AD user mixed up

Dave_Tremblay · 9 November 2016 16:57

Hi,
I’m trying to do some test with Teams in Octopus Server and I have to domain account:
firstname.lastname@domain.com
firstname_lastname@domain.com

One of these account is admin while the other have some access on few projects only. Whatever account I’m using, I’m always having the Administrator rights in Octopus server. When I’m looking at the acticity of my profile, it’s always the account firstname_lastname@domain.com that is listed. It looks like Octopus Server is always seeing me as the same user. I’m doing my test on the same machine.

Thanks

Shannon_Lewis · 10 November 2016 01:55

Hi Dave,

Thanks for getting in touch. Sorry to hear you’re having difficulties, I’m not an Active Directory expert but will do my best to help. I’ve had an initial attempt at trying to reproduce this behaviour but as yet haven’t been able to. To help with troubleshooting could I just confirm which version of Octopus Deploy you are using?

Handling of user lookup on login changed slightly in 3.5. So, if you are using 3.5.* then we now attempt to locate existing Octopus Deploy user records based on UPN, then samAccountName and then Email Address (prior to 3.5 we only compared UPN, which caused problems with domain migrations or other scenarios where existing user UPNs changed).

Could I also check which login mechanism you are using? i.e. do you log in to the machine as the different user and then use the Ntlm challenge link or do you use the username/password fields on Octopus Deploy UI? Either of those should work, but the mechanics are different so it could play into it somehow.

Regards
Shannon

Dave_Tremblay · 10 November 2016 13:31

Hi Shannon,

I am currently using the 3.5.1 version of Octopus Deploy. I tried both method of authentication: Entering credentials and NTLM challenge link.

In our setup, we are not using NTLM; we are using Kerberos.

I don’t know if it could help but the display name of both accounts are almost the same: “Dave Tremblay” vs “Dave Tremblay Admin”.

No matter what account I’m using, I’m always authenticated as “Dave Tremblay Admin”. Both accounts are using the same email address so perhaps this is the issue according to what you are saying. I’m will try to remove it to see if it helps.

Update: So before sending this mail, I tried and now the authentication works. The issue was the email that was the same.

Thanks for explaining the mechanism. It helped me to pinpoint the issue.

[Signature]

De : Shannon Lewis [mailto:tender2+d294db1432@tenderapp.com]
Envoyé : 9 novembre 2016 20:55
À : Dave Tremblay dave.tremblay@ubisoft.com
Objet : Re: AD user mixed up [Problems #48795]

Shannon_Lewis · 10 November 2016 22:13

Hi Dave,

No problems, glad I could help and that you were able to track down the issue.

Happy deployments
Shannon