Home → Questions →

LDAP Auth Failing

• Edit

Jonah Simpson

10 Sep, 2013 10:16 PM

Hi!

I've been working with my local IT Expert to get LDAP Auth working and I've had no luck. I've confirmed the settings are correct and even validated the settings with a couple different approaches to authenticating against LDAP via the C# API in Directory Services.

Our HgLab machine is in the cloud (and not on the Domain it's authenticating against) and connecting to the Active Directory Server back over VPN. I've confirmed that HgLab hits the Active Directory server and the log on the Active Directory server states "unknown user/password"

Based on the stack trace from the HgLab logs that I get when messing about with values, here's some similar (?) code that correctly Authenticates and returns a UserPrincipal against our Active Directory setup.

var bindUsername = @"na\jonah.simpson";
var loginUsername = @"jonah.simpson";

var activeDirectoryServerAddress = string.Format("{0}:{1}", activeDirectoryServerIp, activeDirectoryServerPort);
// If I use the following line to create the PrincipalContext then I can successfully authenticate
var pc = new PrincipalContext(ContextType.Domain, activeDirectoryServerAddress, container, bindUsername, bindPassword);
// If use the following line to create the PrincipalContext then I get the unknown user/password line
// var pc = new PrincipalContext(ContextType.Domain, activeDirectoryServerAddress, container);

// If loginUsername is na\jonah.simpson instead of jonah.simpson then I get the unknown user/password exception
var authenticated = pc.ValidateCredentials(loginUsername, loginPassword);
if (authenticated)
{
    var up = UserPrincipal.FindByIdentity(pc, loginUsername);
    var emailAddress = up.EmailAddress;
}

Here's the stack from the global log

23:12:35.2246 - Error -            - HgLab.Core.ApplicationServices.Impl.MembershipManagerService - could not sign inSystem.DirectoryServices.DirectoryServicesCOMException (0x8007052E): Logon failure: unknown user name or bad password.







at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
   at System.DirectoryServices.DirectoryEntry.Bind()
   at System.DirectoryServices.DirectoryEntry.get_AdsObject()
   at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
   at System.DirectoryServices.DirectorySearcher.FindOne()
   at HgLab.Core.Framework.Security.LdapAuthenticationModule.GetAuthorizationGroups(String samAccountName) in d:\projects\hglab\src\HgLab.Core\Framework\Security\LdapAuthenticationModule.cs:line 168
   at HgLab.Core.Framework.Security.LdapAuthenticationModule.Authenticate(String login, String password, AuthenticationSettings authenticationSettings) in d:\projects\hglab\src\HgLab.Core\Framework\Security\LdapAuthenticationModule.cs:line 125
   at HgLab.Core.ApplicationServices.Impl.MembershipManagerService.Signin(String login, String password) in d:\projects\hglab\src\HgLab.Core\ApplicationServices\Impl\MembershipManagerService.cs:line 48    at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
   at System.DirectoryServices.DirectoryEntry.Bind()
   at System.DirectoryServices.DirectoryEntry.get_AdsObject()
   at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
   at System.DirectoryServices.DirectorySearcher.FindOne()
   at HgLab.Core.Framework.Security.LdapAuthenticationModule.GetAuthorizationGroups(String samAccountName) in d:\projects\hglab\src\HgLab.Core\Framework\Security\LdapAuthenticationModule.cs:line 168
   at HgLab.Core.Framework.Security.LdapAuthenticationModule.Authenticate(String login, String password, AuthenticationSettings authenticationSettings) in d:\projects\hglab\src\HgLab.Core\Framework\Security\LdapAuthenticationModule.cs:line 125
   at HgLab.Core.ApplicationServices.Impl.MembershipManagerService.Signin(String login, String password) in d:\projects\hglab\src\HgLab.Core\ApplicationServices\Impl\MembershipManagerService.cs:line 48

Any ideas?

Thanks in advance!

1. Support Staff 1 Posted by Anton Gogolev on 23 Sep, 2013 10:36 AM

   

   Jonah,

   Apologies for the delay and thanks for the investigation.

   Could you please verify what happens if you create your PrincipalContext like this:

   var pc = new PrincipalContext(ContextType.Domain, activeDirectoryServerAddress, container, 
       ContextOptions.Negotiate, // This one
       bindUsername, bindPassword);
   

   • Edit

2. 2 Posted by Jonah Simpson on 23 Sep, 2013 03:51 PM

   

   The context is created successfully (same as omitting the
   ContextOptions.Negotiate parameter)

   • Edit

3. Support Staff 3 Posted by Anton Gogolev on 24 Sep, 2013 12:32 PM

   

   Jonah,

   Could you please try replacing two files in \bin directory with these two (they are for 0.3.10, so you'll need to upgrade if you're running an older version) and see if this helps.

   Password for the archive is hglab

   • hglab-0.3.10-patch.zip 4.7 MB
   • Edit

4. 4 Posted by Jonah Simpson on 24 Sep, 2013 02:56 PM

   

   Authentication successful!

   Thanks Anton!

   • Edit

5. Support Staff 5 Posted by Anton Gogolev on 24 Sep, 2013 03:03 PM

   

   Always glad to help, Jonah. Cheers!

   • Edit

6. 6 Posted by Chris Bourque on 02 Oct, 2013 07:36 PM

   

   This comment was split into a new discussion: LDAP Auth failing for Global Catalog

   Hi Jonah, I think I need this patch as well. However, there is a password on the zip file in this thread. Can you please share the password or post a zip without a password?

   Thanks

   • Edit

7. 7 Posted by Chris Bourque on 02 Oct, 2013 07:37 PM

   

   Nevermind, I guess the password on my first attempt and it worked.

   • Edit

8. Support Staff 8 Posted by Anton Gogolev on 02 Oct, 2013 07:40 PM

   

   Chris,

   I assume the patch did work?

   • Edit

9. 9 Posted by Chris Bourque on 02 Oct, 2013 10:20 PM

   

   Actually, no it did not work. I still face the same problem.

   15:48:12.1837 - Debug - - HgLab.Core.Framework.Security.LdapAuthenticationModule - attempting to sign in 'userxyz' using 'Company AD'
   15:48:12.2157 - Debug - - HgLab.Core.Framework.Security.LdapAuthenticationModule - connecting to LDAP server at 'ldap.company.com:3268' with base container 'DC=company,DC=com'
   15:48:12.2387 - Warn - - HgLab.Core.Framework.Security.LdapAuthenticationModule - could not find user by identitySystem.DirectoryServices.AccountManagement.PrincipalOperationException: A local error has occurred.
    ---> System.DirectoryServices.DirectoryServicesCOMException: A local error has occurred.

      at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
      at System.DirectoryServices.DirectoryEntry.Bind()
      at System.DirectoryServices.DirectoryEntry.get_SchemaEntry()
      at System.DirectoryServices.AccountManagement.ADStoreCtx.IsContainer(DirectoryEntry de)
      at System.DirectoryServices.AccountManagement.ADStoreCtx..ctor(DirectoryEntry ctxBase, Boolean ownCtxBase, String username, String password, ContextOptions options)
      at System.DirectoryServices.AccountManagement.PrincipalContext.CreateContextFromDirectoryEntry(DirectoryEntry entry)
      at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInit()
      --- End of inner exception stack trace ---
      at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInit()
      at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()
      at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
      at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()
      at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate)
      at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, String identityValue)
      at HgLab.Core.Framework.Security.LdapAuthenticationModule.Authenticate(String login, String password, AuthenticationSettings authenticationSettings) in d:\projects\hglab\src\HgLab.Core\Framework\Security\LdapAuthenticationModule.cs:line 107 at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInit()
      at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()
      at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
      at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()
      at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate)
      at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, String identityValue)
      at HgLab.Core.Framework.Security.LdapAuthenticationModule.Authenticate(String login, String password, AuthenticationSettings authenticationSettings) in d:\projects\hglab\src\HgLab.Core\Framework\Security\LdapAuthenticationModule.cs:line 107
   15:48:22.2967 - Error - - HgLab.Core.Framework.Appcast.AppcastManager - could not check for updatesSystem.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 46.173.209.0:80
      at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
      at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception)
      --- End of inner exception stack trace ---
      at System.Net.WebClient.DownloadFile(Uri address, String fileName)
      at HgLab.Core.Framework.Appcast.AppcastManager.DiscoverUpdates(String appcastFeedUrl, Version currentVersion) in d:\projects\hglab\src\HgLab.Core\Framework\Appcast\AppcastManager.cs:line 42 at System.Net.WebClient.DownloadFile(Uri address, String fileName)
      at HgLab.Core.Framework.Appcast.AppcastManager.DiscoverUpdates(String appcastFeedUrl, Version currentVersion) in d:\projects\hglab\src\HgLab.Core\Framework\Appcast\AppcastManager.cs:line 42

   • Edit

10. Support Staff 10 Posted by Anton Gogolev on 03 Oct, 2013 06:01 AM

    

    Chris,

    What are the Windows versions on your domain controller and on the server HgLab is running on?

    On 03.10.2013, at 2:20, "Chris Bourque" <[email blocked]> wrote:

    • Edit

11. 11 Posted by Chris Bourque on 07 Oct, 2013 02:05 PM

    

    Both are Windows Server 2008. I am trying to bind to an Active Directory Global Catalog. Thanks

    • Edit

12. Support Staff 12 Posted by Anton Gogolev on 08 Oct, 2013 01:38 PM

    

    Chris,

    Aha, so Global Catalog seems to be the thing I'm not supporting properly. I'll try and resolve the issue.

    Thanks for the report!

    • Edit