AD Authentication
So we've set up AD Auth with hglab 1.3.4 on a Windows 2008 R2
server in a Windows 2008 domain.
We've set up the LDAP authentication catalog - but can't figure out
how to actually provision a user in the system?
If I attempt to "Signup" with an AD account - I get this error:
Signup Closed
Please consult Conclusive Mecurial Server Administrators.
What am I missing?
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Anton Gogolev on 20 Mar, 2014 03:53 PM
Adam,
Just try signing in with your domain credentials. That's the way it's
supposed to work, sorry for the lack of documentation on that part.
2 Posted by vatechguy on 20 Mar, 2014 03:56 PM
Yeah - so when i try that, I see the authentication succeed on the DC - but it still doesn't let me in. ???
I get Event 4624 Logon events from my user account on the local DC:
An account was successfully logged on.
Subject:
Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0
Logon Type: 3
New Logon:
Security ID: DOMAIN\hgtest Account Name: hgtest Account Domain: DOMAIN
Process Information:
Process ID: 0x0 Process Name: -
Network Information:
Workstation Name: Server1 Source Network Address: 192.168.1.5 Source Port: 50025
Detailed Authentication Information:
Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V2 Key Length: 128
On the HGLab server the user sees this:
Could not sign in to HgLab
We didn't recognize the username or password you entered. Please try again.
Support Staff 3 Posted by Anton Gogolev on 20 Mar, 2014 03:59 PM
Adam,
Could you please open up
<HGLAB_HOME_DIRECTORY>\logs
to see if there's anything fishy inglobal-2014-03-20.txt
?4 Posted by vatechguy on 20 Mar, 2014 04:02 PM
This give us any ideas?
11:52:38.2229 - Error - - HgLab.Core.Framework.Persistence.Transaction - could not commit transaction on an owned sessionNHibernate.Exceptions.GenericADOException: could not execute batch command.[SQL: SQL not available] ---> System.Data.SqlClient.SqlException: Cannot insert the value NULL into column 'PersonalToken', table 'hglab.dbo.User'; column does not allow nulls. INSERT fails.
The statement has been terminated.
at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action
1 wrapCloseInAction) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose) at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady) at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString) at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async, Int32 timeout, Task& task, Boolean asyncWrite, SqlDataReader ds) at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, TaskCompletionSource
1 completion, Int32 timeout, Task& task, Boolean asyncWrite) at System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(TaskCompletionSource1 completion, String methodName, Boolean sendToPipe, Int32 timeout, Boolean asyncWrite) at System.Data.SqlClient.SqlCommand.ExecuteNonQuery() at System.Data.SqlClient.SqlCommandSet.ExecuteNonQuery() at NHibernate.AdoNet.SqlClientBatchingBatcher.DoExecuteBatch(IDbCommand ps) in d:\CSharp\NH\NH\nhibernate\src\NHibernate\AdoNet\SqlClientBatchingBatcher.cs:line 93 --- End of inner exception stack trace --- at NHibernate.AdoNet.SqlClientBatchingBatcher.DoExecuteBatch(IDbCommand ps) in d:\CSharp\NH\NH\nhibernate\src\NHibernate\AdoNet\SqlClientBatchingBatcher.cs:line 104 at NHibernate.AdoNet.AbstractBatcher.ExecuteBatchWithTiming(IDbCommand ps) in d:\CSharp\NH\NH\nhibernate\src\NHibernate\AdoNet\AbstractBatcher.cs:line 437 at NHibernate.AdoNet.AbstractBatcher.ExecuteBatch() in d:\CSharp\NH\NH\nhibernate\src\NHibernate\AdoNet\AbstractBatcher.cs:line 421 at NHibernate.Engine.ActionQueue.ExecuteActions() in d:\CSharp\NH\NH\nhibernate\src\NHibernate\Engine\ActionQueue.cs:line 170 at NHibernate.Event.Default.AbstractFlushingEventListener.PerformExecutions(IEventSource session) in d:\CSharp\NH\NH\nhibernate\src\NHibernate\Event\Default\AbstractFlushingEventListener.cs:line 253 at NHibernate.Event.Default.DefaultFlushEventListener.OnFlush(FlushEvent event) in d:\CSharp\NH\NH\nhibernate\src\NHibernate\Event\Default\DefaultFlushEventListener.cs:line 20 at NHibernate.Impl.SessionImpl.Flush() in d:\CSharp\NH\NH\nhibernate\src\NHibernate\Impl\SessionImpl.cs:line 1487 at NHibernate.Transaction.AdoTransaction.Commit() in d:\CSharp\NH\NH\nhibernate\src\NHibernate\Transaction\AdoTransaction.cs:line 190 at HgLab.Core.Framework.Persistence.Transaction.CommitOwnedTransaction(ISessionFactory sessionFactory, Boolean ownedSession) in d:\projects\hglab\src\HgLab.Core\Framework\Persistence\Transaction.cs:line 115 at NHibernate.AdoNet.SqlClientBatchingBatcher.DoExecuteBatch(IDbCommand ps) in d:\CSharp\NH\NH\nhibernate\src\NHibernate\AdoNet\SqlClientBatchingBatcher.cs:line 104 at NHibernate.AdoNet.AbstractBatcher.ExecuteBatchWithTiming(IDbCommand ps) in d:\CSharp\NH\NH\nhibernate\src\NHibernate\AdoNet\AbstractBatcher.cs:line 437 at NHibernate.AdoNet.AbstractBatcher.ExecuteBatch() in d:\CSharp\NH\NH\nhibernate\src\NHibernate\AdoNet\AbstractBatcher.cs:line 421 at NHibernate.Engine.ActionQueue.ExecuteActions() in d:\CSharp\NH\NH\nhibernate\src\NHibernate\Engine\ActionQueue.cs:line 170 at NHibernate.Event.Default.AbstractFlushingEventListener.PerformExecutions(IEventSource session) in d:\CSharp\NH\NH\nhibernate\src\NHibernate\Event\Default\AbstractFlushingEventListener.cs:line 253 at NHibernate.Event.Default.DefaultFlushEventListener.OnFlush(FlushEvent event) in d:\CSharp\NH\NH\nhibernate\src\NHibernate\Event\Default\DefaultFlushEventListener.cs:line 20 at NHibernate.Impl.SessionImpl.Flush() in d:\CSharp\NH\NH\nhibernate\src\NHibernate\Impl\SessionImpl.cs:line 1487 at NHibernate.Transaction.AdoTransaction.Commit() in d:\CSharp\NH\NH\nhibernate\src\NHibernate\Transaction\AdoTransaction.cs:line 190 at HgLab.Core.Framework.Persistence.Transaction.CommitOwnedTransaction(ISessionFactory sessionFactory, Boolean ownedSession) in d:\projects\hglab\src\HgLab.Core\Framework\Persistence\Transaction.cs:line 115 11:52:38.2797 - Error - - HgLab.Core.ApplicationServices.Impl.MembershipManagerService - could not sign inNHibernate.Exceptions.GenericADOException: could not execute batch command.[SQL: SQL not available] ---> System.Data.SqlClient.SqlException: Cannot insert the value NULL into column 'PersonalToken', table 'hglab.dbo.User'; column does not allow nulls. INSERT fails. The statement has been terminated. at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action
1 wrapCloseInAction) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose) at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady) at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString) at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async, Int32 timeout, Task& task, Boolean asyncWrite, SqlDataReader ds) at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, TaskCompletionSource1 completion, Int32 timeout, Task& task, Boolean asyncWrite) at System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(TaskCompletionSource
1 completion, String methodName, Boolean sendToPipe, Int32 timeout, Boolean asyncWrite) at System.Data.SqlClient.SqlCommand.ExecuteNonQuery() at System.Data.SqlClient.SqlCommandSet.ExecuteNonQuery() at NHibernate.AdoNet.SqlClientBatchingBatcher.DoExecuteBatch(IDbCommand ps) in d:\CSharp\NH\NH\nhibernate\src\NHibernate\AdoNet\SqlClientBatchingBatcher.cs:line 93 --- End of inner exception stack trace --- at NHibernate.AdoNet.SqlClientBatchingBatcher.DoExecuteBatch(IDbCommand ps) in d:\CSharp\NH\NH\nhibernate\src\NHibernate\AdoNet\SqlClientBatchingBatcher.cs:line 104 at NHibernate.AdoNet.AbstractBatcher.ExecuteBatchWithTiming(IDbCommand ps) in d:\CSharp\NH\NH\nhibernate\src\NHibernate\AdoNet\AbstractBatcher.cs:line 437 at NHibernate.AdoNet.AbstractBatcher.ExecuteBatch() in d:\CSharp\NH\NH\nhibernate\src\NHibernate\AdoNet\AbstractBatcher.cs:line 421 at NHibernate.Engine.ActionQueue.ExecuteActions() in d:\CSharp\NH\NH\nhibernate\src\NHibernate\Engine\ActionQueue.cs:line 170 at NHibernate.Event.Default.AbstractFlushingEventListener.PerformExecutions(IEventSource session) in d:\CSharp\NH\NH\nhibernate\src\NHibernate\Event\Default\AbstractFlushingEventListener.cs:line 253 at NHibernate.Event.Default.DefaultFlushEventListener.OnFlush(FlushEvent event) in d:\CSharp\NH\NH\nhibernate\src\NHibernate\Event\Default\DefaultFlushEventListener.cs:line 20 at NHibernate.Impl.SessionImpl.Flush() in d:\CSharp\NH\NH\nhibernate\src\NHibernate\Impl\SessionImpl.cs:line 1487 at NHibernate.Transaction.AdoTransaction.Commit() in d:\CSharp\NH\NH\nhibernate\src\NHibernate\Transaction\AdoTransaction.cs:line 190 at HgLab.Core.Framework.Persistence.Transaction.CommitOwnedTransaction(ISessionFactory sessionFactory, Boolean ownedSession) in d:\projects\hglab\src\HgLab.Core\Framework\Persistence\Transaction.cs:line 126 at HgLab.Core.Framework.Persistence.Transaction.Commit(ISessionFactory sessionFactory, Boolean ownedTransaction, Boolean ownedSession) in d:\projects\hglab\src\HgLab.Core\Framework\Persistence\Transaction.cs:line 107 at HgLab.Core.Framework.Persistence.Transaction.Commit() in d:\projects\hglab\src\HgLab.Core\Framework\Persistence\Transaction.cs:line 65 at HgLab.Core.Framework.Security.LdapAuthenticationModule.Authenticate(String login, String password, AuthenticationSettings authenticationSettings) in d:\projects\hglab\src\HgLab.Core\Framework\Security\LdapAuthenticationModule.cs:line 205 at HgLab.Core.ApplicationServices.Impl.MembershipManagerService.Signin(String login, String password) in d:\projects\hglab\src\HgLab.Core\ApplicationServices\Impl\MembershipManagerService.cs:line 67 at NHibernate.AdoNet.SqlClientBatchingBatcher.DoExecuteBatch(IDbCommand ps) in d:\CSharp\NH\NH\nhibernate\src\NHibernate\AdoNet\SqlClientBatchingBatcher.cs:line 104 at NHibernate.AdoNet.AbstractBatcher.ExecuteBatchWithTiming(IDbCommand ps) in d:\CSharp\NH\NH\nhibernate\src\NHibernate\AdoNet\AbstractBatcher.cs:line 437 at NHibernate.AdoNet.AbstractBatcher.ExecuteBatch() in d:\CSharp\NH\NH\nhibernate\src\NHibernate\AdoNet\AbstractBatcher.cs:line 421 at NHibernate.Engine.ActionQueue.ExecuteActions() in d:\CSharp\NH\NH\nhibernate\src\NHibernate\Engine\ActionQueue.cs:line 170 at NHibernate.Event.Default.AbstractFlushingEventListener.PerformExecutions(IEventSource session) in d:\CSharp\NH\NH\nhibernate\src\NHibernate\Event\Default\AbstractFlushingEventListener.cs:line 253 at NHibernate.Event.Default.DefaultFlushEventListener.OnFlush(FlushEvent event) in d:\CSharp\NH\NH\nhibernate\src\NHibernate\Event\Default\DefaultFlushEventListener.cs:line 20 at NHibernate.Impl.SessionImpl.Flush() in d:\CSharp\NH\NH\nhibernate\src\NHibernate\Impl\SessionImpl.cs:line 1487 at NHibernate.Transaction.AdoTransaction.Commit() in d:\CSharp\NH\NH\nhibernate\src\NHibernate\Transaction\AdoTransaction.cs:line 190 at HgLab.Core.Framework.Persistence.Transaction.CommitOwnedTransaction(ISessionFactory sessionFactory, Boolean ownedSession) in d:\projects\hglab\src\HgLab.Core\Framework\Persistence\Transaction.cs:line 126 at HgLab.Core.Framework.Persistence.Transaction.Commit(ISessionFactory sessionFactory, Boolean ownedTransaction, Boolean ownedSession) in d:\projects\hglab\src\HgLab.Core\Framework\Persistence\Transaction.cs:line 107 at HgLab.Core.Framework.Persistence.Transaction.Commit() in d:\projects\hglab\src\HgLab.Core\Framework\Persistence\Transaction.cs:line 65 at HgLab.Core.Framework.Security.LdapAuthenticationModule.Authenticate(String login, String password, AuthenticationSettings authenticationSettings) in d:\projects\hglab\src\HgLab.Core\Framework\Security\LdapAuthenticationModule.cs:line 205 at HgLab.Core.ApplicationServices.Impl.MembershipManagerService.Signin(String login, String password) in d:\projects\hglab\src\HgLab.Core\ApplicationServices\Impl\MembershipManagerService.cs:line 67Support Staff 5 Posted by Anton Gogolev on 20 Mar, 2014 04:10 PM
Absolutely!
Please, update to 1.3.5 : http://download.hglabhq.com/hglab/hglab-1.3.5.msi
6 Posted by vatechguy on 20 Mar, 2014 04:24 PM
Well, that looks much better. Seems to work fine now. Thanks!
Support Staff 7 Posted by Anton Gogolev on 20 Mar, 2014 04:30 PM
Awesome! Glad I could help.
Anton Gogolev closed this discussion on 20 Mar, 2014 04:30 PM.
vatechguy re-opened this discussion on 20 Mar, 2014 07:16 PM
8 Posted by vatechguy on 20 Mar, 2014 07:16 PM
Follow up question:
Are groups from ldap refreshed in any way?
My dev team wants to be able to assign permissions to the projects based on an LDAP group (dev_team) - but also be able to manage it solely through AD. It appears you actually have to modify each user account for permissions with hglab - is that accurate?
So if Bob is a member of dev_team and leaves the company, I actually have to touch Bob's account in hglab to remove him from dev_team since it's not refreshing the group membership from ldap?
Support Staff 9 Posted by Anton Gogolev on 20 Mar, 2014 08:10 PM
Adam,
When signing in as an LDAP user, HgLab does refresh groups and group
membership information; see if there are your LDAP Groups in
/administration/groups and that Users in /administration/groups are indeed
added to all the required groups. If this isn't the case, please, do look
for errors in the logs: in certain scenarios HgLab is unable to retrieve
what is called "Authorization Groups".
That said, there's one more layer to managing who gets to access what.
There's the thing called Team Membership which allows certain Users and
Groups assume Roles within a Project. For example, your entire "dev_team"
group can be added as a Team Member to one project and only a handful of
users can be added as Team Members to some other projects.