LDAP Auth Failing

Jonah Simpson's Avatar

Jonah Simpson

10 Sep, 2013 10:16 PM

Hi!

I've been working with my local IT Expert to get LDAP Auth working and I've had no luck. I've confirmed the settings are correct and even validated the settings with a couple different approaches to authenticating against LDAP via the C# API in Directory Services.

Our HgLab machine is in the cloud (and not on the Domain it's authenticating against) and connecting to the Active Directory Server back over VPN. I've confirmed that HgLab hits the Active Directory server and the log on the Active Directory server states "unknown user/password"

Based on the stack trace from the HgLab logs that I get when messing about with values, here's some similar (?) code that correctly Authenticates and returns a UserPrincipal against our Active Directory setup.

var bindUsername = @"na\jonah.simpson";
var loginUsername = @"jonah.simpson";

var activeDirectoryServerAddress = string.Format("{0}:{1}", activeDirectoryServerIp, activeDirectoryServerPort);
// If I use the following line to create the PrincipalContext then I can successfully authenticate
var pc = new PrincipalContext(ContextType.Domain, activeDirectoryServerAddress, container, bindUsername, bindPassword);
// If use the following line to create the PrincipalContext then I get the unknown user/password line
// var pc = new PrincipalContext(ContextType.Domain, activeDirectoryServerAddress, container);

// If loginUsername is na\jonah.simpson instead of jonah.simpson then I get the unknown user/password exception
var authenticated = pc.ValidateCredentials(loginUsername, loginPassword);
if (authenticated)
{
    var up = UserPrincipal.FindByIdentity(pc, loginUsername);
    var emailAddress = up.EmailAddress;
}

Here's the stack from the global log

23:12:35.2246 - Error -            - HgLab.Core.ApplicationServices.Impl.MembershipManagerService - could not sign inSystem.DirectoryServices.DirectoryServicesCOMException (0x8007052E): Logon failure: unknown user name or bad password.


at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject() at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) at System.DirectoryServices.DirectorySearcher.FindOne() at HgLab.Core.Framework.Security.LdapAuthenticationModule.GetAuthorizationGroups(String samAccountName) in d:\projects\hglab\src\HgLab.Core\Framework\Security\LdapAuthenticationModule.cs:line 168 at HgLab.Core.Framework.Security.LdapAuthenticationModule.Authenticate(String login, String password, AuthenticationSettings authenticationSettings) in d:\projects\hglab\src\HgLab.Core\Framework\Security\LdapAuthenticationModule.cs:line 125 at HgLab.Core.ApplicationServices.Impl.MembershipManagerService.Signin(String login, String password) in d:\projects\hglab\src\HgLab.Core\ApplicationServices\Impl\MembershipManagerService.cs:line 48 at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject() at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) at System.DirectoryServices.DirectorySearcher.FindOne() at HgLab.Core.Framework.Security.LdapAuthenticationModule.GetAuthorizationGroups(String samAccountName) in d:\projects\hglab\src\HgLab.Core\Framework\Security\LdapAuthenticationModule.cs:line 168 at HgLab.Core.Framework.Security.LdapAuthenticationModule.Authenticate(String login, String password, AuthenticationSettings authenticationSettings) in d:\projects\hglab\src\HgLab.Core\Framework\Security\LdapAuthenticationModule.cs:line 125 at HgLab.Core.ApplicationServices.Impl.MembershipManagerService.Signin(String login, String password) in d:\projects\hglab\src\HgLab.Core\ApplicationServices\Impl\MembershipManagerService.cs:line 48

Any ideas?

Thanks in advance!

  1. Support Staff 1 Posted by Anton Gogolev on 23 Sep, 2013 10:36 AM

    Anton Gogolev's Avatar

    Jonah,

    Apologies for the delay and thanks for the investigation.

    Could you please verify what happens if you create your PrincipalContext like this:

    var pc = new PrincipalContext(ContextType.Domain, activeDirectoryServerAddress, container, 
        ContextOptions.Negotiate, // This one
        bindUsername, bindPassword);
    
  2. 2 Posted by Jonah Simpson on 23 Sep, 2013 03:51 PM

    Jonah Simpson's Avatar

    The context is created successfully (same as omitting the
    ContextOptions.Negotiate parameter)

  3. Support Staff 3 Posted by Anton Gogolev on 24 Sep, 2013 12:32 PM

    Anton Gogolev's Avatar

    Jonah,

    Could you please try replacing two files in \bin directory with these two (they are for 0.3.10, so you'll need to upgrade if you're running an older version) and see if this helps.

    Password for the archive is hglab

  4. 4 Posted by Jonah Simpson on 24 Sep, 2013 02:56 PM

    Jonah Simpson's Avatar

    Authentication successful!

    Thanks Anton!

  5. Support Staff 5 Posted by Anton Gogolev on 24 Sep, 2013 03:03 PM

    Anton Gogolev's Avatar

    Always glad to help, Jonah. Cheers!

  6. 6 Posted by Chris Bourque on 02 Oct, 2013 07:36 PM

    Chris Bourque's Avatar

    This comment was split into a new discussion: LDAP Auth failing for Global Catalog

    Hi Jonah, I think I need this patch as well. However, there is a password on the zip file in this thread. Can you please share the password or post a zip without a password?

    Thanks

  7. 7 Posted by Chris Bourque on 02 Oct, 2013 07:37 PM

    Chris Bourque's Avatar

    Nevermind, I guess the password on my first attempt and it worked.

  8. Support Staff 8 Posted by Anton Gogolev on 02 Oct, 2013 07:40 PM

    Anton Gogolev's Avatar

    Chris,

    I assume the patch did work?

  9. 9 Posted by Chris Bourque on 02 Oct, 2013 10:20 PM

    Chris Bourque's Avatar

    Actually, no it did not work. I still face the same problem.

    15:48:12.1837 - Debug - - HgLab.Core.Framework.Security.LdapAuthenticationModule - attempting to sign in 'userxyz' using 'Company AD'
    15:48:12.2157 - Debug - - HgLab.Core.Framework.Security.LdapAuthenticationModule - connecting to LDAP server at 'ldap.company.com:3268' with base container 'DC=company,DC=com'
    15:48:12.2387 - Warn - - HgLab.Core.Framework.Security.LdapAuthenticationModule - could not find user by identitySystem.DirectoryServices.AccountManagement.PrincipalOperationException: A local error has occurred.
     ---> System.DirectoryServices.DirectoryServicesCOMException: A local error has occurred.

       at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
       at System.DirectoryServices.DirectoryEntry.Bind()
       at System.DirectoryServices.DirectoryEntry.get_SchemaEntry()
       at System.DirectoryServices.AccountManagement.ADStoreCtx.IsContainer(DirectoryEntry de)
       at System.DirectoryServices.AccountManagement.ADStoreCtx..ctor(DirectoryEntry ctxBase, Boolean ownCtxBase, String username, String password, ContextOptions options)
       at System.DirectoryServices.AccountManagement.PrincipalContext.CreateContextFromDirectoryEntry(DirectoryEntry entry)
       at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInit()
       --- End of inner exception stack trace ---
       at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInit()
       at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()
       at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
       at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()
       at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate)
       at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, String identityValue)
       at HgLab.Core.Framework.Security.LdapAuthenticationModule.Authenticate(String login, String password, AuthenticationSettings authenticationSettings) in d:\projects\hglab\src\HgLab.Core\Framework\Security\LdapAuthenticationModule.cs:line 107 at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInit()
       at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()
       at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
       at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()
       at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate)
       at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, String identityValue)
       at HgLab.Core.Framework.Security.LdapAuthenticationModule.Authenticate(String login, String password, AuthenticationSettings authenticationSettings) in d:\projects\hglab\src\HgLab.Core\Framework\Security\LdapAuthenticationModule.cs:line 107
    15:48:22.2967 - Error - - HgLab.Core.Framework.Appcast.AppcastManager - could not check for updatesSystem.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 46.173.209.0:80
       at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
       at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception)
       --- End of inner exception stack trace ---
       at System.Net.WebClient.DownloadFile(Uri address, String fileName)
       at HgLab.Core.Framework.Appcast.AppcastManager.DiscoverUpdates(String appcastFeedUrl, Version currentVersion) in d:\projects\hglab\src\HgLab.Core\Framework\Appcast\AppcastManager.cs:line 42 at System.Net.WebClient.DownloadFile(Uri address, String fileName)
       at HgLab.Core.Framework.Appcast.AppcastManager.DiscoverUpdates(String appcastFeedUrl, Version currentVersion) in d:\projects\hglab\src\HgLab.Core\Framework\Appcast\AppcastManager.cs:line 42

  10. Support Staff 10 Posted by Anton Gogolev on 03 Oct, 2013 06:01 AM

    Anton Gogolev's Avatar

    Chris,

    What are the Windows versions on your domain controller and on the server HgLab is running on?

    On 03.10.2013, at 2:20, "Chris Bourque" <[email blocked]> wrote:

  11. 11 Posted by Chris Bourque on 07 Oct, 2013 02:05 PM

    Chris Bourque's Avatar

    Both are Windows Server 2008. I am trying to bind to an Active Directory Global Catalog. Thanks

  12. Support Staff 12 Posted by Anton Gogolev on 08 Oct, 2013 01:38 PM

    Anton Gogolev's Avatar

    Chris,

    Aha, so Global Catalog seems to be the thing I'm not supporting properly. I'll try and resolve the issue.

    Thanks for the report!

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

Recent Discussions

26 Nov, 2018 01:47 PM
16 Nov, 2018 07:51 PM
06 Nov, 2018 04:30 PM
24 Oct, 2018 07:57 AM
20 Jul, 2018 11:07 PM

 

05 Jul, 2018 10:53 AM
27 May, 2018 01:33 AM
14 May, 2018 03:38 PM
04 May, 2018 07:45 AM
28 Feb, 2018 07:08 AM
08 Feb, 2018 03:16 PM