AD Authentication

vatechguy's Avatar

vatechguy

20 Mar, 2014 03:42 PM

So we've set up AD Auth with hglab 1.3.4 on a Windows 2008 R2 server in a Windows 2008 domain.
We've set up the LDAP authentication catalog - but can't figure out how to actually provision a user in the system?

If I attempt to "Signup" with an AD account - I get this error:

Signup Closed
Please consult Conclusive Mecurial Server Administrators.

What am I missing?

  1. Support Staff 1 Posted by Anton Gogolev on 20 Mar, 2014 03:53 PM

    Anton Gogolev's Avatar

    Adam,

    Just try signing in with your domain credentials. That's the way it's
    supposed to work, sorry for the lack of documentation on that part.

  2. 2 Posted by vatechguy on 20 Mar, 2014 03:56 PM

    vatechguy's Avatar

    Yeah - so when i try that, I see the authentication succeed on the DC - but it still doesn't let me in. ???

    I get Event 4624 Logon events from my user account on the local DC:

    An account was successfully logged on.

    Subject:
    Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0

    Logon Type: 3

    New Logon:
    Security ID: DOMAIN\hgtest Account Name: hgtest Account Domain: DOMAIN

    Process Information:
    Process ID: 0x0 Process Name: -

    Network Information:
    Workstation Name: Server1 Source Network Address: 192.168.1.5 Source Port: 50025

    Detailed Authentication Information:
    Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V2 Key Length: 128

    On the HGLab server the user sees this:

    Could not sign in to HgLab
    We didn't recognize the username or password you entered. Please try again.

  3. Support Staff 3 Posted by Anton Gogolev on 20 Mar, 2014 03:59 PM

    Anton Gogolev's Avatar

    Adam,

    Could you please open up <HGLAB_HOME_DIRECTORY>\logs to see if there's anything fishy in global-2014-03-20.txt?

  4. 4 Posted by vatechguy on 20 Mar, 2014 04:02 PM

    vatechguy's Avatar

    This give us any ideas?

    11:52:38.2229 - Error - - HgLab.Core.Framework.Persistence.Transaction - could not commit transaction on an owned sessionNHibernate.Exceptions.GenericADOException: could not execute batch command.[SQL: SQL not available] ---> System.Data.SqlClient.SqlException: Cannot insert the value NULL into column 'PersonalToken', table 'hglab.dbo.User'; column does not allow nulls. INSERT fails.
    The statement has been terminated.
    at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action1 wrapCloseInAction) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose) at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady) at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString) at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async, Int32 timeout, Task& task, Boolean asyncWrite, SqlDataReader ds) at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, TaskCompletionSource1 completion, Int32 timeout, Task& task, Boolean asyncWrite) at System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(TaskCompletionSource1 completion, String methodName, Boolean sendToPipe, Int32 timeout, Boolean asyncWrite) at System.Data.SqlClient.SqlCommand.ExecuteNonQuery() at System.Data.SqlClient.SqlCommandSet.ExecuteNonQuery() at NHibernate.AdoNet.SqlClientBatchingBatcher.DoExecuteBatch(IDbCommand ps) in d:\CSharp\NH\NH\nhibernate\src\NHibernate\AdoNet\SqlClientBatchingBatcher.cs:line 93 --- End of inner exception stack trace --- at NHibernate.AdoNet.SqlClientBatchingBatcher.DoExecuteBatch(IDbCommand ps) in d:\CSharp\NH\NH\nhibernate\src\NHibernate\AdoNet\SqlClientBatchingBatcher.cs:line 104 at NHibernate.AdoNet.AbstractBatcher.ExecuteBatchWithTiming(IDbCommand ps) in d:\CSharp\NH\NH\nhibernate\src\NHibernate\AdoNet\AbstractBatcher.cs:line 437 at NHibernate.AdoNet.AbstractBatcher.ExecuteBatch() in d:\CSharp\NH\NH\nhibernate\src\NHibernate\AdoNet\AbstractBatcher.cs:line 421 at NHibernate.Engine.ActionQueue.ExecuteActions() in d:\CSharp\NH\NH\nhibernate\src\NHibernate\Engine\ActionQueue.cs:line 170 at NHibernate.Event.Default.AbstractFlushingEventListener.PerformExecutions(IEventSource session) in d:\CSharp\NH\NH\nhibernate\src\NHibernate\Event\Default\AbstractFlushingEventListener.cs:line 253 at NHibernate.Event.Default.DefaultFlushEventListener.OnFlush(FlushEvent event) in d:\CSharp\NH\NH\nhibernate\src\NHibernate\Event\Default\DefaultFlushEventListener.cs:line 20 at NHibernate.Impl.SessionImpl.Flush() in d:\CSharp\NH\NH\nhibernate\src\NHibernate\Impl\SessionImpl.cs:line 1487 at NHibernate.Transaction.AdoTransaction.Commit() in d:\CSharp\NH\NH\nhibernate\src\NHibernate\Transaction\AdoTransaction.cs:line 190 at HgLab.Core.Framework.Persistence.Transaction.CommitOwnedTransaction(ISessionFactory sessionFactory, Boolean ownedSession) in d:\projects\hglab\src\HgLab.Core\Framework\Persistence\Transaction.cs:line 115 at NHibernate.AdoNet.SqlClientBatchingBatcher.DoExecuteBatch(IDbCommand ps) in d:\CSharp\NH\NH\nhibernate\src\NHibernate\AdoNet\SqlClientBatchingBatcher.cs:line 104 at NHibernate.AdoNet.AbstractBatcher.ExecuteBatchWithTiming(IDbCommand ps) in d:\CSharp\NH\NH\nhibernate\src\NHibernate\AdoNet\AbstractBatcher.cs:line 437 at NHibernate.AdoNet.AbstractBatcher.ExecuteBatch() in d:\CSharp\NH\NH\nhibernate\src\NHibernate\AdoNet\AbstractBatcher.cs:line 421 at NHibernate.Engine.ActionQueue.ExecuteActions() in d:\CSharp\NH\NH\nhibernate\src\NHibernate\Engine\ActionQueue.cs:line 170 at NHibernate.Event.Default.AbstractFlushingEventListener.PerformExecutions(IEventSource session) in d:\CSharp\NH\NH\nhibernate\src\NHibernate\Event\Default\AbstractFlushingEventListener.cs:line 253 at NHibernate.Event.Default.DefaultFlushEventListener.OnFlush(FlushEvent event) in d:\CSharp\NH\NH\nhibernate\src\NHibernate\Event\Default\DefaultFlushEventListener.cs:line 20 at NHibernate.Impl.SessionImpl.Flush() in d:\CSharp\NH\NH\nhibernate\src\NHibernate\Impl\SessionImpl.cs:line 1487 at NHibernate.Transaction.AdoTransaction.Commit() in d:\CSharp\NH\NH\nhibernate\src\NHibernate\Transaction\AdoTransaction.cs:line 190 at HgLab.Core.Framework.Persistence.Transaction.CommitOwnedTransaction(ISessionFactory sessionFactory, Boolean ownedSession) in d:\projects\hglab\src\HgLab.Core\Framework\Persistence\Transaction.cs:line 115 11:52:38.2797 - Error - - HgLab.Core.ApplicationServices.Impl.MembershipManagerService - could not sign inNHibernate.Exceptions.GenericADOException: could not execute batch command.[SQL: SQL not available] ---> System.Data.SqlClient.SqlException: Cannot insert the value NULL into column 'PersonalToken', table 'hglab.dbo.User'; column does not allow nulls. INSERT fails. The statement has been terminated. at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action1 wrapCloseInAction) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose) at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady) at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString) at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async, Int32 timeout, Task& task, Boolean asyncWrite, SqlDataReader ds) at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, TaskCompletionSource1 completion, Int32 timeout, Task& task, Boolean asyncWrite) at System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(TaskCompletionSource1 completion, String methodName, Boolean sendToPipe, Int32 timeout, Boolean asyncWrite) at System.Data.SqlClient.SqlCommand.ExecuteNonQuery() at System.Data.SqlClient.SqlCommandSet.ExecuteNonQuery() at NHibernate.AdoNet.SqlClientBatchingBatcher.DoExecuteBatch(IDbCommand ps) in d:\CSharp\NH\NH\nhibernate\src\NHibernate\AdoNet\SqlClientBatchingBatcher.cs:line 93 --- End of inner exception stack trace --- at NHibernate.AdoNet.SqlClientBatchingBatcher.DoExecuteBatch(IDbCommand ps) in d:\CSharp\NH\NH\nhibernate\src\NHibernate\AdoNet\SqlClientBatchingBatcher.cs:line 104 at NHibernate.AdoNet.AbstractBatcher.ExecuteBatchWithTiming(IDbCommand ps) in d:\CSharp\NH\NH\nhibernate\src\NHibernate\AdoNet\AbstractBatcher.cs:line 437 at NHibernate.AdoNet.AbstractBatcher.ExecuteBatch() in d:\CSharp\NH\NH\nhibernate\src\NHibernate\AdoNet\AbstractBatcher.cs:line 421 at NHibernate.Engine.ActionQueue.ExecuteActions() in d:\CSharp\NH\NH\nhibernate\src\NHibernate\Engine\ActionQueue.cs:line 170 at NHibernate.Event.Default.AbstractFlushingEventListener.PerformExecutions(IEventSource session) in d:\CSharp\NH\NH\nhibernate\src\NHibernate\Event\Default\AbstractFlushingEventListener.cs:line 253 at NHibernate.Event.Default.DefaultFlushEventListener.OnFlush(FlushEvent event) in d:\CSharp\NH\NH\nhibernate\src\NHibernate\Event\Default\DefaultFlushEventListener.cs:line 20 at NHibernate.Impl.SessionImpl.Flush() in d:\CSharp\NH\NH\nhibernate\src\NHibernate\Impl\SessionImpl.cs:line 1487 at NHibernate.Transaction.AdoTransaction.Commit() in d:\CSharp\NH\NH\nhibernate\src\NHibernate\Transaction\AdoTransaction.cs:line 190 at HgLab.Core.Framework.Persistence.Transaction.CommitOwnedTransaction(ISessionFactory sessionFactory, Boolean ownedSession) in d:\projects\hglab\src\HgLab.Core\Framework\Persistence\Transaction.cs:line 126 at HgLab.Core.Framework.Persistence.Transaction.Commit(ISessionFactory sessionFactory, Boolean ownedTransaction, Boolean ownedSession) in d:\projects\hglab\src\HgLab.Core\Framework\Persistence\Transaction.cs:line 107 at HgLab.Core.Framework.Persistence.Transaction.Commit() in d:\projects\hglab\src\HgLab.Core\Framework\Persistence\Transaction.cs:line 65 at HgLab.Core.Framework.Security.LdapAuthenticationModule.Authenticate(String login, String password, AuthenticationSettings authenticationSettings) in d:\projects\hglab\src\HgLab.Core\Framework\Security\LdapAuthenticationModule.cs:line 205 at HgLab.Core.ApplicationServices.Impl.MembershipManagerService.Signin(String login, String password) in d:\projects\hglab\src\HgLab.Core\ApplicationServices\Impl\MembershipManagerService.cs:line 67 at NHibernate.AdoNet.SqlClientBatchingBatcher.DoExecuteBatch(IDbCommand ps) in d:\CSharp\NH\NH\nhibernate\src\NHibernate\AdoNet\SqlClientBatchingBatcher.cs:line 104 at NHibernate.AdoNet.AbstractBatcher.ExecuteBatchWithTiming(IDbCommand ps) in d:\CSharp\NH\NH\nhibernate\src\NHibernate\AdoNet\AbstractBatcher.cs:line 437 at NHibernate.AdoNet.AbstractBatcher.ExecuteBatch() in d:\CSharp\NH\NH\nhibernate\src\NHibernate\AdoNet\AbstractBatcher.cs:line 421 at NHibernate.Engine.ActionQueue.ExecuteActions() in d:\CSharp\NH\NH\nhibernate\src\NHibernate\Engine\ActionQueue.cs:line 170 at NHibernate.Event.Default.AbstractFlushingEventListener.PerformExecutions(IEventSource session) in d:\CSharp\NH\NH\nhibernate\src\NHibernate\Event\Default\AbstractFlushingEventListener.cs:line 253 at NHibernate.Event.Default.DefaultFlushEventListener.OnFlush(FlushEvent event) in d:\CSharp\NH\NH\nhibernate\src\NHibernate\Event\Default\DefaultFlushEventListener.cs:line 20 at NHibernate.Impl.SessionImpl.Flush() in d:\CSharp\NH\NH\nhibernate\src\NHibernate\Impl\SessionImpl.cs:line 1487 at NHibernate.Transaction.AdoTransaction.Commit() in d:\CSharp\NH\NH\nhibernate\src\NHibernate\Transaction\AdoTransaction.cs:line 190 at HgLab.Core.Framework.Persistence.Transaction.CommitOwnedTransaction(ISessionFactory sessionFactory, Boolean ownedSession) in d:\projects\hglab\src\HgLab.Core\Framework\Persistence\Transaction.cs:line 126 at HgLab.Core.Framework.Persistence.Transaction.Commit(ISessionFactory sessionFactory, Boolean ownedTransaction, Boolean ownedSession) in d:\projects\hglab\src\HgLab.Core\Framework\Persistence\Transaction.cs:line 107 at HgLab.Core.Framework.Persistence.Transaction.Commit() in d:\projects\hglab\src\HgLab.Core\Framework\Persistence\Transaction.cs:line 65 at HgLab.Core.Framework.Security.LdapAuthenticationModule.Authenticate(String login, String password, AuthenticationSettings authenticationSettings) in d:\projects\hglab\src\HgLab.Core\Framework\Security\LdapAuthenticationModule.cs:line 205 at HgLab.Core.ApplicationServices.Impl.MembershipManagerService.Signin(String login, String password) in d:\projects\hglab\src\HgLab.Core\ApplicationServices\Impl\MembershipManagerService.cs:line 67

  5. Support Staff 5 Posted by Anton Gogolev on 20 Mar, 2014 04:10 PM

    Anton Gogolev's Avatar

    Absolutely!

    Please, update to 1.3.5 : http://download.hglabhq.com/hglab/hglab-1.3.5.msi

  6. 6 Posted by vatechguy on 20 Mar, 2014 04:24 PM

    vatechguy's Avatar

    Well, that looks much better. Seems to work fine now. Thanks!

  7. Support Staff 7 Posted by Anton Gogolev on 20 Mar, 2014 04:30 PM

    Anton Gogolev's Avatar

    Awesome! Glad I could help.

  8. Anton Gogolev closed this discussion on 20 Mar, 2014 04:30 PM.

  9. vatechguy re-opened this discussion on 20 Mar, 2014 07:16 PM

  10. 8 Posted by vatechguy on 20 Mar, 2014 07:16 PM

    vatechguy's Avatar

    Follow up question:

    Are groups from ldap refreshed in any way?
    My dev team wants to be able to assign permissions to the projects based on an LDAP group (dev_team) - but also be able to manage it solely through AD. It appears you actually have to modify each user account for permissions with hglab - is that accurate?

    So if Bob is a member of dev_team and leaves the company, I actually have to touch Bob's account in hglab to remove him from dev_team since it's not refreshing the group membership from ldap?

  11. Support Staff 9 Posted by Anton Gogolev on 20 Mar, 2014 08:10 PM

    Anton Gogolev's Avatar

    Adam,

    When signing in as an LDAP user, HgLab does refresh groups and group
    membership information; see if there are your LDAP Groups in
    /administration/groups and that Users in /administration/groups are indeed
    added to all the required groups. If this isn't the case, please, do look
    for errors in the logs: in certain scenarios HgLab is unable to retrieve
    what is called "Authorization Groups".

    That said, there's one more layer to managing who gets to access what.
    There's the thing called Team Membership which allows certain Users and
    Groups assume Roles within a Project. For example, your entire "dev_team"
    group can be added as a Team Member to one project and only a handful of
    users can be added as Team Members to some other projects.

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

Recent Discussions

21 Sep, 2019 09:28 PM
21 Aug, 2019 09:07 AM
30 Jul, 2019 08:59 PM
31 May, 2019 02:29 PM
26 Nov, 2018 01:47 PM

 

16 Nov, 2018 07:51 PM
06 Nov, 2018 04:30 PM
24 Oct, 2018 07:57 AM
20 Jul, 2018 11:07 PM
05 Jul, 2018 10:53 AM
27 May, 2018 01:33 AM