HI,
I have octopus Deploy on domain 1 but I need users from both Domain 1 and domain 2 to have access to the Octopus Deploy URL
I have a two trust between the two domains but users from Domain 2 are still unable to logon.
I have tried the suggestion located on
and
http://help.octopusdeploy.com/discussions/problems/32847-multiple-domain-issue
Please can you offer any advise
Hi,
Your scenario should work, but there are unfortunately many reasons why it may not be. Let’s see if we can figure out why it isn’t.
Which version of Octopus Deploy are you using?
Are you using the forms-based AD authentication (i.e. users type their name and password) or the integrated authentication?
Are there any relevant errors in the Octopus Server log file or the Windows Event Logs?
Which account is the Octopus service running as? If it is a domain account, which domain does it live in?
Regards,
Michael
Hi,
Version: Octopus 3.6.0
We are using the forms-based AD authentication
Octopus is running under a domain account that lives in domain 1
Error on the server:
System.DirectoryServices.AccountManagement.PrincipalOperationException: A local error has occurred.
—> System.DirectoryServices.DirectoryServicesCOMException: A local error has occurred.
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_SchemaEntry()
at System.DirectoryServices.AccountManagement.ADStoreCtx.IsContainer(DirectoryEntry de)
at System.DirectoryServices.AccountManagement.ADStoreCtx…ctor(DirectoryEntry ctxBase, Boolean ownCtxBase, String username, String password, ContextOptions options)
at System.DirectoryServices.AccountManagement.PrincipalContext.CreateContextFromDirectoryEntry(DirectoryEntry entry)
at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInit()
— End of inner exception stack trace —
at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInit()
at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()
at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable1 identityType, String identityValue, DateTime refDate) at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, String identityValue) at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, String identityValue) at Octopus.Server.Extensibility.Authentication.DirectoryServices.DirectoryServices.DirectoryServicesCredentialValidator.ValidateCredentials(String username, String password) at Octopus.Server.Extensibility.Authentication.DirectoryServices.Web.UserLoginAction.Execute(NancyContext context, IResponseFormatter response) at Octopus.Server.Extensibility.Extensions.Infrastructure.Web.Api.WhenEnabledActionInvoker2.Execute(NancyContext context, IResponseFormatter response)
at Nancy.Routing.Route.<>c__DisplayClass4.b__3(Object parameters, CancellationToken context)
OK, I have some bad news.
You cannot (currently) have users from two domains. The users must live in a single domain, and that domain must be either:
I’m sorry to have to give you this answer. If there is anything we can do to help, don’t hesitate to get in touch.
Regards,
Michael
Hi,
Is it now possible to have users from two domains if there is a two way trust between the domains?
Regards
Ndidi Amechi
Hi,
Thanks for reaching out! It is now possible to login with users from trusted domains! This was added in Octopus 3.7.7. In the ‘Add Active Directory group’ search, it will now find groups within trusted domains if you prefix the search text with the name of the domain.
Let me know if you have any further questions!
Kenny