ldap auth succedd, but login fails in hglab web interface.

Roman's Avatar

Roman

01 Aug, 2013 03:04 PM

Hi.
I have clean installation of hglab, and successful connected to windows domain controller.
But hglab fails to login on web interface with domain user.
Domain controller's event viwer shows user login as successful, but hglab do not allow login:
"Could not sign in to HgLab. We didn't recognize the username or password you entered. Please try again."

  1. 1 Posted by Roman on 02 Aug, 2013 10:41 AM

    Roman's Avatar

    Again me.
    Event viewer on domain controller shows:

    1. "The domain controller attempted to validate the credentials for an account.
    Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0".

    2. Bind account was successfully logged on: "An account was successfully logged on ".

    3. Bind account was logged off: "An account was logged off".

    Looks like only bind account (configured on hglab LDAP catalog settings) authenticates through LDAP, not account that I type on login web page.

  2. 2 Posted by Roman on 02 Aug, 2013 12:52 PM

    Roman's Avatar

    Again me.
    Corrected some settings in LDAP catalog.
    Now domain controller event viewer shows,
    that domain user logon successful.
    But hglab web interface still do not allow login:
    "Could not sign in to HgLab. We didn't recognize the username or password you entered. Please try again."

  3. 3 Posted by Roman on 02 Aug, 2013 01:28 PM

    Roman's Avatar

    More detailed logs from my post N3:

    1:
    Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
     Logon account: rk
     Source Workstation: SILVER
     Error Code: 0x0

    2:
    Special privileges assigned to new logon:
      User Name: rk
      Domain: INTERLOGIC
      Logon ID: (0x0,0x2CCA4F7D)
      Privileges: SeSecurityPrivilege
    SeBackupPrivilege
    SeRestorePrivilege
    SeTakeOwnershipPrivilege
    SeDebugPrivilege
    SeSystemEnvironmentPrivilege
    SeLoadDriverPrivilege
    SeImpersonatePrivilege
    SeEnableDelegationPrivilege

    3:
    Successful Network Logon:
      User Name: rk
      Domain: INTERLOGIC
      Logon ID: (0x0,0x2CCA4F7D)
      Logon Type: 3
      Logon Process: NtLmSsp
      Authentication Package: NTLM
      Workstation Name: SILVER
      Logon GUID: -
      Caller User Name: -
      Caller Domain: -
      Caller Logon ID: -
      Caller Process ID: -
      Transited Services: -
      Source Network Address: 192.168.0.248
      Source Port: 64311

  4. 4 Posted by Roman on 02 Aug, 2013 01:47 PM

    Roman's Avatar

    Here are my catalog prority setting,
    and LDAP settings.

  5. Support Staff 5 Posted by Anton Gogolev on 03 Aug, 2013 07:42 AM

    Anton Gogolev's Avatar

    Roman,

    Thanks for the report. I'll try to diagnose the issue and will get back with the results on monday.

    On 01.08.2013, at 19:06, "Roman" <[email blocked]> wrote:

  6. 6 Posted by mark.brocklehur... on 21 Aug, 2013 12:14 AM

    mark.brocklehurst's Avatar

    Hi Anton,

    I am seeing this issue as well from freshly installed version 0.3.10.0 instance.

    If I enable LADP in HgLab, and then try and login as user 'x', I see activity in the AD server event log indicating that the login was successful, but the HgLab UI tells me it can not recognise the username or password.

    Cheers,
    Mark

  7. Support Staff 7 Posted by Anton Gogolev on 22 Aug, 2013 08:03 AM

    Anton Gogolev's Avatar

    Roman, Mark

    Apologies for the delay.

    Are you guys running Windows Server 2012 as your Domain Controller?

  8. 8 Posted by Roman on 22 Aug, 2013 08:12 AM

    Roman's Avatar

    Hi.
    I am using Windows 2003 R2 SP2 as domain controller.

  9. Support Staff 9 Posted by Anton Gogolev on 22 Aug, 2013 08:23 AM

    Anton Gogolev's Avatar

    Roman,

    Could you please check logs under App_Data to see if there's anything fishy there? More specifically, are there any errors related to LdapAuthenticationModule.

    If there are no logs at all, grant write access to App_Data to IIS_IUSRS group.

  10. Support Staff 10 Posted by Anton Gogolev on 22 Aug, 2013 11:30 AM

    Anton Gogolev's Avatar

    Quick follow-up.

    Here are modified versions of HgLab.Core.dll/.pdb where I tried to fix the issue. Copy them over to bin subdirectory of a HgLab installation directory and try signing in with your domain credentials.

    If the error persists, I'd appreciate if you sent me the global-2013-08-22.txt log file.

  11. 11 Posted by mark.brocklehur... on 23 Aug, 2013 03:19 AM

    mark.brocklehurst's Avatar

    Hi Anton,

    I am running Server 2008 R2.

    I found out what my problem is. The code pulls the user email address from the domain controller and inserts it into the database.

    In my case I had no email address assigned, so the code throws a SQL exception because that column does not allow NULL values.

    Quick fix without a code update is to add a dummy email to your AD profile.

    Cheers,
    Mark

  12. Support Staff 12 Posted by Anton Gogolev on 23 Aug, 2013 07:03 AM

    Anton Gogolev's Avatar

    Mark,

    Many thanks for hunting the error down! I think I'll be generating "fake"
    email addresses in cases like this.

    Thanks for your cooperation!

  13. 13 Posted by Roman on 23 Aug, 2013 07:25 AM

    Roman's Avatar

    I have replaced 2 files in my bin folder with yours (from post 11), but no changes.
    Domain controller shows same log events (post 2,3,4).
    Also all account in active directory have mail address field populated.

    I attached my two last logs, as you asked me.
    PS. I have successfully deployed mercurial rhodecode. So if i am the only one with such problem, don't pay much attention to this case.

  14. Support Staff 14 Posted by Anton Gogolev on 23 Aug, 2013 09:00 AM

    Anton Gogolev's Avatar

    Roman,

    My apologies, these are the wrong files. Please, try these two.

    Thanks for your cooperation!

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

Recent Discussions

19 Mar, 2021 06:13 PM
01 Mar, 2021 02:51 PM
01 Jan, 2021 02:19 AM
28 Aug, 2020 08:34 AM
23 Jun, 2020 08:29 AM

 

19 Dec, 2019 06:58 AM
21 Aug, 2019 09:07 AM
30 Jul, 2019 08:59 PM
31 May, 2019 02:29 PM
26 Nov, 2018 01:47 PM
16 Nov, 2018 07:51 PM