Ive tried following those, using every combination.
Please note the following:
-
I can install with the Manager setting an admin for either DOMAIN1.LOCAL or DOMAIN2.LOCAL without any problems.
-
Octopus is installed on DOMAIN1.LOCAL.
Ive been switching back and forth between AD/UNP trying to get this to work.
Ive set the service to run as a dedicated AD user.
Only thing I have achieved, which indicates something is working corretly, is locking the user from DOMAIN1.LOCAL out of the AD, this user was configured to be the admin using the console swith you referred to.
I have not seen this behaviour when setting a user from DOMAIN2.LOCAL as admin.
My needs are very specific. Only users on DOMAIN2.LOCAL should be able to login.
I sense this has something to do with Octopus being on DOMAIN1.LOCAL, but thats just a guess, so its rather frustrating.
Stuff that got locked up but looked like something was right:
2014-02-05 14:44:49.9363 WARN Principal 'octopus' (Domain: 'prod.local') could not be logged on via WIN32: 0x0000052E.
System.ComponentModel.Win32Exception (0x80004005): Logon failure: unknown user name or bad password
2014-02-05 14:44:56.5574 WARN Principal 'octopus' (Domain: 'prod') could not be logged on via WIN32: 0x0000052E.
System.ComponentModel.Win32Exception (0x80004005): Logon failure: unknown user name or bad password
2014-02-05 14:46:00.8308 WARN Principal 'octopus@prod.local' (Domain: '') could not be logged on via WIN32: 0x0000052E.
System.ComponentModel.Win32Exception (0x80004005): Logon failure: unknown user name or bad password
2014-02-05 14:46:05.1707 WARN Principal 'octopus@prod.local' (Domain: '') could not be logged on via WIN32: 0x00000775.
System.ComponentModel.Win32Exception (0x80004005): The referenced account is currently locked out and may not be logged on to
2014-02-05 14:46:11.6472 WARN Principal 'octopus' (Domain: 'PROD') could not be logged on via WIN32: 0x00000775.
System.ComponentModel.Win32Exception (0x80004005): The referenced account is currently locked out and may not be logged on to
Users from DOMAIN2.LOCAL simply get an exception of pricipal not found error and i have tried all combos XXXX\chmi, XXXX.local\chmi…:
2014-02-05 14:48:30.4832 INFO A principal identifiable by 'chmi' was not found in 'pdc01.prod.local'
2014-02-05 14:48:43.2293 INFO A principal identifiable by 'chmi@xxxx' was not found in 'pdc01.prod.local'
2014-02-05 14:48:57.1707 INFO A principal identifiable by 'chmi@xxxx.local' was not found in 'pdc01.prod.local'
2014-02-05 14:47:54.1355 ERROR Unhandled error on request: http://localhost/api/users/login : Logon failure: unknown user name or bad password.
System.Runtime.InteropServices.COMException (0x8007052E): Logon failure: unknown user name or bad password.
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.PropertyValueCollection.PopulateList()
at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer()
at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()
at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate)
at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, String identityValue)
at Octopus.Server.Web.Infrastructure.Authentication.ActiveDirectoryMembership.ValidateCredentials(String username, String password) in c:\TeamCity\buildAgent\work\1116bd9da9e239fd\source\Octopus.Server\Web\Infrastructure\Authentication\ActiveDirectoryMembership.cs:line 35
at Octopus.Server.Web.Api.Actions.UserLoginAction.Execute() in c:\TeamCity\buildAgent\work\1116bd9da9e239fd\source\Octopus.Server\Web\Api\Actions\UserLoginAction.cs:line 39
at Octopus.Platform.Web.Api.Responder`1.Respond(TDescriptor options, NancyContext context) in c:\TeamCity\buildAgent\work\1116bd9da9e239fd\source\Octopus.Platform.Web\Api\Responder.cs:line 163
at System.Dynamic.UpdateDelegates.UpdateAndExecute3[T0,T1,T2,TRet](CallSite site, T0 arg0, T1 arg1, T2 arg2)
at CallSite.Target(Closure , CallSite , Object , Object , NancyContext )
at Octopus.Server.Web.Api.OctopusRestApiModule.<>c__DisplayClass5.<.ctor>b__2(Object o) in c:\TeamCity\buildAgent\work\1116bd9da9e239fd\source\Octopus.Server\Web\Api\OctopusRestApiModule.cs:line 47
at CallSite.Target(Closure , CallSite , Func`2 , Object )
at Nancy.Routing.Route.<>c__DisplayClass4.<Wrap>b__3(Object parameters, CancellationToken context)