Great news, we’ve had issues getting this to work in our environment as well. Any idea when a stable release will be published?
Hi Brent,
We’ll get a new RC out this week I think; RTW should not be too far behind.
Regards,
Nick
Igor/Brent, it turns out that the .NET LDAP provider will accept any credentials in cases where “Guest” login is enabled on the domain.
I’ve posted some information here: https://github.com/OctopusDeploy/Issues/issues/544
If you are affected please let me know (looking for any positive confirmation that we have the right cause). We’ll be changing the way we configure authentication in the next version, I’ll post details here when it is available.
Regards,
Nick
#544 metioned above is now fixed in 2.0.10.1066 - if you’re using the 2.0.10.1059 build, upgrading is strongly advised.
The new build is more conservative in how it authenticates users than the previous one- if you have any authentication trouble with it, please send the relevant output from the OctopusServer.txt log file. Thanks!
Hi
Im having a similar problem.
However i do not know a lot about AD.
We have 2 domains:
xxx.yyyy.local - where the octopus server is installed
xxx.zzzz.local - where im located
My user normally logins with zzzz\chmi in both domains.
I did a fresh install of Octopus, specifying username without domain as: chmi
Looking at the raven db my user is registered as zzzz\chmi which is good.
Looking at the log I get:
2014-01-22 12:34:36.0347 INFO A principal identifiable by ‘chmi@zzzz.local’ was not found in 'xxx.yyyy.local’
2014-01-22 12:34:40.9802 INFO A principal identifiable by ‘chmi@zzzz’ was not found in 'xxx.yyyy.local’
2014-01-22 12:34:44.6620 INFO A principal identifiable by ‘chmi’ was not found in 'xxx.yyyy.local’
2014-01-22 12:34:49.8103 INFO A principal identifiable by ‘chmi’ was not found in 'xxx.yyyy.local’
2014-01-22 12:34:56.7995 ERROR Unhandled error on request: http://xxxx.yyyy.local/api/users/login : Logon failure: unknown user name or bad password.
System.Runtime.InteropServices.COMException (0x8007052E): Logon failure: unknown user name or bad password.
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.PropertyValueCollection.PopulateList()
at System.DirectoryServices.PropertyValueCollection…ctor(DirectoryEntry entry, String propertyName)
at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer()
at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()
at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable1 identityType, String identityValue, DateTime refDate) at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, String identityValue) at Octopus.Server.Web.Infrastructure.Authentication.ActiveDirectoryMembership.ValidateCredentials(String username, String password) in c:\TeamCity\buildAgent\work\1116bd9da9e239fd\source\Octopus.Server\Web\Infrastructure\Authentication\ActiveDirectoryMembership.cs:line 35 at Octopus.Server.Web.Api.Actions.UserLoginAction.Execute() in c:\TeamCity\buildAgent\work\1116bd9da9e239fd\source\Octopus.Server\Web\Api\Actions\UserLoginAction.cs:line 39 at Octopus.Platform.Web.Api.Responder1.Respond(TDescriptor options, NancyContext context) in c:\TeamCity\buildAgent\work\1116bd9da9e239fd\source\Octopus.Platform.Web\Api\Responder.cs:line 163
at System.Dynamic.UpdateDelegates.UpdateAndExecute3[T0,T1,T2,TRet](CallSite site, T0 arg0, T1 arg1, T2 arg2)
at CallSite.Target(Closure , CallSite , Object , Object , NancyContext )
at Octopus.Server.Web.Api.OctopusRestApiModule.<>c__DisplayClass5.<.ctor>b__2(Object o) in c:\TeamCity\buildAgent\work\1116bd9da9e239fd\source\Octopus.Server\Web\Api\OctopusRestApiModule.cs:line 47
at CallSite.Target(Closure , CallSite , Func`2 , Object )
at Nancy.Routing.Route.<>c__DisplayClass4.b__3(Object parameters, CancellationToken context)
2014-01-22 12:35:21.2305 ERROR Error when running scheduled task: CheckForOctopusUpgrades
System.Net.WebException: Unable to connect to the remote server —> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond xx.yy.zz.vv
at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception)
— End of inner exception stack trace —
at System.Net.WebClient.DownloadDataInternal(Uri address, WebRequest& request)
at System.Net.WebClient.DownloadString(Uri address)
at Octopus.Server.Schedules.CheckForOctopusUpgrades.CheckForUpdates() in c:\TeamCity\buildAgent\work\1116bd9da9e239fd\source\Octopus.Server\Schedules\CheckForOctopusUpgrades.cs:line 87
at Octopus.Server.Schedules.CheckForOctopusUpgrades.Trigger() in c:\TeamCity\buildAgent\work\1116bd9da9e239fd\source\Octopus.Server\Schedules\CheckForOctopusUpgrades.cs:line 68
at Octopus.Server.Schedules.Scheduler.RunTask(IRunOnASchedule task) in c:\TeamCity\buildAgent\work\1116bd9da9e239fd\source\Octopus.Server\Schedules\Scheduler.cs:line 83
2014-01-22 12:35:26.6908 INFO Starting health check for all environments.
So I tried to install 2.0.10.1052 and got the same result.
Is this related or am I missing an important AD point?
Forget it.
I think its an additional firewall in our system.
Everything works if I install it locally on my own machine.
I will have to get a hold of Ops and use some hours/days to get the access rights.
Sry for the trouble.
Hi Nick,
it turns out that the .NET LDAP provider will accept any credentials in cases where “Guest” login is enabled on the domain.
I our case it does not accept any credentials, but it does accept a valid user name with an arbitrary password and reject invalid user names.
“Guest” logins are disabled in every domain, Octopus 2.0.10.1059.
Octopus v2.0.10.1066 fixed the issue with accepting existing users with wrong passwords.
Thanks for the follow-up Igor, very glad to hear 1066 is working as it should.
I’m confused… when you try to enable domain authentication the installation program never asks for the domain.
When I chose domain integration it found my account. but I still cannot login when choosing this option at all.
Here is the message I’m getting from octopus server when starting it in debug mode:
PS C:\Program Files\Octopus Deploy\Octopus> .\Octopus.Server.exe run
Octopus Deploy: Server version 2.0.13.1100
Browse your Octopus server at: http://localhost:80/
You can browse the RavenDB server at: http://localhost:10931/
Resolving for Pipefish.Hosting.ActivitySpace
Adding certificate to store
Distribution service listening on: 10943
Web server is ready to process requests
Running. Press to shut down…
Principal ‘thom_schumacher@Mydomain.com’ (Domain: ‘’) could not be logged on via WIN32: 0x0000052E.
System.ComponentModel.Win32Exception (0x80004005): The user name or password is incorrect
Starting health check for all environments.
There are no active machines to check.
Ok after I set the service to login as an Account in the domain things are now working for me.