authentication not working in Liferay 7
Regular Member Berichten: 159 Aanmelddatum: 24-8-10 Recente berichten
Hello,

We have same issue with   LIFERAY 7 GA7 CE + WINDOWS SERVER 2012


ERROR [ajp-nio-8009-exec-9][NtlmFilter:298] Unable to perform NTLM authentication
com.liferay.portal.security.sso.ntlm.internal.NtlmLogonException: Unable to authenticate due to communication failure with server


There was a known issue :

https://issues.liferay.com/browse/LPS-15380

It says, it is resolved in 5.2.X EE, 6.0.12 EE but what about CE? Specially Liferay 7 ga7 CE?

Is anyone from Liferay staff can update on this please?

Thanks.
thumbnail
David H Nebinger, 7 Jaren geleden aangepast.
RE: NTLM authentication not working in Liferay 7
Liferay Legend Berichten: 14933 Aanmelddatum: 2-9-06 Recente berichten
By now that fix would have made it into CE, sure, but that has nothing to do with the "Unable to authenticate due to communication failure with server" issue you are facing, that was due to trying to use a service account for authentication.

But verify the low hanging fruit - make sure that you can actually connect from the server to AD and that it isn't just some silly windows firewall thing blocking connectivity.
Roshan Qureshi, 7 Jaren geleden aangepast.
RE: NTLM authentication not working in Liferay 7
Regular Member Berichten: 159 Aanmelddatum: 24-8-10 Recente berichten
"David H NebingerBy now that fix would have made it into CE, sure, but that has nothing to do with the "Unable to authenticate due to communication failure with server" issue you are facing, that was due to trying to use a service account for authentication.

But verify the low hanging fruit - make sure that you can actually connect from the server to AD and that it isn't just some silly windows firewall thing blocking connectivity."

Thanks for quick reply.

We checked everything and we are able to ping the controller IP.

Do you know what does the meaning of Heading zeros in the logs :

"Failed to connect: 0.0.0.0<00>/domain IP"


Thread - https://community.liferay.com/forums/-/message_boards/message/112819703 says

" Inspecting source code/debugging we found:
that netrServerAuthenticate3.getServerCredential() returns byte array filled with zeroes: http://www.jarvana.com/jarvana/view/com/liferay/portal/portal-impl/6.0.5/portal-impl-6.0.5-sources.jar!/com/liferay/portal/security/ntlm/NetlogonConnection.java?format=ok

so problem is somewhere in filling netrServerAuthenticate3 object by dcerpcHandle.sendrecv(netrServerAuthenticate3); "


Appreciate your help.
thumbnail
David H Nebinger, 7 Jaren geleden aangepast.
RE: NTLM authentication not working in Liferay 7
Liferay Legend Berichten: 14933 Aanmelddatum: 2-9-06 Recente berichten
that's just the network mask/network ip form, it looks valid.

Pinging the server is not enough, it just means you have a network path to the host.

But it doesn't say anything about the ports you can access on the path. The port could be blocked on the server or on the host.

The reference you are looking at is a low level analysis of the responses being returned; a mask of 0.0.0.0/ip is not nulls getting inserted into the binary stream.
Roshan Qureshi, 7 Jaren geleden aangepast.
RE: NTLM authentication not working in Liferay 7
Regular Member Berichten: 159 Aanmelddatum: 24-8-10 Recente berichten
David H Nebingerthat's just the network mask/network ip form, it looks valid.

Pinging the server is not enough, it just means you have a network path to the host.

But it doesn't say anything about the ports you can access on the path. The port could be blocked on the server or on the host.

The reference you are looking at is a low level analysis of the responses being returned; a mask of 0.0.0.0/ip is not nulls getting inserted into the binary stream.


We checked everything and we are able to ping the controller IP but NOT ABLE TO telnet CONTROLLER (domain) on port 389.  Is it required?

Thanks
thumbnail
Christoph Rabel, 7 Jaren geleden aangepast.
RE: NTLM authentication not working in Liferay 7
Liferay Legend Berichten: 1555 Aanmelddatum: 24-9-09 Recente berichten
389 is ldap, I don't think that's relevant for NTLM. Well, it is indirectly relevant for AD authentication and user import, but I don't think it is relevant for your current error.

I don't know which ports are required, I would check with a network sniffer like tcpdump (on Linux), which ports it tries to access. Or I would ask the firewall people, they should see the connections.

If I'd to guess, I would try port 445 (SMemoticon and then maybe 88 (Kerberos).
https://support.microsoft.com/en-us/help/179442/how-to-configure-a-firewall-for-domains-and-trusts
Roshan Qureshi, 7 Jaren geleden aangepast.
RE: NTLM authentication not working in Liferay 7
Regular Member Berichten: 159 Aanmelddatum: 24-8-10 Recente berichten
Thanks

I am agree with you. Let me check the ports with telnet
thumbnail
Karthik Nainupatruni, 6 Jaren geleden aangepast.
RE: NTLM authentication not working in Liferay 7
Junior Member Berichten: 28 Aanmelddatum: 5-5-15 Recente berichten
Hi ,
I have enabled NTLM in Liferay 7.2.1 CE ga2 but i am getting the below error
Anyone have faced the similar issue? 
Configuration:Domain Controller = XXX.XXX.XXX(AD IP)Domain Controller Name =Host name of AD Domain = XXX.comException:2020-01-14 10:52:18.669 ERROR [http-nio-8080-exec-3][NtlmFilter:304] Unable to perform NTLM authenticationcom.liferay.portal.security.sso.ntlm.internal.NtlmLogonException: Session key negotiation failed 
thumbnail
Andrew Jardine, 6 Jaren geleden aangepast.
RE: NTLM authentication not working in Liferay 7
Liferay Legend Berichten: 2416 Aanmelddatum: 22-12-10 Recente berichten
I remember seeing this happen a loooooooooooong time ago and I don't remember all the specifics but I think it had something to do with the account that was specified to establish the connection to NTLM. The credentials you have specified for the connection, are they for a "system account" or for a "regular user account". It was something to do with that if my memory serves me right (disclaimer: this was a really long time ago and I have a hard time remembering what I had for dinner last night emoticon)
thumbnail
Karthik Nainupatruni, 6 Jaren geleden aangepast.
RE: NTLM authentication not working in Liferay 7
Junior Member Berichten: 28 Aanmelddatum: 5-5-15 Recente berichten
Thanks , it was user account and we have replaced those credentials with Computer/System account ,Now it is working fine, in IE browser.
But how could we customize the NTLMFilter to make it work on chrome? 
thumbnail
Karthik Nainupatruni, 6 Jaren geleden aangepast.
RE: NTLM authentication not working in Liferay 7
Junior Member Berichten: 28 Aanmelddatum: 5-5-15 Recente berichten
i have commented the Browsersniffer code in NTLFilter.java class , it is working fine in chrome browser
​​​​​​​In liferay 7.2 .1 ga2 by customizing the core  portal-security-sso-ntlm-impl  module