When enabling Active Directory authentication in Octopus, a user from Domain X is given, however, when trying to login, logs are looking for the user in Domain Y.
There is one way trust which lets Users in Domain X to login Domain Y.
Is there a way to tell Octopus to look in another domain other than the one belongs to the box it was installed?
Thanks in advance
the case would be similar to: https://octopus.com/docs/administration/authentication-providers/moving-active-directory-domains
However, i am not moving from domain.
So i finally found what is going on in here.
I need to get users logged in from Domain X.
According to OD , i need to add AD group in the given Team to get that done, however, since i cannot login with a user from Domain X, cannot search on Domain X for a user to set member of …
The user name or password is incorrect.
System.Runtime.InteropServices.COMException
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.PropertyValueCollection.PopulateList()
at System.DirectoryServices.PropertyValueCollection…ctor(DirectoryEntry entry, String propertyName)
at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer()
at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()
at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
at System.DirectoryServices.AccountManagement.PrincipalContext.ContextForType(Type t)
at System.DirectoryServices.AccountManagement.Principal.set_Name(String value)
at Octopus.Server.Extensibility.Authentication.DirectoryServices.DirectoryServices.DirectoryServicesExternalSecurityGroupLocator.FindGroups(String name)
at Octopus.Server.Extensibility.Authentication.DirectoryServices.Web.ListSecurityGroupsAction.Execute(NancyContext context, IResponseFormatter response)
at Octopus.Server.Extensibility.Extensions.Infrastructure.Web.Api.WhenEnabledActionInvoker`2.Execute(NancyContext context, IResponseFormatter response)
at Nancy.Routing.Route.<>c__DisplayClass4.b__3(Object parameters, CancellationToken context)
So, after bit more of investigation i am noticiing that adding group membership from upper trusted domain should do,… but it doesnt.
When logging using forms using domainX\user i get the odserver getting no users like that one from domainY.
2017-08-08 13:32:22.4571 5708 22 ERROR Unhandled error on request: http:/OD/api/users/login 517a236c47b64cc8a02429dba1143f38 by : The user name or password is incorrect.
Stuck in here.
Hi mario.anton,
Thanks for reaching out, I’m sorry to hear you’re having issues searching Active Directory trusted domains for users and groups in Octopus.
Could you please tell me what user account the Octopus server service is running under? Specifically if it is a domain user and also if it is a member of Domain X or Domain Y.
One option which comes to mind when troubleshooting this issue is to confirm that the Octopus service RunAs account has permissions to read the users and groups in Domain Y. Can you please refer to our PowerShell script at the Troubleshooting Active Directory document and run the PowerShell script to confirm that your account has the privileges required?
One other handy resource could be found at our Domain Groups not loading across multiple domains section which talks about granting specific permissions at the domain level for reading uses and groups.
I hope this has been of some help, I would love to hear from you if you have any further questions.
Kind Regards,
Lawrence.
HI Lawrence, finally been sorted running the service with a User belonging to the domain i want to gather groups from. thanks
Hey Mario,
I’m glad to hear it it’s all sorted! happy deployments.
Regards,
Lawrence.