Home → Problems →

ldap auth succedd, but login fails in hglab web interface.

• Edit

Roman

01 Aug, 2013 03:04 PM

Hi.
I have clean installation of hglab, and successful connected to windows domain controller.
But hglab fails to login on web interface with domain user.
Domain controller's event viwer shows user login as successful, but hglab do not allow login:
"Could not sign in to HgLab. We didn't recognize the username or password you entered. Please try again."

1. 1 Posted by Roman on 02 Aug, 2013 10:41 AM

   

   Again me.
   Event viewer on domain controller shows:

   1. "The domain controller attempted to validate the credentials for an account.
   Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0".

   2. Bind account was successfully logged on: "An account was successfully logged on ".

   3. Bind account was logged off: "An account was logged off".

   Looks like only bind account (configured on hglab LDAP catalog settings) authenticates through LDAP, not account that I type on login web page.

   • Edit

2. 2 Posted by Roman on 02 Aug, 2013 12:52 PM

   

   Again me.
   Corrected some settings in LDAP catalog.
   Now domain controller event viewer shows,
   that domain user logon successful.
   But hglab web interface still do not allow login:
   "Could not sign in to HgLab. We didn't recognize the username or password you entered. Please try again."

   • Edit

3. 3 Posted by Roman on 02 Aug, 2013 01:28 PM

   

   More detailed logs from my post N3:

   1:
   Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
    Logon account: rk
    Source Workstation: SILVER
    Error Code: 0x0

   2:
   Special privileges assigned to new logon:
     User Name: rk
     Domain: INTERLOGIC
     Logon ID: (0x0,0x2CCA4F7D)
     Privileges: SeSecurityPrivilege
   SeBackupPrivilege
   SeRestorePrivilege
   SeTakeOwnershipPrivilege
   SeDebugPrivilege
   SeSystemEnvironmentPrivilege
   SeLoadDriverPrivilege
   SeImpersonatePrivilege
   SeEnableDelegationPrivilege

   3:
   Successful Network Logon:
     User Name: rk
     Domain: INTERLOGIC
     Logon ID: (0x0,0x2CCA4F7D)
     Logon Type: 3
     Logon Process: NtLmSsp
     Authentication Package: NTLM
     Workstation Name: SILVER
     Logon GUID: -
     Caller User Name: -
     Caller Domain: -
     Caller Logon ID: -
     Caller Process ID: -
     Transited Services: -
     Source Network Address: 192.168.0.248
     Source Port: 64311

   • Edit

4. 4 Posted by Roman on 02 Aug, 2013 01:47 PM

   

   Here are my catalog prority setting,
   and LDAP settings.

   • Clip_11.jpg 6.11 KB
   • Clip_10.jpg 43.2 KB
   • Edit

5. Support Staff 5 Posted by Anton Gogolev on 03 Aug, 2013 07:42 AM

   

   Roman,

   Thanks for the report. I'll try to diagnose the issue and will get back with the results on monday.

   On 01.08.2013, at 19:06, "Roman" <[email blocked]> wrote:

   • Edit

6. 6 Posted by mark.brocklehur... on 21 Aug, 2013 12:14 AM

   

   Hi Anton,

   I am seeing this issue as well from freshly installed version 0.3.10.0 instance.

   If I enable LADP in HgLab, and then try and login as user 'x', I see activity in the AD server event log indicating that the login was successful, but the HgLab UI tells me it can not recognise the username or password.

   Cheers,
   Mark

   • Edit

7. Support Staff 7 Posted by Anton Gogolev on 22 Aug, 2013 08:03 AM

   

   Roman, Mark

   Apologies for the delay.

   Are you guys running Windows Server 2012 as your Domain Controller?

   • Edit

8. 8 Posted by Roman on 22 Aug, 2013 08:12 AM

   

   Hi.
   I am using Windows 2003 R2 SP2 as domain controller.

   • Edit

9. Support Staff 9 Posted by Anton Gogolev on 22 Aug, 2013 08:23 AM

   

   Roman,

   Could you please check logs under App_Data to see if there's anything fishy there? More specifically, are there any errors related to LdapAuthenticationModule.

   If there are no logs at all, grant write access to App_Data to IIS_IUSRS group.

   • Edit

10. Support Staff 10 Posted by Anton Gogolev on 22 Aug, 2013 11:30 AM

    

    Quick follow-up.

    Here are modified versions of HgLab.Core.dll/.pdb where I tried to fix the issue. Copy them over to bin subdirectory of a HgLab installation directory and try signing in with your domain credentials.

    If the error persists, I'd appreciate if you sent me the global-2013-08-22.txt log file.

    • HgSharp.Core.dll 232 KB
    • HgSharp.Core.pdb 592 KB
    • Edit

11. 11 Posted by mark.brocklehur... on 23 Aug, 2013 03:19 AM

    

    Hi Anton,

    I am running Server 2008 R2.

    I found out what my problem is. The code pulls the user email address from the domain controller and inserts it into the database.

    In my case I had no email address assigned, so the code throws a SQL exception because that column does not allow NULL values.

    Quick fix without a code update is to add a dummy email to your AD profile.

    Cheers,
    Mark

    • Edit

12. Support Staff 12 Posted by Anton Gogolev on 23 Aug, 2013 07:03 AM

    

    Mark,

    Many thanks for hunting the error down! I think I'll be generating "fake"
    email addresses in cases like this.

    Thanks for your cooperation!

    • Edit

13. 13 Posted by Roman on 23 Aug, 2013 07:25 AM

    

    I have replaced 2 files in my bin folder with yours (from post 11), but no changes.
    Domain controller shows same log events (post 2,3,4).
    Also all account in active directory have mail address field populated.

    I attached my two last logs, as you asked me.
    PS. I have successfully deployed mercurial rhodecode. So if i am the only one with such problem, don't pay much attention to this case.

    • global-2013-08-22.txt 59.1 KB
    • global-2013-08-23.txt 7.99 KB
    • Edit

14. Support Staff 14 Posted by Anton Gogolev on 23 Aug, 2013 09:00 AM

    

    Roman,

    My apologies, these are the wrong files. Please, try these two.

    Thanks for your cooperation!

    • HgLab.Core.dll 5.07 MB
    • HgLab.Core.pdb 416 KB
    • Edit