Octopus Active Directory domain trusts

support

(Spencer Owen) #1

I have two domains with a 1 way trust

Domain A
Domain B

The users are located in Domain A
The octopus server is installed Domain B

There is a 1 way trust where Domain B trusts Domain A

B -> A

After many days of troubleshooting, here is how I got it to work

1.Change octopus auth to other domain

.\Octopus.Server.exe service --stop
.\Octopus.Server.exe configure --activeDirectoryContainer "DC=example,DC=com"
.\Octopus.Server.exe service --start

Its best to be as specific as possible when setting the activeDirectoryContainer, however if you are too specific, you will find you wont be able to search for groups (see Add Users by active directory group)

.\Octopus.Server.exe configure --activeDirectoryContainer "OU=foobar,DC=example,DC=com"

2. Services.msc -> Change the user octopus runs as to be a user in the domain where you want to pull users from (Domain A in my case)

08

3. Grant full permissions to that user to C:\Octopus
4. Grant full permissions to that user to C:\Program Files \Octopus

32

5. If you are using SqlExpress, and windows authentication, you also need to make that service account a db_owner on the database (not sure this is required)

6. You may need to use the full domain when logging into the octopus web interface (e.g EXAMPLE.COM\myuser)

Hopefully this helps someone else who is having trouble getting octopus deploy working with 1 way domain trusts.


Add Users by active directory group
(Lawrence Wilson) #3

Hi Spencer,
Thanks for getting in touch and providing us with your process on setting up a 1-way domain trust with an Octopus Server. Your contribution is an excellent read and entirely correct.

One thing which comes to mind in this scenario is that users from DomainB should be able to authenticate without needing to specify the domain in EAMPLE.COM\myuser. While users from DomainA will still need to include the Domain.

Please check out our documentation on Active Directory trusted domains for more information.

Kind regards,
Lawrence.