tag:support.hglabhq.com,2012-10-18:/discussions/questions/292-ad-authenticationHgLab: Discussion 2014-05-25T09:35:46Ztag:support.hglabhq.com,2012-10-18:Comment/321879382014-03-20T15:53:25Z2014-03-20T15:53:25ZAD Authentication<div><p>Adam,</p>
<p>Just try signing in with your domain credentials. That's the way
it's<br>
supposed to work, sorry for the lack of documentation on that
part.</p></div>Anton Gogolevtag:support.hglabhq.com,2012-10-18:Comment/321879382014-03-20T15:56:08Z2014-03-20T15:56:08ZAD Authentication<div><p>Yeah - so when i try that, I see the authentication succeed on
the DC - but it still doesn't let me in. ???</p>
<p>I get Event 4624 Logon events from my user account on the local
DC:</p>
<p>An account was successfully logged on.</p>
<p>Subject:<br>
Security ID: NULL SID Account Name: - Account Domain: - Logon ID:
0x0</p>
<p>Logon Type: 3</p>
<p>New Logon:<br>
Security ID: DOMAIN\hgtest Account Name: hgtest Account Domain:
DOMAIN</p>
<p>Process Information:<br>
Process ID: 0x0 Process Name: -</p>
<p>Network Information:<br>
Workstation Name: Server1 Source Network Address: 192.168.1.5
Source Port: 50025</p>
<p>Detailed Authentication Information:<br>
Logon Process: NtLmSsp Authentication Package: NTLM Transited
Services: - Package Name (NTLM only): NTLM V2 Key Length: 128</p>
<p>On the HGLab server the user sees this:</p>
<p>Could not sign in to HgLab<br>
We didn't recognize the username or password you entered. Please
try again.</p></div>vatechguytag:support.hglabhq.com,2012-10-18:Comment/321879382014-03-20T15:59:23Z2014-03-20T15:59:23ZAD Authentication<div><p>Adam,</p>
<p>Could you please open up
<code><HGLAB_HOME_DIRECTORY>\logs</code> to see if there's
anything fishy in <code>global-2014-03-20.txt</code>?</p></div>Anton Gogolevtag:support.hglabhq.com,2012-10-18:Comment/321879382014-03-20T16:02:44Z2014-03-20T16:02:47ZAD Authentication<div><p>This give us any ideas?</p>
<p>11:52:38.2229 - Error - -
HgLab.Core.Framework.Persistence.Transaction - could not commit
transaction on an owned
sessionNHibernate.Exceptions.GenericADOException: could not execute
batch command.[SQL: SQL not available] --->
System.Data.SqlClient.SqlException: Cannot insert the value NULL
into column 'PersonalToken', table 'hglab.dbo.User'; column does
not allow nulls. INSERT fails.<br>
The statement has been terminated.<br>
at System.Data.SqlClient.SqlConnection.OnError(SqlException
exception, Boolean breakConnection, Action<code>1
wrapCloseInAction) at
System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject
stateObj, Boolean callerHasConnectionLock, Boolean asyncClose) at
System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior,
SqlCommand cmdHandler, SqlDataReader dataStream,
BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject
stateObj, Boolean& dataReady) at
System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader
ds, RunBehavior runBehavior, String resetOptionsString) at
System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior
cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean
async, Int32 timeout, Task& task, Boolean asyncWrite,
SqlDataReader ds) at
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior
cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String
method, TaskCompletionSource</code>1 completion, Int32 timeout,
Task& task, Boolean asyncWrite) at
System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(TaskCompletionSource<code>1
completion, String methodName, Boolean sendToPipe, Int32 timeout,
Boolean asyncWrite) at
System.Data.SqlClient.SqlCommand.ExecuteNonQuery() at
System.Data.SqlClient.SqlCommandSet.ExecuteNonQuery() at
NHibernate.AdoNet.SqlClientBatchingBatcher.DoExecuteBatch(IDbCommand
ps) in
d:\CSharp\NH\NH\nhibernate\src\NHibernate\AdoNet\SqlClientBatchingBatcher.cs:line
93 --- End of inner exception stack trace --- at
NHibernate.AdoNet.SqlClientBatchingBatcher.DoExecuteBatch(IDbCommand
ps) in
d:\CSharp\NH\NH\nhibernate\src\NHibernate\AdoNet\SqlClientBatchingBatcher.cs:line
104 at
NHibernate.AdoNet.AbstractBatcher.ExecuteBatchWithTiming(IDbCommand
ps) in
d:\CSharp\NH\NH\nhibernate\src\NHibernate\AdoNet\AbstractBatcher.cs:line
437 at NHibernate.AdoNet.AbstractBatcher.ExecuteBatch() in
d:\CSharp\NH\NH\nhibernate\src\NHibernate\AdoNet\AbstractBatcher.cs:line
421 at NHibernate.Engine.ActionQueue.ExecuteActions() in
d:\CSharp\NH\NH\nhibernate\src\NHibernate\Engine\ActionQueue.cs:line
170 at
NHibernate.Event.Default.AbstractFlushingEventListener.PerformExecutions(IEventSource
session) in
d:\CSharp\NH\NH\nhibernate\src\NHibernate\Event\Default\AbstractFlushingEventListener.cs:line
253 at
NHibernate.Event.Default.DefaultFlushEventListener.OnFlush(FlushEvent
event) in
d:\CSharp\NH\NH\nhibernate\src\NHibernate\Event\Default\DefaultFlushEventListener.cs:line
20 at NHibernate.Impl.SessionImpl.Flush() in
d:\CSharp\NH\NH\nhibernate\src\NHibernate\Impl\SessionImpl.cs:line
1487 at NHibernate.Transaction.AdoTransaction.Commit() in
d:\CSharp\NH\NH\nhibernate\src\NHibernate\Transaction\AdoTransaction.cs:line
190 at
HgLab.Core.Framework.Persistence.Transaction.CommitOwnedTransaction(ISessionFactory
sessionFactory, Boolean ownedSession) in
d:\projects\hglab\src\HgLab.Core\Framework\Persistence\Transaction.cs:line
115 at
NHibernate.AdoNet.SqlClientBatchingBatcher.DoExecuteBatch(IDbCommand
ps) in
d:\CSharp\NH\NH\nhibernate\src\NHibernate\AdoNet\SqlClientBatchingBatcher.cs:line
104 at
NHibernate.AdoNet.AbstractBatcher.ExecuteBatchWithTiming(IDbCommand
ps) in
d:\CSharp\NH\NH\nhibernate\src\NHibernate\AdoNet\AbstractBatcher.cs:line
437 at NHibernate.AdoNet.AbstractBatcher.ExecuteBatch() in
d:\CSharp\NH\NH\nhibernate\src\NHibernate\AdoNet\AbstractBatcher.cs:line
421 at NHibernate.Engine.ActionQueue.ExecuteActions() in
d:\CSharp\NH\NH\nhibernate\src\NHibernate\Engine\ActionQueue.cs:line
170 at
NHibernate.Event.Default.AbstractFlushingEventListener.PerformExecutions(IEventSource
session) in
d:\CSharp\NH\NH\nhibernate\src\NHibernate\Event\Default\AbstractFlushingEventListener.cs:line
253 at
NHibernate.Event.Default.DefaultFlushEventListener.OnFlush(FlushEvent
event) in
d:\CSharp\NH\NH\nhibernate\src\NHibernate\Event\Default\DefaultFlushEventListener.cs:line
20 at NHibernate.Impl.SessionImpl.Flush() in
d:\CSharp\NH\NH\nhibernate\src\NHibernate\Impl\SessionImpl.cs:line
1487 at NHibernate.Transaction.AdoTransaction.Commit() in
d:\CSharp\NH\NH\nhibernate\src\NHibernate\Transaction\AdoTransaction.cs:line
190 at
HgLab.Core.Framework.Persistence.Transaction.CommitOwnedTransaction(ISessionFactory
sessionFactory, Boolean ownedSession) in
d:\projects\hglab\src\HgLab.Core\Framework\Persistence\Transaction.cs:line
115 11:52:38.2797 - Error - -
HgLab.Core.ApplicationServices.Impl.MembershipManagerService -
could not sign inNHibernate.Exceptions.GenericADOException: could
not execute batch command.[SQL: SQL not available] --->
System.Data.SqlClient.SqlException: Cannot insert the value NULL
into column 'PersonalToken', table 'hglab.dbo.User'; column does
not allow nulls. INSERT fails. The statement has been terminated.
at System.Data.SqlClient.SqlConnection.OnError(SqlException
exception, Boolean breakConnection, Action</code>1
wrapCloseInAction) at
System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject
stateObj, Boolean callerHasConnectionLock, Boolean asyncClose) at
System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior,
SqlCommand cmdHandler, SqlDataReader dataStream,
BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject
stateObj, Boolean& dataReady) at
System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader
ds, RunBehavior runBehavior, String resetOptionsString) at
System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior
cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean
async, Int32 timeout, Task& task, Boolean asyncWrite,
SqlDataReader ds) at
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior
cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String
method, TaskCompletionSource<code>1 completion, Int32 timeout,
Task& task, Boolean asyncWrite) at
System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(TaskCompletionSource</code>1
completion, String methodName, Boolean sendToPipe, Int32 timeout,
Boolean asyncWrite) at
System.Data.SqlClient.SqlCommand.ExecuteNonQuery() at
System.Data.SqlClient.SqlCommandSet.ExecuteNonQuery() at
NHibernate.AdoNet.SqlClientBatchingBatcher.DoExecuteBatch(IDbCommand
ps) in
d:\CSharp\NH\NH\nhibernate\src\NHibernate\AdoNet\SqlClientBatchingBatcher.cs:line
93 --- End of inner exception stack trace --- at
NHibernate.AdoNet.SqlClientBatchingBatcher.DoExecuteBatch(IDbCommand
ps) in
d:\CSharp\NH\NH\nhibernate\src\NHibernate\AdoNet\SqlClientBatchingBatcher.cs:line
104 at
NHibernate.AdoNet.AbstractBatcher.ExecuteBatchWithTiming(IDbCommand
ps) in
d:\CSharp\NH\NH\nhibernate\src\NHibernate\AdoNet\AbstractBatcher.cs:line
437 at NHibernate.AdoNet.AbstractBatcher.ExecuteBatch() in
d:\CSharp\NH\NH\nhibernate\src\NHibernate\AdoNet\AbstractBatcher.cs:line
421 at NHibernate.Engine.ActionQueue.ExecuteActions() in
d:\CSharp\NH\NH\nhibernate\src\NHibernate\Engine\ActionQueue.cs:line
170 at
NHibernate.Event.Default.AbstractFlushingEventListener.PerformExecutions(IEventSource
session) in
d:\CSharp\NH\NH\nhibernate\src\NHibernate\Event\Default\AbstractFlushingEventListener.cs:line
253 at
NHibernate.Event.Default.DefaultFlushEventListener.OnFlush(FlushEvent
event) in
d:\CSharp\NH\NH\nhibernate\src\NHibernate\Event\Default\DefaultFlushEventListener.cs:line
20 at NHibernate.Impl.SessionImpl.Flush() in
d:\CSharp\NH\NH\nhibernate\src\NHibernate\Impl\SessionImpl.cs:line
1487 at NHibernate.Transaction.AdoTransaction.Commit() in
d:\CSharp\NH\NH\nhibernate\src\NHibernate\Transaction\AdoTransaction.cs:line
190 at
HgLab.Core.Framework.Persistence.Transaction.CommitOwnedTransaction(ISessionFactory
sessionFactory, Boolean ownedSession) in
d:\projects\hglab\src\HgLab.Core\Framework\Persistence\Transaction.cs:line
126 at
HgLab.Core.Framework.Persistence.Transaction.Commit(ISessionFactory
sessionFactory, Boolean ownedTransaction, Boolean ownedSession) in
d:\projects\hglab\src\HgLab.Core\Framework\Persistence\Transaction.cs:line
107 at HgLab.Core.Framework.Persistence.Transaction.Commit() in
d:\projects\hglab\src\HgLab.Core\Framework\Persistence\Transaction.cs:line
65 at
HgLab.Core.Framework.Security.LdapAuthenticationModule.Authenticate(String
login, String password, AuthenticationSettings
authenticationSettings) in
d:\projects\hglab\src\HgLab.Core\Framework\Security\LdapAuthenticationModule.cs:line
205 at
HgLab.Core.ApplicationServices.Impl.MembershipManagerService.Signin(String
login, String password) in
d:\projects\hglab\src\HgLab.Core\ApplicationServices\Impl\MembershipManagerService.cs:line
67 at
NHibernate.AdoNet.SqlClientBatchingBatcher.DoExecuteBatch(IDbCommand
ps) in
d:\CSharp\NH\NH\nhibernate\src\NHibernate\AdoNet\SqlClientBatchingBatcher.cs:line
104 at
NHibernate.AdoNet.AbstractBatcher.ExecuteBatchWithTiming(IDbCommand
ps) in
d:\CSharp\NH\NH\nhibernate\src\NHibernate\AdoNet\AbstractBatcher.cs:line
437 at NHibernate.AdoNet.AbstractBatcher.ExecuteBatch() in
d:\CSharp\NH\NH\nhibernate\src\NHibernate\AdoNet\AbstractBatcher.cs:line
421 at NHibernate.Engine.ActionQueue.ExecuteActions() in
d:\CSharp\NH\NH\nhibernate\src\NHibernate\Engine\ActionQueue.cs:line
170 at
NHibernate.Event.Default.AbstractFlushingEventListener.PerformExecutions(IEventSource
session) in
d:\CSharp\NH\NH\nhibernate\src\NHibernate\Event\Default\AbstractFlushingEventListener.cs:line
253 at
NHibernate.Event.Default.DefaultFlushEventListener.OnFlush(FlushEvent
event) in
d:\CSharp\NH\NH\nhibernate\src\NHibernate\Event\Default\DefaultFlushEventListener.cs:line
20 at NHibernate.Impl.SessionImpl.Flush() in
d:\CSharp\NH\NH\nhibernate\src\NHibernate\Impl\SessionImpl.cs:line
1487 at NHibernate.Transaction.AdoTransaction.Commit() in
d:\CSharp\NH\NH\nhibernate\src\NHibernate\Transaction\AdoTransaction.cs:line
190 at
HgLab.Core.Framework.Persistence.Transaction.CommitOwnedTransaction(ISessionFactory
sessionFactory, Boolean ownedSession) in
d:\projects\hglab\src\HgLab.Core\Framework\Persistence\Transaction.cs:line
126 at
HgLab.Core.Framework.Persistence.Transaction.Commit(ISessionFactory
sessionFactory, Boolean ownedTransaction, Boolean ownedSession) in
d:\projects\hglab\src\HgLab.Core\Framework\Persistence\Transaction.cs:line
107 at HgLab.Core.Framework.Persistence.Transaction.Commit() in
d:\projects\hglab\src\HgLab.Core\Framework\Persistence\Transaction.cs:line
65 at
HgLab.Core.Framework.Security.LdapAuthenticationModule.Authenticate(String
login, String password, AuthenticationSettings
authenticationSettings) in
d:\projects\hglab\src\HgLab.Core\Framework\Security\LdapAuthenticationModule.cs:line
205 at
HgLab.Core.ApplicationServices.Impl.MembershipManagerService.Signin(String
login, String password) in
d:\projects\hglab\src\HgLab.Core\ApplicationServices\Impl\MembershipManagerService.cs:line
67</p></div>vatechguytag:support.hglabhq.com,2012-10-18:Comment/321879382014-03-20T16:10:31Z2014-03-20T16:10:31ZAD Authentication<div><p>Absolutely!</p>
<p>Please, update to 1.3.5 : <a href=
"http://download.hglabhq.com/hglab/hglab-1.3.5.msi">http://download.hglabhq.com/hglab/hglab-1.3.5.msi</a></p></div>Anton Gogolevtag:support.hglabhq.com,2012-10-18:Comment/321879382014-03-20T16:24:08Z2014-03-20T16:24:09ZAD Authentication<div><p>Well, that looks much better. Seems to work fine now.
Thanks!</p></div>vatechguytag:support.hglabhq.com,2012-10-18:Comment/321879382014-03-20T16:30:06Z2014-03-20T16:30:06ZAD Authentication<div><p>Awesome! Glad I could help.</p></div>Anton Gogolevtag:support.hglabhq.com,2012-10-18:Comment/321879382014-03-20T19:16:51Z2014-03-20T19:16:53ZAD Authentication<div><p>Follow up question:</p>
<p>Are groups from ldap refreshed in any way?<br>
My dev team wants to be able to assign permissions to the projects
based on an LDAP group (dev_team) - but also be able to manage it
solely through AD. It appears you actually have to modify each user
account for permissions with hglab - is that accurate?</p>
<p>So if Bob is a member of dev_team and leaves the company, I
actually have to touch Bob's account in hglab to remove him from
dev_team since it's not refreshing the group membership from
ldap?</p></div>vatechguytag:support.hglabhq.com,2012-10-18:Comment/321879382014-03-20T20:10:25Z2014-03-20T20:10:25ZAD Authentication<div><p>Adam,</p>
<p>When signing in as an LDAP user, HgLab does refresh groups and
group<br>
membership information; see if there are your LDAP Groups in<br>
/administration/groups and that Users in /administration/groups are
indeed added to all the required groups. If this isn't the case,
please, do look<br>
for errors in the logs: in certain scenarios HgLab is unable to
retrieve<br>
what is called "Authorization Groups".</p>
<p>That said, there's one more layer to managing who gets to access
what.<br>
There's the thing called Team Membership which allows certain Users
and<br>
Groups assume Roles within a Project. For example, your entire
"dev_team"<br>
group can be added as a Team Member to one project and only a
handful of<br>
users can be added as Team Members to some other projects.</p></div>Anton Gogolev