Active Directory Authentication issues


I have a new installation of 3.1.4 (x64) where my user is unable to authenticate via AD. I am authenticating from localhost. My user is in one domain and the server in the other. I am not finding much documentation around authentication or how to switch the type of authentication you are using once installed. Unfortunately this has been a show-stopper for getting started. Will Octopus support both AD and internal Auth?

It appears I am unable to authenticate the user

2015-10-22 10:45:53.0654 13 WARN An exception was thrown while trying to establish a principal for the current request
System.Runtime.InteropServices.COMException (0x8007052E): Logon failure: unknown user name or bad password.

at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.PropertyValueCollection.PopulateList()
at System.DirectoryServices.PropertyValueCollection…ctor(DirectoryEntry entry, String propertyName)
at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer()
at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()
at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate)
at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, String identityValue)
at Octopus.Server.Web.Infrastructure.Authentication.ActiveDirectoryMembership.GetOrCreateUser(String username, Boolean& wasCreated) in Y:\work\refs\tags\3.1.4\source\Octopus.Server\Web\Infrastructure\Authentication\ActiveDirectoryMembership.cs:line 232
at Octopus.Server.Web.Infrastructure.Authentication.ActiveDirectoryMembership.GetOrCreateUser(String username) in Y:\work\refs\tags\3.1.4\source\Octopus.Server\Web\Infrastructure\Authentication\ActiveDirectoryMembership.cs:line 222
at Octopus.Server.Web.Infrastructure.Authentication.OctopusPrincipalEstablisher.GetPresentedUserIdentity(NancyContext context) in Y:\work\refs\tags\3.1.4\source\Octopus.Server\Web\Infrastructure\Authentication\OctopusPrincipalEstablisher.cs:line 97
at Octopus.Server.Web.Infrastructure.Authentication.OctopusPrincipalEstablisher.EstablishPrincipalForRequest(NancyContext context) in Y:\work\refs\tags\3.1.4\source\Octopus.Server\Web\Infrastructure\Authentication\OctopusPrincipalEstablisher.cs:line 43


Thanks for getting in touch. I’ll try to answer all of your questions as best I can!

Firstly, you can’t mix-and-match Forms Authentication (Octopus Credentials) and Active Directory Authentication (AD Credentials), you have to choose one or the other.

I’d suggest taking a look through our documentation page on Active Directory authentication. There are some details you might find useful such as:

  • Switching authentication modes after installation
  • If the server and its users are on different domains, or many domains are in use, the DOMAIN\user username format must be provided.
  • How to select the authentication scheme (Kerberos, NTLM etc)

One thing that does stand out to me from your comments is that the Octopus Server is running on a different Domain to the User you are attempting to authenticate as. Please make sure the User Account that the Octopus Server Windows Service is running as has the permissions to Query the Active Directory your Users and Groups are stored in. By default the Octopus Server Windows Service will run as the Local “System” account on the Server, you may need to change this to a domain account.

Hopefully that information helps you get up and running.