Multiple domain issue

corona_se · 16 April 2015 12:34

Octopus runs in DOMAIN1, users trying to log in are in DOMAIN2. I have tried running Octopus under Local System, and DOMAIN1\serviceaccount as well as DOMAIN2\serviceaccount.

When running under DOMAIN1 service account only user accounts in DOMAIN1 can log in and I cannot add users from DOMAIN2.

When I try to run under DOMAIN2 service account Octopus will not start.

I have created an account with same name and password in both domains to try and remedy the problem to no avail.

I have another application on the same server running under DOMAIN2\serviceaccount which can successfully authenticate DOMAIN2 users.

corona_se · 16 April 2015 14:06

Could it be because the new service account doesn’t have permissions in RavenDB that the service fails to start? (Even though the account is local admin)

Vanessa_Love · 17 April 2015 06:28

Hi,

Octopus will work with multiple AD domains IF they have their trust configured correctly. Is there any reason you are running Octopus under the domain that isn’t where the users are?
The errors as to why the service isn’t starting should be found in c:\Octopus\Logs
You can also attempt to define the AD container that octopus should use and it might help: http://docs.octopusdeploy.com/display/OD/Specifying+a+custom+container+to+use+for+AD+Authentication

Vanessa

corona_se · 18 May 2015 08:21

Because…Enterprise.

I can’t get OD to work with multiple domains still, I don’t have a real trust between the domains but I do have shadow accounts setup (identical service accounts with same password in both domains) and it still doesn’t work. Is this practice not supported by OD?

Vanessa_Love · 19 May 2015 05:34

Hi,

Did you attempt to define the container?
Can you provide the Octopus logs to see if we get any specific errors?
Do you get a specific error message and can you provide a screenshot?

Vanessa

corona_se · 20 May 2015 16:39

I did not try the container, is there a command to retrieve the current container string so that I can easily retract my change should it cause any issues?

Vanessa_Love · 22 May 2015 03:57

Hi,

When you run this command, it adds a line to your OctopusServer.config (c:\Octopus\OctopusServer\OctopusServer.config) such as <set key="Octopus.WebPortal.ActiveDirectoryContainer">CN=Users,DC=GPN,DC=COM</set>
So if you want to remove it after you can delete that line directly from the config.

Vanessa