Not able to authenticate using microsoft AD

[soundar rajan <bs...@gmail.com>]

Hi ALL,

I have successfully configured Active directory and able to import the
users to cloudstack.

But users is not able to login with there domain credentials do i miss
anything in the configuration?

Regards
Shyam

Re: Not able to authenticate using microsoft AD

[Daan Hoogland <da...@gmail.com>]

Shyam

On Tue, Mar 20, 2018 at 12:52 PM, soundar rajan <bs...@gmail.com>
wrote:
​
​..​

>   Did not find configuration ldap.username.attribute in Config.java.
> Perhaps
> moved to ConfigDepot
>
​this is not an issue.​

Re: Not able to authenticate using microsoft AD

[soundar rajan <bs...@gmail.com>]

Sure Daan,

Thanks for the quicker fix. ill test and keep you posted by tuesday

Regards
Shyam

On Fri, Mar 30, 2018 at 2:42 PM, Daan Hoogland <da...@gmail.com>
wrote:

> ​Shyam, Javier,
>
> I found and fixed a bug, There is a PR out [1]. Are you able to test this?​
> meaning creating your own package from that branch and trying?
> ​In the end it wasn't an AD specific bug but had to do with non-synced
> accounts​. Unfortunately there was no test case for it. If it works it will
> go into 4.11.1.
>
> ​[1] https://github.com/apache/cloudstack/pull/2517​
>
>
> On Fri, Mar 23, 2018 at 10:10 AM, Daan Hoogland <da...@gmail.com>
> wrote:
>
> > Shyam, please do raise a bug. I will not start on this immediately but
> > this does need fixing. Can you leave all relevant data in the ticket,
> like
> > logs and traces?
> >
> > On Wed, Mar 21, 2018 at 10:30 AM, Daan Hoogland <daan.hoogland@gmail.com
> >
> > wrote:
> >
> >> ok, Javier and Shyam. This definitely sound like a bug. I have no idea
> >> what might be the case and have to look. Can you enter and issue with
> >> relevant data?
> >>
> >> On Tue, Mar 20, 2018 at 4:36 PM, Javier Rodríguez Caquilala <
> >> javier.caquilala@adderglobal.com> wrote:
> >>
> >>>
> >>> Hi Shyam,
> >>> I have the same problem with AD authentication. My platform was working
> >>> perfectly with CS 4.9.2. After the upgrade Cloudstack to 4.11 I can't
> login
> >>> with LDAP users but I can list ldap users in "Add LDAP account". In
> log I
> >>> get the following error:
> >>> Authentication failure: {"loginresponse":{"uuidList":[
> >>> ],"errorcode":531,"errortext":"Failed to authenticate user
> >>> javier@adderglobal.com in domain 1; please provide valid
> credentials"}}
> >>>
> >>> I check with tcpdump the communication between cloudstack-management
> and
> >>> AD and I find cloudstack send correctly  a bindRequest and AD response
> was
> >>> success so I think cloudstack is not interpreting the response in the
> right
> >>> way.
> >>>
> >>>
> >>>
> >>>
> >>> LDAPMessage bindRequest(1) "CN=javier,OU=XXXX,OU=XXXX,OU=
> XXXX,DC=XXXX,DC=XXXX"
> >>> password
> >>>
> >>> LDAPMEssage bindResponse(1) "success"
> >>>
> >>>
> >>>
> >>>
> >>> I compare the bind request and bindResponse in Cloudstack 4.9.2 and it
> >>> looks like the same request an response.
> >>>
> >>> Regards,
> >>> Javier
> >>>
> >>>
> >>> -----Mensaje original-----
> >>> > De: "soundar rajan" <bs...@gmail.com>
> >>> > A: users@cloudstack.apache.org
> >>> > Fecha: 20/03/18 12:59
> >>> > Asunto: Re: Not able to authenticate using microsoft AD
> >>> >
> >>> > sometime while restarting i am getting this information
> >>> >
> >>> >  Did not find configuration ldap.username.attribute in Config.java.
> >>> Perhaps
> >>> > moved to ConfigDepot
> >>> >
> >>> > On Tue, Mar 20, 2018 at 4:53 PM, soundar rajan <
> bsoundarajan@gmail.com
> >>> >
> >>> > wrote:
> >>> >
> >>> > > yes its microsoftad and all the required parameters are configured
> >>> > > correctly
> >>> > >
> >>> > > On Tue, Mar 20, 2018 at 3:22 PM, Daan Hoogland <
> >>> daan.hoogland@gmail.com>
> >>> > > wrote:
> >>> > >
> >>> > >> Shyam, your reply to Rajani doesn't seem to include any settings.
> >>> most
> >>> > >> particularly what is the value of 'ldap.provider'?
> >>> > >>
> >>> > >>
> >>> > >>
> >>> > >> On Tue, Mar 20, 2018 at 9:49 AM, soundar rajan <
> >>> bsoundarajan@gmail.com>
> >>> > >> wrote:
> >>> > >>
> >>> > >> > Hi Daan,
> >>> > >> >
> >>> > >> > Please find the log
> >>> > >> >
> >>> > >> > 2018-03-20 14:17:55,650 DEBUG [c.c.u.AccountManagerImpl]
> >>> > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Attempting to
> log
> >>> in
> >>> > >> user:
> >>> > >> > shyam.soundar in domain 1
> >>> > >> > 2018-03-20 14:17:55,673 DEBUG [o.a.c.l.LdapContextFactory]
> >>> > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) initializing
> ldap
> >>> with
> >>> > >> > provider url: ldap://172.xx.xx.11:389
> >>> > >> > 2018-03-20 14:17:55,724 DEBUG [o.a.c.l.LdapContextFactory]
> >>> > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) initializing
> ldap
> >>> with
> >>> > >> > provider url: ldap://172.xx.xx.11:389
> >>> > >> > 2018-03-20 14:17:55,725 DEBUG [c.c.u.AccountManagerImpl]
> >>> > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Unable to
> >>> authenticate
> >>> > >> user
> >>> > >> > with username shyam.soundar in domain 1
> >>> > >> > 2018-03-20 14:17:55,726 DEBUG [c.c.u.AccountManagerImpl]
> >>> > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) User:
> >>> shyam.soundar in
> >>> > >> > domain 1 has failed to log in
> >>> > >> > 2018-03-20 14:17:55,728 DEBUG [c.c.a.ApiServlet]
> >>> > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Authentication
> >>> failure:
> >>> > >> > {"loginresponse":{"uuidList":[],"errorcode":531,"errortext":
> "Failed
> >>> to
> >>> > >> > authenticate user shyam.soundar in domain 1; please provide
> valid
> >>> > >> > credentials"}}
> >>> > >> >
> >>> > >> > Regards
> >>> > >> > Shyam
> >>> > >> >
> >>> > >> > On Tue, Mar 20, 2018 at 12:58 PM, Daan Hoogland <
> >>> > >> daan.hoogland@gmail.com>
> >>> > >> > wrote:
> >>> > >> >
> >>> > >> > > not at first glance no, it can be a configuration or a code
> >>> bug. Can
> >>> > >> you
> >>> > >> > > find anything in the logs around the moment of the login?
> >>> > >> > >
> >>> > >> > > On Tue, Mar 20, 2018 at 6:56 AM, soundar rajan <
> >>> > >> bsoundarajan@gmail.com>
> >>> > >> > > wrote:
> >>> > >> > >
> >>> > >> > > > Hi Daan,
> >>> > >> > > >
> >>> > >> > > > I dont see any request hitting  our domain controller while
> >>> logging
> >>> > >> > but i
> >>> > >> > > > am able to import all users. Any idea.
> >>> > >> > > >
> >>> > >> > > > Regards
> >>> > >> > > > Shyam
> >>> > >> > > >
> >>> > >> > > > On Mon, Mar 19, 2018 at 11:20 PM, Daan Hoogland <
> >>> > >> > daan.hoogland@gmail.com
> >>> > >> > > >
> >>> > >> > > > wrote:
> >>> > >> > > >
> >>> > >> > > > > Shyam, do you have any related log message, preferably
> with
> >>> stack
> >>> > >> > trace
> >>> > >> > > > > that is related? Do you see that request are coming in on
> >>> your AD?
> >>> > >> > > > >
> >>> > >> > > > > On Mon, Mar 19, 2018 at 12:41 PM, soundar rajan <
> >>> > >> > > bsoundarajan@gmail.com>
> >>> > >> > > > > wrote:
> >>> > >> > > > >
> >>> > >> > > > > > Please find the error message
> >>> > >> > > > > >
> >>> > >> > > > > > Authentication failure:
> >>> > >> > > > > > {"loginresponse":{"uuidList":[
> >>> ],"errorcode":531,"errortext":
> >>> > >> > "Failed
> >>> > >> > > to
> >>> > >> > > > > > authenticate user shyam.soundar in domain 1; please
> >>> provide
> >>> > >> valid
> >>> > >> > > > > > credentials"}}
> >>> > >> > > > > >
> >>> > >> > > > > >
> >>> > >> > > > > > On Mon, Mar 19, 2018 at 6:10 PM, soundar rajan <
> >>> > >> > > bsoundarajan@gmail.com
> >>> > >> > > > >
> >>> > >> > > > > > wrote:
> >>> > >> > > > > >
> >>> > >> > > > > > > Hi,
> >>> > >> > > > > > >
> >>> > >> > > > > > > Version i use is 4.11
> >>> > >> > > > > > >
> >>> > >> > > > > > > Regards
> >>> > >> > > > > > > Shyam
> >>> > >> > > > > > >
> >>> > >> > > > > > > On Mon, Mar 19, 2018 at 5:38 PM, Daan Hoogland <
> >>> > >> > > > > daan.hoogland@gmail.com>
> >>> > >> > > > > > > wrote:
> >>> > >> > > > > > >
> >>> > >> > > > > > >> Shyam, sorry to hear. What versions are you using?
> >>> > >> > > > > > >>
> >>> > >> > > > > > >> On Mon, Mar 19, 2018 at 11:55 AM, soundar rajan <
> >>> > >> > > > > bsoundarajan@gmail.com
> >>> > >> > > > > > >
> >>> > >> > > > > > >> wrote:
> >>> > >> > > > > > >>
> >>> > >> > > > > > >> > Hi ALL,
> >>> > >> > > > > > >> >
> >>> > >> > > > > > >> > I have successfully configured Active directory and
> >>> able to
> >>> > >> > > import
> >>> > >> > > > > the
> >>> > >> > > > > > >> > users to cloudstack.
> >>> > >> > > > > > >> >
> >>> > >> > > > > > >> > But users is not able to login with there domain
> >>> > >> credentials
> >>> > >> > do
> >>> > >> > > i
> >>> > >> > > > > miss
> >>> > >> > > > > > >> > anything in the configuration?
> >>> > >> > > > > > >> >
> >>> > >> > > > > > >> > Regards
> >>> > >> > > > > > >> > Shyam
> >>> > >> > > > > > >> >
> >>> > >> > > > > > >>
> >>> > >> > > > > > >>
> >>> > >> > > > > > >>
> >>> > >> > > > > > >> --
> >>> > >> > > > > > >> Daan
> >>> > >> > > > > > >>
> >>> > >> > > > > > >
> >>> > >> > > > > > >
> >>> > >> > > > > >
> >>> > >> > > > >
> >>> > >> > > > >
> >>> > >> > > > >
> >>> > >> > > > > --
> >>> > >> > > > > Daan
> >>> > >> > > > >
> >>> > >> > > >
> >>> > >> > >
> >>> > >> > >
> >>> > >> > >
> >>> > >> > > --
> >>> > >> > > Daan
> >>> > >> > >
> >>> > >> >
> >>> > >>
> >>> > >>
> >>> > >>
> >>> > >> --
> >>> > >> Daan
> >>> > >>
> >>> > >
> >>> > >
> >>>
> >>>
> >>
> >>
> >> --
> >> Daan
> >>
> >
> >
> >
> > --
> > Daan
> >
>
>
>
> --
> Daan
>

Re: Not able to authenticate using microsoft AD

[Daan Hoogland <da...@gmail.com>]

​Shyam, Javier,

I found and fixed a bug, There is a PR out [1]. Are you able to test this?​
meaning creating your own package from that branch and trying?
​In the end it wasn't an AD specific bug but had to do with non-synced
accounts​. Unfortunately there was no test case for it. If it works it will
go into 4.11.1.

​[1] https://github.com/apache/cloudstack/pull/2517​


On Fri, Mar 23, 2018 at 10:10 AM, Daan Hoogland <da...@gmail.com>
wrote:

> Shyam, please do raise a bug. I will not start on this immediately but
> this does need fixing. Can you leave all relevant data in the ticket, like
> logs and traces?
>
> On Wed, Mar 21, 2018 at 10:30 AM, Daan Hoogland <da...@gmail.com>
> wrote:
>
>> ok, Javier and Shyam. This definitely sound like a bug. I have no idea
>> what might be the case and have to look. Can you enter and issue with
>> relevant data?
>>
>> On Tue, Mar 20, 2018 at 4:36 PM, Javier Rodríguez Caquilala <
>> javier.caquilala@adderglobal.com> wrote:
>>
>>>
>>> Hi Shyam,
>>> I have the same problem with AD authentication. My platform was working
>>> perfectly with CS 4.9.2. After the upgrade Cloudstack to 4.11 I can't login
>>> with LDAP users but I can list ldap users in "Add LDAP account". In log I
>>> get the following error:
>>> Authentication failure: {"loginresponse":{"uuidList":[
>>> ],"errorcode":531,"errortext":"Failed to authenticate user
>>> javier@adderglobal.com in domain 1; please provide valid credentials"}}
>>>
>>> I check with tcpdump the communication between cloudstack-management and
>>> AD and I find cloudstack send correctly  a bindRequest and AD response was
>>> success so I think cloudstack is not interpreting the response in the right
>>> way.
>>>
>>>
>>>
>>>
>>> LDAPMessage bindRequest(1) "CN=javier,OU=XXXX,OU=XXXX,OU=XXXX,DC=XXXX,DC=XXXX"
>>> password
>>>
>>> LDAPMEssage bindResponse(1) "success"
>>>
>>>
>>>
>>>
>>> I compare the bind request and bindResponse in Cloudstack 4.9.2 and it
>>> looks like the same request an response.
>>>
>>> Regards,
>>> Javier
>>>
>>>
>>> -----Mensaje original-----
>>> > De: "soundar rajan" <bs...@gmail.com>
>>> > A: users@cloudstack.apache.org
>>> > Fecha: 20/03/18 12:59
>>> > Asunto: Re: Not able to authenticate using microsoft AD
>>> >
>>> > sometime while restarting i am getting this information
>>> >
>>> >  Did not find configuration ldap.username.attribute in Config.java.
>>> Perhaps
>>> > moved to ConfigDepot
>>> >
>>> > On Tue, Mar 20, 2018 at 4:53 PM, soundar rajan <bsoundarajan@gmail.com
>>> >
>>> > wrote:
>>> >
>>> > > yes its microsoftad and all the required parameters are configured
>>> > > correctly
>>> > >
>>> > > On Tue, Mar 20, 2018 at 3:22 PM, Daan Hoogland <
>>> daan.hoogland@gmail.com>
>>> > > wrote:
>>> > >
>>> > >> Shyam, your reply to Rajani doesn't seem to include any settings.
>>> most
>>> > >> particularly what is the value of 'ldap.provider'?
>>> > >>
>>> > >>
>>> > >>
>>> > >> On Tue, Mar 20, 2018 at 9:49 AM, soundar rajan <
>>> bsoundarajan@gmail.com>
>>> > >> wrote:
>>> > >>
>>> > >> > Hi Daan,
>>> > >> >
>>> > >> > Please find the log
>>> > >> >
>>> > >> > 2018-03-20 14:17:55,650 DEBUG [c.c.u.AccountManagerImpl]
>>> > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Attempting to log
>>> in
>>> > >> user:
>>> > >> > shyam.soundar in domain 1
>>> > >> > 2018-03-20 14:17:55,673 DEBUG [o.a.c.l.LdapContextFactory]
>>> > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) initializing ldap
>>> with
>>> > >> > provider url: ldap://172.xx.xx.11:389
>>> > >> > 2018-03-20 14:17:55,724 DEBUG [o.a.c.l.LdapContextFactory]
>>> > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) initializing ldap
>>> with
>>> > >> > provider url: ldap://172.xx.xx.11:389
>>> > >> > 2018-03-20 14:17:55,725 DEBUG [c.c.u.AccountManagerImpl]
>>> > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Unable to
>>> authenticate
>>> > >> user
>>> > >> > with username shyam.soundar in domain 1
>>> > >> > 2018-03-20 14:17:55,726 DEBUG [c.c.u.AccountManagerImpl]
>>> > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) User:
>>> shyam.soundar in
>>> > >> > domain 1 has failed to log in
>>> > >> > 2018-03-20 14:17:55,728 DEBUG [c.c.a.ApiServlet]
>>> > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Authentication
>>> failure:
>>> > >> > {"loginresponse":{"uuidList":[],"errorcode":531,"errortext":"Failed
>>> to
>>> > >> > authenticate user shyam.soundar in domain 1; please provide valid
>>> > >> > credentials"}}
>>> > >> >
>>> > >> > Regards
>>> > >> > Shyam
>>> > >> >
>>> > >> > On Tue, Mar 20, 2018 at 12:58 PM, Daan Hoogland <
>>> > >> daan.hoogland@gmail.com>
>>> > >> > wrote:
>>> > >> >
>>> > >> > > not at first glance no, it can be a configuration or a code
>>> bug. Can
>>> > >> you
>>> > >> > > find anything in the logs around the moment of the login?
>>> > >> > >
>>> > >> > > On Tue, Mar 20, 2018 at 6:56 AM, soundar rajan <
>>> > >> bsoundarajan@gmail.com>
>>> > >> > > wrote:
>>> > >> > >
>>> > >> > > > Hi Daan,
>>> > >> > > >
>>> > >> > > > I dont see any request hitting  our domain controller while
>>> logging
>>> > >> > but i
>>> > >> > > > am able to import all users. Any idea.
>>> > >> > > >
>>> > >> > > > Regards
>>> > >> > > > Shyam
>>> > >> > > >
>>> > >> > > > On Mon, Mar 19, 2018 at 11:20 PM, Daan Hoogland <
>>> > >> > daan.hoogland@gmail.com
>>> > >> > > >
>>> > >> > > > wrote:
>>> > >> > > >
>>> > >> > > > > Shyam, do you have any related log message, preferably with
>>> stack
>>> > >> > trace
>>> > >> > > > > that is related? Do you see that request are coming in on
>>> your AD?
>>> > >> > > > >
>>> > >> > > > > On Mon, Mar 19, 2018 at 12:41 PM, soundar rajan <
>>> > >> > > bsoundarajan@gmail.com>
>>> > >> > > > > wrote:
>>> > >> > > > >
>>> > >> > > > > > Please find the error message
>>> > >> > > > > >
>>> > >> > > > > > Authentication failure:
>>> > >> > > > > > {"loginresponse":{"uuidList":[
>>> ],"errorcode":531,"errortext":
>>> > >> > "Failed
>>> > >> > > to
>>> > >> > > > > > authenticate user shyam.soundar in domain 1; please
>>> provide
>>> > >> valid
>>> > >> > > > > > credentials"}}
>>> > >> > > > > >
>>> > >> > > > > >
>>> > >> > > > > > On Mon, Mar 19, 2018 at 6:10 PM, soundar rajan <
>>> > >> > > bsoundarajan@gmail.com
>>> > >> > > > >
>>> > >> > > > > > wrote:
>>> > >> > > > > >
>>> > >> > > > > > > Hi,
>>> > >> > > > > > >
>>> > >> > > > > > > Version i use is 4.11
>>> > >> > > > > > >
>>> > >> > > > > > > Regards
>>> > >> > > > > > > Shyam
>>> > >> > > > > > >
>>> > >> > > > > > > On Mon, Mar 19, 2018 at 5:38 PM, Daan Hoogland <
>>> > >> > > > > daan.hoogland@gmail.com>
>>> > >> > > > > > > wrote:
>>> > >> > > > > > >
>>> > >> > > > > > >> Shyam, sorry to hear. What versions are you using?
>>> > >> > > > > > >>
>>> > >> > > > > > >> On Mon, Mar 19, 2018 at 11:55 AM, soundar rajan <
>>> > >> > > > > bsoundarajan@gmail.com
>>> > >> > > > > > >
>>> > >> > > > > > >> wrote:
>>> > >> > > > > > >>
>>> > >> > > > > > >> > Hi ALL,
>>> > >> > > > > > >> >
>>> > >> > > > > > >> > I have successfully configured Active directory and
>>> able to
>>> > >> > > import
>>> > >> > > > > the
>>> > >> > > > > > >> > users to cloudstack.
>>> > >> > > > > > >> >
>>> > >> > > > > > >> > But users is not able to login with there domain
>>> > >> credentials
>>> > >> > do
>>> > >> > > i
>>> > >> > > > > miss
>>> > >> > > > > > >> > anything in the configuration?
>>> > >> > > > > > >> >
>>> > >> > > > > > >> > Regards
>>> > >> > > > > > >> > Shyam
>>> > >> > > > > > >> >
>>> > >> > > > > > >>
>>> > >> > > > > > >>
>>> > >> > > > > > >>
>>> > >> > > > > > >> --
>>> > >> > > > > > >> Daan
>>> > >> > > > > > >>
>>> > >> > > > > > >
>>> > >> > > > > > >
>>> > >> > > > > >
>>> > >> > > > >
>>> > >> > > > >
>>> > >> > > > >
>>> > >> > > > > --
>>> > >> > > > > Daan
>>> > >> > > > >
>>> > >> > > >
>>> > >> > >
>>> > >> > >
>>> > >> > >
>>> > >> > > --
>>> > >> > > Daan
>>> > >> > >
>>> > >> >
>>> > >>
>>> > >>
>>> > >>
>>> > >> --
>>> > >> Daan
>>> > >>
>>> > >
>>> > >
>>>
>>>
>>
>>
>> --
>> Daan
>>
>
>
>
> --
> Daan
>



-- 
Daan

Re: Not able to authenticate using microsoft AD

[Daan Hoogland <da...@gmail.com>]

Shyam, please do raise a bug. I will not start on this immediately but this
does need fixing. Can you leave all relevant data in the ticket, like logs
and traces?

On Wed, Mar 21, 2018 at 10:30 AM, Daan Hoogland <da...@gmail.com>
wrote:

> ok, Javier and Shyam. This definitely sound like a bug. I have no idea
> what might be the case and have to look. Can you enter and issue with
> relevant data?
>
> On Tue, Mar 20, 2018 at 4:36 PM, Javier Rodríguez Caquilala <
> javier.caquilala@adderglobal.com> wrote:
>
>>
>> Hi Shyam,
>> I have the same problem with AD authentication. My platform was working
>> perfectly with CS 4.9.2. After the upgrade Cloudstack to 4.11 I can't login
>> with LDAP users but I can list ldap users in "Add LDAP account". In log I
>> get the following error:
>> Authentication failure: {"loginresponse":{"uuidList":[
>> ],"errorcode":531,"errortext":"Failed to authenticate user
>> javier@adderglobal.com in domain 1; please provide valid credentials"}}
>>
>> I check with tcpdump the communication between cloudstack-management and
>> AD and I find cloudstack send correctly  a bindRequest and AD response was
>> success so I think cloudstack is not interpreting the response in the right
>> way.
>>
>>
>>
>>
>> LDAPMessage bindRequest(1) "CN=javier,OU=XXXX,OU=XXXX,OU=XXXX,DC=XXXX,DC=XXXX"
>> password
>>
>> LDAPMEssage bindResponse(1) "success"
>>
>>
>>
>>
>> I compare the bind request and bindResponse in Cloudstack 4.9.2 and it
>> looks like the same request an response.
>>
>> Regards,
>> Javier
>>
>>
>> -----Mensaje original-----
>> > De: "soundar rajan" <bs...@gmail.com>
>> > A: users@cloudstack.apache.org
>> > Fecha: 20/03/18 12:59
>> > Asunto: Re: Not able to authenticate using microsoft AD
>> >
>> > sometime while restarting i am getting this information
>> >
>> >  Did not find configuration ldap.username.attribute in Config.java.
>> Perhaps
>> > moved to ConfigDepot
>> >
>> > On Tue, Mar 20, 2018 at 4:53 PM, soundar rajan <bs...@gmail.com>
>> > wrote:
>> >
>> > > yes its microsoftad and all the required parameters are configured
>> > > correctly
>> > >
>> > > On Tue, Mar 20, 2018 at 3:22 PM, Daan Hoogland <
>> daan.hoogland@gmail.com>
>> > > wrote:
>> > >
>> > >> Shyam, your reply to Rajani doesn't seem to include any settings.
>> most
>> > >> particularly what is the value of 'ldap.provider'?
>> > >>
>> > >>
>> > >>
>> > >> On Tue, Mar 20, 2018 at 9:49 AM, soundar rajan <
>> bsoundarajan@gmail.com>
>> > >> wrote:
>> > >>
>> > >> > Hi Daan,
>> > >> >
>> > >> > Please find the log
>> > >> >
>> > >> > 2018-03-20 14:17:55,650 DEBUG [c.c.u.AccountManagerImpl]
>> > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Attempting to log
>> in
>> > >> user:
>> > >> > shyam.soundar in domain 1
>> > >> > 2018-03-20 14:17:55,673 DEBUG [o.a.c.l.LdapContextFactory]
>> > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) initializing ldap
>> with
>> > >> > provider url: ldap://172.xx.xx.11:389
>> > >> > 2018-03-20 14:17:55,724 DEBUG [o.a.c.l.LdapContextFactory]
>> > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) initializing ldap
>> with
>> > >> > provider url: ldap://172.xx.xx.11:389
>> > >> > 2018-03-20 14:17:55,725 DEBUG [c.c.u.AccountManagerImpl]
>> > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Unable to
>> authenticate
>> > >> user
>> > >> > with username shyam.soundar in domain 1
>> > >> > 2018-03-20 14:17:55,726 DEBUG [c.c.u.AccountManagerImpl]
>> > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) User:
>> shyam.soundar in
>> > >> > domain 1 has failed to log in
>> > >> > 2018-03-20 14:17:55,728 DEBUG [c.c.a.ApiServlet]
>> > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Authentication
>> failure:
>> > >> > {"loginresponse":{"uuidList":[],"errorcode":531,"errortext":"Failed
>> to
>> > >> > authenticate user shyam.soundar in domain 1; please provide valid
>> > >> > credentials"}}
>> > >> >
>> > >> > Regards
>> > >> > Shyam
>> > >> >
>> > >> > On Tue, Mar 20, 2018 at 12:58 PM, Daan Hoogland <
>> > >> daan.hoogland@gmail.com>
>> > >> > wrote:
>> > >> >
>> > >> > > not at first glance no, it can be a configuration or a code bug.
>> Can
>> > >> you
>> > >> > > find anything in the logs around the moment of the login?
>> > >> > >
>> > >> > > On Tue, Mar 20, 2018 at 6:56 AM, soundar rajan <
>> > >> bsoundarajan@gmail.com>
>> > >> > > wrote:
>> > >> > >
>> > >> > > > Hi Daan,
>> > >> > > >
>> > >> > > > I dont see any request hitting  our domain controller while
>> logging
>> > >> > but i
>> > >> > > > am able to import all users. Any idea.
>> > >> > > >
>> > >> > > > Regards
>> > >> > > > Shyam
>> > >> > > >
>> > >> > > > On Mon, Mar 19, 2018 at 11:20 PM, Daan Hoogland <
>> > >> > daan.hoogland@gmail.com
>> > >> > > >
>> > >> > > > wrote:
>> > >> > > >
>> > >> > > > > Shyam, do you have any related log message, preferably with
>> stack
>> > >> > trace
>> > >> > > > > that is related? Do you see that request are coming in on
>> your AD?
>> > >> > > > >
>> > >> > > > > On Mon, Mar 19, 2018 at 12:41 PM, soundar rajan <
>> > >> > > bsoundarajan@gmail.com>
>> > >> > > > > wrote:
>> > >> > > > >
>> > >> > > > > > Please find the error message
>> > >> > > > > >
>> > >> > > > > > Authentication failure:
>> > >> > > > > > {"loginresponse":{"uuidList":[
>> ],"errorcode":531,"errortext":
>> > >> > "Failed
>> > >> > > to
>> > >> > > > > > authenticate user shyam.soundar in domain 1; please provide
>> > >> valid
>> > >> > > > > > credentials"}}
>> > >> > > > > >
>> > >> > > > > >
>> > >> > > > > > On Mon, Mar 19, 2018 at 6:10 PM, soundar rajan <
>> > >> > > bsoundarajan@gmail.com
>> > >> > > > >
>> > >> > > > > > wrote:
>> > >> > > > > >
>> > >> > > > > > > Hi,
>> > >> > > > > > >
>> > >> > > > > > > Version i use is 4.11
>> > >> > > > > > >
>> > >> > > > > > > Regards
>> > >> > > > > > > Shyam
>> > >> > > > > > >
>> > >> > > > > > > On Mon, Mar 19, 2018 at 5:38 PM, Daan Hoogland <
>> > >> > > > > daan.hoogland@gmail.com>
>> > >> > > > > > > wrote:
>> > >> > > > > > >
>> > >> > > > > > >> Shyam, sorry to hear. What versions are you using?
>> > >> > > > > > >>
>> > >> > > > > > >> On Mon, Mar 19, 2018 at 11:55 AM, soundar rajan <
>> > >> > > > > bsoundarajan@gmail.com
>> > >> > > > > > >
>> > >> > > > > > >> wrote:
>> > >> > > > > > >>
>> > >> > > > > > >> > Hi ALL,
>> > >> > > > > > >> >
>> > >> > > > > > >> > I have successfully configured Active directory and
>> able to
>> > >> > > import
>> > >> > > > > the
>> > >> > > > > > >> > users to cloudstack.
>> > >> > > > > > >> >
>> > >> > > > > > >> > But users is not able to login with there domain
>> > >> credentials
>> > >> > do
>> > >> > > i
>> > >> > > > > miss
>> > >> > > > > > >> > anything in the configuration?
>> > >> > > > > > >> >
>> > >> > > > > > >> > Regards
>> > >> > > > > > >> > Shyam
>> > >> > > > > > >> >
>> > >> > > > > > >>
>> > >> > > > > > >>
>> > >> > > > > > >>
>> > >> > > > > > >> --
>> > >> > > > > > >> Daan
>> > >> > > > > > >>
>> > >> > > > > > >
>> > >> > > > > > >
>> > >> > > > > >
>> > >> > > > >
>> > >> > > > >
>> > >> > > > >
>> > >> > > > > --
>> > >> > > > > Daan
>> > >> > > > >
>> > >> > > >
>> > >> > >
>> > >> > >
>> > >> > >
>> > >> > > --
>> > >> > > Daan
>> > >> > >
>> > >> >
>> > >>
>> > >>
>> > >>
>> > >> --
>> > >> Daan
>> > >>
>> > >
>> > >
>>
>>
>
>
> --
> Daan
>



-- 
Daan

Re: Not able to authenticate using microsoft AD

[Daan Hoogland <da...@gmail.com>]

ok, Javier and Shyam. This definitely sound like a bug. I have no idea what
might be the case and have to look. Can you enter and issue with relevant
data?

On Tue, Mar 20, 2018 at 4:36 PM, Javier Rodríguez Caquilala <
javier.caquilala@adderglobal.com> wrote:

>
> Hi Shyam,
> I have the same problem with AD authentication. My platform was working
> perfectly with CS 4.9.2. After the upgrade Cloudstack to 4.11 I can't login
> with LDAP users but I can list ldap users in "Add LDAP account". In log I
> get the following error:
> Authentication failure: {"loginresponse":{"uuidList":[
> ],"errorcode":531,"errortext":"Failed to authenticate user
> javier@adderglobal.com in domain 1; please provide valid credentials"}}
>
> I check with tcpdump the communication between cloudstack-management and
> AD and I find cloudstack send correctly  a bindRequest and AD response was
> success so I think cloudstack is not interpreting the response in the right
> way.
>
>
>
>
> LDAPMessage bindRequest(1) "CN=javier,OU=XXXX,OU=XXXX,OU=XXXX,DC=XXXX,DC=XXXX"
> password
>
> LDAPMEssage bindResponse(1) "success"
>
>
>
>
> I compare the bind request and bindResponse in Cloudstack 4.9.2 and it
> looks like the same request an response.
>
> Regards,
> Javier
>
>
> -----Mensaje original-----
> > De: "soundar rajan" <bs...@gmail.com>
> > A: users@cloudstack.apache.org
> > Fecha: 20/03/18 12:59
> > Asunto: Re: Not able to authenticate using microsoft AD
> >
> > sometime while restarting i am getting this information
> >
> >  Did not find configuration ldap.username.attribute in Config.java.
> Perhaps
> > moved to ConfigDepot
> >
> > On Tue, Mar 20, 2018 at 4:53 PM, soundar rajan <bs...@gmail.com>
> > wrote:
> >
> > > yes its microsoftad and all the required parameters are configured
> > > correctly
> > >
> > > On Tue, Mar 20, 2018 at 3:22 PM, Daan Hoogland <
> daan.hoogland@gmail.com>
> > > wrote:
> > >
> > >> Shyam, your reply to Rajani doesn't seem to include any settings. most
> > >> particularly what is the value of 'ldap.provider'?
> > >>
> > >>
> > >>
> > >> On Tue, Mar 20, 2018 at 9:49 AM, soundar rajan <
> bsoundarajan@gmail.com>
> > >> wrote:
> > >>
> > >> > Hi Daan,
> > >> >
> > >> > Please find the log
> > >> >
> > >> > 2018-03-20 14:17:55,650 DEBUG [c.c.u.AccountManagerImpl]
> > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Attempting to log in
> > >> user:
> > >> > shyam.soundar in domain 1
> > >> > 2018-03-20 14:17:55,673 DEBUG [o.a.c.l.LdapContextFactory]
> > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) initializing ldap
> with
> > >> > provider url: ldap://172.xx.xx.11:389
> > >> > 2018-03-20 14:17:55,724 DEBUG [o.a.c.l.LdapContextFactory]
> > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) initializing ldap
> with
> > >> > provider url: ldap://172.xx.xx.11:389
> > >> > 2018-03-20 14:17:55,725 DEBUG [c.c.u.AccountManagerImpl]
> > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Unable to
> authenticate
> > >> user
> > >> > with username shyam.soundar in domain 1
> > >> > 2018-03-20 14:17:55,726 DEBUG [c.c.u.AccountManagerImpl]
> > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) User: shyam.soundar
> in
> > >> > domain 1 has failed to log in
> > >> > 2018-03-20 14:17:55,728 DEBUG [c.c.a.ApiServlet]
> > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Authentication
> failure:
> > >> > {"loginresponse":{"uuidList":[],"errorcode":531,"errortext":"Failed
> to
> > >> > authenticate user shyam.soundar in domain 1; please provide valid
> > >> > credentials"}}
> > >> >
> > >> > Regards
> > >> > Shyam
> > >> >
> > >> > On Tue, Mar 20, 2018 at 12:58 PM, Daan Hoogland <
> > >> daan.hoogland@gmail.com>
> > >> > wrote:
> > >> >
> > >> > > not at first glance no, it can be a configuration or a code bug.
> Can
> > >> you
> > >> > > find anything in the logs around the moment of the login?
> > >> > >
> > >> > > On Tue, Mar 20, 2018 at 6:56 AM, soundar rajan <
> > >> bsoundarajan@gmail.com>
> > >> > > wrote:
> > >> > >
> > >> > > > Hi Daan,
> > >> > > >
> > >> > > > I dont see any request hitting  our domain controller while
> logging
> > >> > but i
> > >> > > > am able to import all users. Any idea.
> > >> > > >
> > >> > > > Regards
> > >> > > > Shyam
> > >> > > >
> > >> > > > On Mon, Mar 19, 2018 at 11:20 PM, Daan Hoogland <
> > >> > daan.hoogland@gmail.com
> > >> > > >
> > >> > > > wrote:
> > >> > > >
> > >> > > > > Shyam, do you have any related log message, preferably with
> stack
> > >> > trace
> > >> > > > > that is related? Do you see that request are coming in on
> your AD?
> > >> > > > >
> > >> > > > > On Mon, Mar 19, 2018 at 12:41 PM, soundar rajan <
> > >> > > bsoundarajan@gmail.com>
> > >> > > > > wrote:
> > >> > > > >
> > >> > > > > > Please find the error message
> > >> > > > > >
> > >> > > > > > Authentication failure:
> > >> > > > > > {"loginresponse":{"uuidList":[
> ],"errorcode":531,"errortext":
> > >> > "Failed
> > >> > > to
> > >> > > > > > authenticate user shyam.soundar in domain 1; please provide
> > >> valid
> > >> > > > > > credentials"}}
> > >> > > > > >
> > >> > > > > >
> > >> > > > > > On Mon, Mar 19, 2018 at 6:10 PM, soundar rajan <
> > >> > > bsoundarajan@gmail.com
> > >> > > > >
> > >> > > > > > wrote:
> > >> > > > > >
> > >> > > > > > > Hi,
> > >> > > > > > >
> > >> > > > > > > Version i use is 4.11
> > >> > > > > > >
> > >> > > > > > > Regards
> > >> > > > > > > Shyam
> > >> > > > > > >
> > >> > > > > > > On Mon, Mar 19, 2018 at 5:38 PM, Daan Hoogland <
> > >> > > > > daan.hoogland@gmail.com>
> > >> > > > > > > wrote:
> > >> > > > > > >
> > >> > > > > > >> Shyam, sorry to hear. What versions are you using?
> > >> > > > > > >>
> > >> > > > > > >> On Mon, Mar 19, 2018 at 11:55 AM, soundar rajan <
> > >> > > > > bsoundarajan@gmail.com
> > >> > > > > > >
> > >> > > > > > >> wrote:
> > >> > > > > > >>
> > >> > > > > > >> > Hi ALL,
> > >> > > > > > >> >
> > >> > > > > > >> > I have successfully configured Active directory and
> able to
> > >> > > import
> > >> > > > > the
> > >> > > > > > >> > users to cloudstack.
> > >> > > > > > >> >
> > >> > > > > > >> > But users is not able to login with there domain
> > >> credentials
> > >> > do
> > >> > > i
> > >> > > > > miss
> > >> > > > > > >> > anything in the configuration?
> > >> > > > > > >> >
> > >> > > > > > >> > Regards
> > >> > > > > > >> > Shyam
> > >> > > > > > >> >
> > >> > > > > > >>
> > >> > > > > > >>
> > >> > > > > > >>
> > >> > > > > > >> --
> > >> > > > > > >> Daan
> > >> > > > > > >>
> > >> > > > > > >
> > >> > > > > > >
> > >> > > > > >
> > >> > > > >
> > >> > > > >
> > >> > > > >
> > >> > > > > --
> > >> > > > > Daan
> > >> > > > >
> > >> > > >
> > >> > >
> > >> > >
> > >> > >
> > >> > > --
> > >> > > Daan
> > >> > >
> > >> >
> > >>
> > >>
> > >>
> > >> --
> > >> Daan
> > >>
> > >
> > >
>
>


-- 
Daan

Re: Not able to authenticate using microsoft AD

[soundar rajan <bs...@gmail.com>]

In that case its a bug right? Do you want me to raise a bug?

On Thu, Mar 22, 2018 at 11:48 AM, Rohit Yadav <ro...@shapeblue.com>
wrote:

> Hi Shyam,
>
>
> My bad, I thought this was SAML related. This is most like
> openldap/ldap-plugin related changes.
>
>
> - Rohit
>
> <https://cloudstack.apache.org>
>
>
>
> ________________________________
> From: soundar rajan <bs...@gmail.com>
> Sent: Wednesday, March 21, 2018 5:39:43 PM
> To: users@cloudstack.apache.org
> Subject: Re: Not able to authenticate using microsoft AD
>
> Hi rohit,
>
> Do we really need to do that for openldap and microsoft ad?  We dont have
> SSO server in place its direct ldap query to domain controller
>
> Regards
> Shyam
>
> On Wed, Mar 21, 2018 at 2:38 PM, Rohit Yadav <ro...@shapeblue.com>
> wrote:
>
> > All,
> >
> >
> > Thanks for discussing and reporting this. After you've added a host, have
> > you got your SAML user authorized against the IdP? The current SAML2
> plugin
> > requires that authenticated users should be pre-authorized.
> >
> >
> > - Rohit
> >
> > <https://cloudstack.apache.org>
> >
> >
> >
> > ________________________________
> > From: soundar rajan <bs...@gmail.com>
> > Sent: Wednesday, March 21, 2018 10:07:43 AM
> > To: users@cloudstack.apache.org
> > Subject: Re: Not able to authenticate using microsoft AD
> >
> > Yep Even i tried with tcpdump and able to see the request and respone. In
> > that case its a bug in the 4.11 version i think.
> >
> > Regards
> > Shyam
> >
> > On Tue, Mar 20, 2018 at 9:06 PM, Javier Rodríguez Caquilala <
> > javier.caquilala@adderglobal.com> wrote:
> >
> > >
> > > Hi Shyam,
> > > I have the same problem with AD authentication. My platform was working
> > > perfectly with CS 4.9.2. After the upgrade Cloudstack to 4.11 I can't
> > login
> > > with LDAP users but I can list ldap users in "Add LDAP account". In
> log I
> > > get the following error:
> > > Authentication failure: {"loginresponse":{"uuidList":[
> > > ],"errorcode":531,"errortext":"Failed to authenticate user
> > > javier@adderglobal.com in domain 1; please provide valid
> credentials"}}
> > >
> > > I check with tcpdump the communication between cloudstack-management
> and
> > > AD and I find cloudstack send correctly  a bindRequest and AD response
> > was
> > > success so I think cloudstack is not interpreting the response in the
> > right
> > > way.
> > >
> > >
> > >
> > >
> > > LDAPMessage bindRequest(1) "CN=javier,OU=XXXX,OU=XXXX,OU=
> > XXXX,DC=XXXX,DC=XXXX"
> > > password
> > >
> > > LDAPMEssage bindResponse(1) "success"
> > >
> > >
> > >
> > >
> > > I compare the bind request and bindResponse in Cloudstack 4.9.2 and it
> > > looks like the same request an response.
> > >
> > > Regards,
> > > Javier
> > >
> > >
> > > -----Mensaje original-----
> > > > De: "soundar rajan" <bs...@gmail.com>
> > > > A: users@cloudstack.apache.org
> > > > Fecha: 20/03/18 12:59
> > > > Asunto: Re: Not able to authenticate using microsoft AD
> > > >
> > > > sometime while restarting i am getting this information
> > > >
> > > >  Did not find configuration ldap.username.attribute in Config.java.
> > > Perhaps
> > > > moved to ConfigDepot
> > > >
> > > > On Tue, Mar 20, 2018 at 4:53 PM, soundar rajan <
> bsoundarajan@gmail.com
> > >
> > > > wrote:
> > > >
> > > > > yes its microsoftad and all the required parameters are configured
> > > > > correctly
> > > > >
> > > > > On Tue, Mar 20, 2018 at 3:22 PM, Daan Hoogland <
> > > daan.hoogland@gmail.com>
> > > > > wrote:
> > > > >
> > > > >> Shyam, your reply to Rajani doesn't seem to include any settings.
> > most
> > > > >> particularly what is the value of 'ldap.provider'?
> > > > >>
> > > > >>
> > > > >>
> > > > >> On Tue, Mar 20, 2018 at 9:49 AM, soundar rajan <
> > > bsoundarajan@gmail.com>
> > > > >> wrote:
> > > > >>
> > > > >> > Hi Daan,
> > > > >> >
> > > > >> > Please find the log
> > > > >> >
> > > > >> > 2018-03-20 14:17:55,650 DEBUG [c.c.u.AccountManagerImpl]
> > > > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Attempting to
> log
> > in
> > > > >> user:
> > > > >> > shyam.soundar in domain 1
> > > > >> > 2018-03-20 14:17:55,673 DEBUG [o.a.c.l.LdapContextFactory]
> > > > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) initializing
> ldap
> > > with
> > > > >> > provider url: ldap://172.xx.xx.11:389
> > > > >> > 2018-03-20 14:17:55,724 DEBUG [o.a.c.l.LdapContextFactory]
> > > > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) initializing
> ldap
> > > with
> > > > >> > provider url: ldap://172.xx.xx.11:389
> > > > >> > 2018-03-20 14:17:55,725 DEBUG [c.c.u.AccountManagerImpl]
> > > > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Unable to
> > > authenticate
> > > > >> user
> > > > >> > with username shyam.soundar in domain 1
> > > > >> > 2018-03-20 14:17:55,726 DEBUG [c.c.u.AccountManagerImpl]
> > > > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) User:
> > shyam.soundar
> > > in
> > > > >> > domain 1 has failed to log in
> > > > >> > 2018-03-20 14:17:55,728 DEBUG [c.c.a.ApiServlet]
> > > > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Authentication
> > > failure:
> > > > >> > {"loginresponse":{"uuidList":[],"errorcode":531,"errortext":
> > "Failed
> > > to
> > > > >> > authenticate user shyam.soundar in domain 1; please provide
> valid
> > > > >> > credentials"}}
> > > > >> >
> > > > >> > Regards
> > > > >> > Shyam
> > > > >> >
> > > > >> > On Tue, Mar 20, 2018 at 12:58 PM, Daan Hoogland <
> > > > >> daan.hoogland@gmail.com>
> > > > >> > wrote:
> > > > >> >
> > > > >> > > not at first glance no, it can be a configuration or a code
> bug.
> > > Can
> > > > >> you
> > > > >> > > find anything in the logs around the moment of the login?
> > > > >> > >
> > > > >> > > On Tue, Mar 20, 2018 at 6:56 AM, soundar rajan <
> > > > >> bsoundarajan@gmail.com>
> > > > >> > > wrote:
> > > > >> > >
> > > > >> > > > Hi Daan,
> > > > >> > > >
> > > > >> > > > I dont see any request hitting  our domain controller while
> > > logging
> > > > >> > but i
> > > > >> > > > am able to import all users. Any idea.
> > > > >> > > >
> > > > >> > > > Regards
> > > > >> > > > Shyam
> > > > >> > > >
> > > > >> > > > On Mon, Mar 19, 2018 at 11:20 PM, Daan Hoogland <
> > > > >> > daan.hoogland@gmail.com
> > > > >> > > >
> > > > >> > > > wrote:
> > > > >> > > >
> > > > >> > > > > Shyam, do you have any related log message, preferably
> with
> > > stack
> > > > >> > trace
> > > > >> > > > > that is related? Do you see that request are coming in on
> > > your AD?
> > > > >> > > > >
> > > > >> > > > > On Mon, Mar 19, 2018 at 12:41 PM, soundar rajan <
> > > > >> > > bsoundarajan@gmail.com>
> > > > >> > > > > wrote:
> > > > >> > > > >
> > > > >> > > > > > Please find the error message
> > > > >> > > > > >
> > > > >> > > > > > Authentication failure:
> > > > >> > > > > > {"loginresponse":{"uuidList":[
> > > ],"errorcode":531,"errortext":
> > > > >> > "Failed
> > > > >> > > to
> > > > >> > > > > > authenticate user shyam.soundar in domain 1; please
> > provide
> > > > >> valid
> > > > >> > > > > > credentials"}}
> > > > >> > > > > >
> > > > >> > > > > >
> > > > >> > > > > > On Mon, Mar 19, 2018 at 6:10 PM, soundar rajan <
> > > > >> > > bsoundarajan@gmail.com
> > > > >> > > > >
> > > > >> > > > > > wrote:
> > > > >> > > > > >
> > > > >> > > > > > > Hi,
> > > > >> > > > > > >
> > > > >> > > > > > > Version i use is 4.11
> > > > >> > > > > > >
> > > > >> > > > > > > Regards
> > > > >> > > > > > > Shyam
> > > > >> > > > > > >
> > > > >> > > > > > > On Mon, Mar 19, 2018 at 5:38 PM, Daan Hoogland <
> > > > >> > > > > daan.hoogland@gmail.com>
> > > > >> > > > > > > wrote:
> > > > >> > > > > > >
> > > > >> > > > > > >> Shyam, sorry to hear. What versions are you using?
> > > > >> > > > > > >>
> > > > >> > > > > > >> On Mon, Mar 19, 2018 at 11:55 AM, soundar rajan <
> > > > >> > > > > bsoundarajan@gmail.com
> > > > >> > > > > > >
> > > > >> > > > > > >> wrote:
> > > > >> > > > > > >>
> > > > >> > > > > > >> > Hi ALL,
> > > > >> > > > > > >> >
> > > > >> > > > > > >> > I have successfully configured Active directory and
> > > able to
> > > > >> > > import
> > > > >> > > > > the
> > > > >> > > > > > >> > users to cloudstack.
> > > > >> > > > > > >> >
> > > > >> > > > > > >> > But users is not able to login with there domain
> > > > >> credentials
> > > > >> > do
> > > > >> > > i
> > > > >> > > > > miss
> > > > >> > > > > > >> > anything in the configuration?
> > > > >> > > > > > >> >
> > > > >> > > > > > >> > Regards
> > > > >> > > > > > >> > Shyam
> > > > >> > > > > > >> >
> > > > >> > > > > > >>
> > > > >> > > > > > >>
> > > > >> > > > > > >>
> > > > >> > > > > > >> --
> > > > >> > > > > > >> Daan
> > > > >> > > > > > >>
> > > > >> > > > > > >
> > > > >> > > > > > >
> > > > >> > > > > >
> > > > >> > > > >
> > > > >> > > > >
> > > > >> > > > >
> > > > >> > > > > --
> > > > >> > > > > Daan
> > > > >> > > > >
> > > > >> > > >
> > > > >> > >
> > > > >> > >
> > > > >> > >
> > > > >> > > --
> > > > >> > > Daan
> > > > >> > >
> > > > >> >
> > > > >>
> > > > >>
> > > > >>
> > > > >> --
> > > > >> Daan
> > > > >>
> > > > >
> > > > >
> > >
> > >
> >
> > rohit.yadav@shapeblue.com
> > www.shapeblue.com<http://www.shapeblue.com>
> > 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
> > @shapeblue
> >
> >
> >
> >
>
> rohit.yadav@shapeblue.com
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
> @shapeblue
>
>
>
>

Re: Not able to authenticate using microsoft AD

[Rohit Yadav <ro...@shapeblue.com>]

Hi Shyam,


My bad, I thought this was SAML related. This is most like openldap/ldap-plugin related changes.


- Rohit

<https://cloudstack.apache.org>



________________________________
From: soundar rajan <bs...@gmail.com>
Sent: Wednesday, March 21, 2018 5:39:43 PM
To: users@cloudstack.apache.org
Subject: Re: Not able to authenticate using microsoft AD

Hi rohit,

Do we really need to do that for openldap and microsoft ad?  We dont have
SSO server in place its direct ldap query to domain controller

Regards
Shyam

On Wed, Mar 21, 2018 at 2:38 PM, Rohit Yadav <ro...@shapeblue.com>
wrote:

> All,
>
>
> Thanks for discussing and reporting this. After you've added a host, have
> you got your SAML user authorized against the IdP? The current SAML2 plugin
> requires that authenticated users should be pre-authorized.
>
>
> - Rohit
>
> <https://cloudstack.apache.org>
>
>
>
> ________________________________
> From: soundar rajan <bs...@gmail.com>
> Sent: Wednesday, March 21, 2018 10:07:43 AM
> To: users@cloudstack.apache.org
> Subject: Re: Not able to authenticate using microsoft AD
>
> Yep Even i tried with tcpdump and able to see the request and respone. In
> that case its a bug in the 4.11 version i think.
>
> Regards
> Shyam
>
> On Tue, Mar 20, 2018 at 9:06 PM, Javier Rodríguez Caquilala <
> javier.caquilala@adderglobal.com> wrote:
>
> >
> > Hi Shyam,
> > I have the same problem with AD authentication. My platform was working
> > perfectly with CS 4.9.2. After the upgrade Cloudstack to 4.11 I can't
> login
> > with LDAP users but I can list ldap users in "Add LDAP account". In log I
> > get the following error:
> > Authentication failure: {"loginresponse":{"uuidList":[
> > ],"errorcode":531,"errortext":"Failed to authenticate user
> > javier@adderglobal.com in domain 1; please provide valid credentials"}}
> >
> > I check with tcpdump the communication between cloudstack-management and
> > AD and I find cloudstack send correctly  a bindRequest and AD response
> was
> > success so I think cloudstack is not interpreting the response in the
> right
> > way.
> >
> >
> >
> >
> > LDAPMessage bindRequest(1) "CN=javier,OU=XXXX,OU=XXXX,OU=
> XXXX,DC=XXXX,DC=XXXX"
> > password
> >
> > LDAPMEssage bindResponse(1) "success"
> >
> >
> >
> >
> > I compare the bind request and bindResponse in Cloudstack 4.9.2 and it
> > looks like the same request an response.
> >
> > Regards,
> > Javier
> >
> >
> > -----Mensaje original-----
> > > De: "soundar rajan" <bs...@gmail.com>
> > > A: users@cloudstack.apache.org
> > > Fecha: 20/03/18 12:59
> > > Asunto: Re: Not able to authenticate using microsoft AD
> > >
> > > sometime while restarting i am getting this information
> > >
> > >  Did not find configuration ldap.username.attribute in Config.java.
> > Perhaps
> > > moved to ConfigDepot
> > >
> > > On Tue, Mar 20, 2018 at 4:53 PM, soundar rajan <bsoundarajan@gmail.com
> >
> > > wrote:
> > >
> > > > yes its microsoftad and all the required parameters are configured
> > > > correctly
> > > >
> > > > On Tue, Mar 20, 2018 at 3:22 PM, Daan Hoogland <
> > daan.hoogland@gmail.com>
> > > > wrote:
> > > >
> > > >> Shyam, your reply to Rajani doesn't seem to include any settings.
> most
> > > >> particularly what is the value of 'ldap.provider'?
> > > >>
> > > >>
> > > >>
> > > >> On Tue, Mar 20, 2018 at 9:49 AM, soundar rajan <
> > bsoundarajan@gmail.com>
> > > >> wrote:
> > > >>
> > > >> > Hi Daan,
> > > >> >
> > > >> > Please find the log
> > > >> >
> > > >> > 2018-03-20 14:17:55,650 DEBUG [c.c.u.AccountManagerImpl]
> > > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Attempting to log
> in
> > > >> user:
> > > >> > shyam.soundar in domain 1
> > > >> > 2018-03-20 14:17:55,673 DEBUG [o.a.c.l.LdapContextFactory]
> > > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) initializing ldap
> > with
> > > >> > provider url: ldap://172.xx.xx.11:389
> > > >> > 2018-03-20 14:17:55,724 DEBUG [o.a.c.l.LdapContextFactory]
> > > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) initializing ldap
> > with
> > > >> > provider url: ldap://172.xx.xx.11:389
> > > >> > 2018-03-20 14:17:55,725 DEBUG [c.c.u.AccountManagerImpl]
> > > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Unable to
> > authenticate
> > > >> user
> > > >> > with username shyam.soundar in domain 1
> > > >> > 2018-03-20 14:17:55,726 DEBUG [c.c.u.AccountManagerImpl]
> > > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) User:
> shyam.soundar
> > in
> > > >> > domain 1 has failed to log in
> > > >> > 2018-03-20 14:17:55,728 DEBUG [c.c.a.ApiServlet]
> > > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Authentication
> > failure:
> > > >> > {"loginresponse":{"uuidList":[],"errorcode":531,"errortext":
> "Failed
> > to
> > > >> > authenticate user shyam.soundar in domain 1; please provide valid
> > > >> > credentials"}}
> > > >> >
> > > >> > Regards
> > > >> > Shyam
> > > >> >
> > > >> > On Tue, Mar 20, 2018 at 12:58 PM, Daan Hoogland <
> > > >> daan.hoogland@gmail.com>
> > > >> > wrote:
> > > >> >
> > > >> > > not at first glance no, it can be a configuration or a code bug.
> > Can
> > > >> you
> > > >> > > find anything in the logs around the moment of the login?
> > > >> > >
> > > >> > > On Tue, Mar 20, 2018 at 6:56 AM, soundar rajan <
> > > >> bsoundarajan@gmail.com>
> > > >> > > wrote:
> > > >> > >
> > > >> > > > Hi Daan,
> > > >> > > >
> > > >> > > > I dont see any request hitting  our domain controller while
> > logging
> > > >> > but i
> > > >> > > > am able to import all users. Any idea.
> > > >> > > >
> > > >> > > > Regards
> > > >> > > > Shyam
> > > >> > > >
> > > >> > > > On Mon, Mar 19, 2018 at 11:20 PM, Daan Hoogland <
> > > >> > daan.hoogland@gmail.com
> > > >> > > >
> > > >> > > > wrote:
> > > >> > > >
> > > >> > > > > Shyam, do you have any related log message, preferably with
> > stack
> > > >> > trace
> > > >> > > > > that is related? Do you see that request are coming in on
> > your AD?
> > > >> > > > >
> > > >> > > > > On Mon, Mar 19, 2018 at 12:41 PM, soundar rajan <
> > > >> > > bsoundarajan@gmail.com>
> > > >> > > > > wrote:
> > > >> > > > >
> > > >> > > > > > Please find the error message
> > > >> > > > > >
> > > >> > > > > > Authentication failure:
> > > >> > > > > > {"loginresponse":{"uuidList":[
> > ],"errorcode":531,"errortext":
> > > >> > "Failed
> > > >> > > to
> > > >> > > > > > authenticate user shyam.soundar in domain 1; please
> provide
> > > >> valid
> > > >> > > > > > credentials"}}
> > > >> > > > > >
> > > >> > > > > >
> > > >> > > > > > On Mon, Mar 19, 2018 at 6:10 PM, soundar rajan <
> > > >> > > bsoundarajan@gmail.com
> > > >> > > > >
> > > >> > > > > > wrote:
> > > >> > > > > >
> > > >> > > > > > > Hi,
> > > >> > > > > > >
> > > >> > > > > > > Version i use is 4.11
> > > >> > > > > > >
> > > >> > > > > > > Regards
> > > >> > > > > > > Shyam
> > > >> > > > > > >
> > > >> > > > > > > On Mon, Mar 19, 2018 at 5:38 PM, Daan Hoogland <
> > > >> > > > > daan.hoogland@gmail.com>
> > > >> > > > > > > wrote:
> > > >> > > > > > >
> > > >> > > > > > >> Shyam, sorry to hear. What versions are you using?
> > > >> > > > > > >>
> > > >> > > > > > >> On Mon, Mar 19, 2018 at 11:55 AM, soundar rajan <
> > > >> > > > > bsoundarajan@gmail.com
> > > >> > > > > > >
> > > >> > > > > > >> wrote:
> > > >> > > > > > >>
> > > >> > > > > > >> > Hi ALL,
> > > >> > > > > > >> >
> > > >> > > > > > >> > I have successfully configured Active directory and
> > able to
> > > >> > > import
> > > >> > > > > the
> > > >> > > > > > >> > users to cloudstack.
> > > >> > > > > > >> >
> > > >> > > > > > >> > But users is not able to login with there domain
> > > >> credentials
> > > >> > do
> > > >> > > i
> > > >> > > > > miss
> > > >> > > > > > >> > anything in the configuration?
> > > >> > > > > > >> >
> > > >> > > > > > >> > Regards
> > > >> > > > > > >> > Shyam
> > > >> > > > > > >> >
> > > >> > > > > > >>
> > > >> > > > > > >>
> > > >> > > > > > >>
> > > >> > > > > > >> --
> > > >> > > > > > >> Daan
> > > >> > > > > > >>
> > > >> > > > > > >
> > > >> > > > > > >
> > > >> > > > > >
> > > >> > > > >
> > > >> > > > >
> > > >> > > > >
> > > >> > > > > --
> > > >> > > > > Daan
> > > >> > > > >
> > > >> > > >
> > > >> > >
> > > >> > >
> > > >> > >
> > > >> > > --
> > > >> > > Daan
> > > >> > >
> > > >> >
> > > >>
> > > >>
> > > >>
> > > >> --
> > > >> Daan
> > > >>
> > > >
> > > >
> >
> >
>
> rohit.yadav@shapeblue.com
> www.shapeblue.com<http://www.shapeblue.com>
> 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
> @shapeblue
>
>
>
>

rohit.yadav@shapeblue.com 
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue
  
 

Re: Not able to authenticate using microsoft AD

[soundar rajan <bs...@gmail.com>]

Hi rohit,

Do we really need to do that for openldap and microsoft ad?  We dont have
SSO server in place its direct ldap query to domain controller

Regards
Shyam

On Wed, Mar 21, 2018 at 2:38 PM, Rohit Yadav <ro...@shapeblue.com>
wrote:

> All,
>
>
> Thanks for discussing and reporting this. After you've added a host, have
> you got your SAML user authorized against the IdP? The current SAML2 plugin
> requires that authenticated users should be pre-authorized.
>
>
> - Rohit
>
> <https://cloudstack.apache.org>
>
>
>
> ________________________________
> From: soundar rajan <bs...@gmail.com>
> Sent: Wednesday, March 21, 2018 10:07:43 AM
> To: users@cloudstack.apache.org
> Subject: Re: Not able to authenticate using microsoft AD
>
> Yep Even i tried with tcpdump and able to see the request and respone. In
> that case its a bug in the 4.11 version i think.
>
> Regards
> Shyam
>
> On Tue, Mar 20, 2018 at 9:06 PM, Javier Rodríguez Caquilala <
> javier.caquilala@adderglobal.com> wrote:
>
> >
> > Hi Shyam,
> > I have the same problem with AD authentication. My platform was working
> > perfectly with CS 4.9.2. After the upgrade Cloudstack to 4.11 I can't
> login
> > with LDAP users but I can list ldap users in "Add LDAP account". In log I
> > get the following error:
> > Authentication failure: {"loginresponse":{"uuidList":[
> > ],"errorcode":531,"errortext":"Failed to authenticate user
> > javier@adderglobal.com in domain 1; please provide valid credentials"}}
> >
> > I check with tcpdump the communication between cloudstack-management and
> > AD and I find cloudstack send correctly  a bindRequest and AD response
> was
> > success so I think cloudstack is not interpreting the response in the
> right
> > way.
> >
> >
> >
> >
> > LDAPMessage bindRequest(1) "CN=javier,OU=XXXX,OU=XXXX,OU=
> XXXX,DC=XXXX,DC=XXXX"
> > password
> >
> > LDAPMEssage bindResponse(1) "success"
> >
> >
> >
> >
> > I compare the bind request and bindResponse in Cloudstack 4.9.2 and it
> > looks like the same request an response.
> >
> > Regards,
> > Javier
> >
> >
> > -----Mensaje original-----
> > > De: "soundar rajan" <bs...@gmail.com>
> > > A: users@cloudstack.apache.org
> > > Fecha: 20/03/18 12:59
> > > Asunto: Re: Not able to authenticate using microsoft AD
> > >
> > > sometime while restarting i am getting this information
> > >
> > >  Did not find configuration ldap.username.attribute in Config.java.
> > Perhaps
> > > moved to ConfigDepot
> > >
> > > On Tue, Mar 20, 2018 at 4:53 PM, soundar rajan <bsoundarajan@gmail.com
> >
> > > wrote:
> > >
> > > > yes its microsoftad and all the required parameters are configured
> > > > correctly
> > > >
> > > > On Tue, Mar 20, 2018 at 3:22 PM, Daan Hoogland <
> > daan.hoogland@gmail.com>
> > > > wrote:
> > > >
> > > >> Shyam, your reply to Rajani doesn't seem to include any settings.
> most
> > > >> particularly what is the value of 'ldap.provider'?
> > > >>
> > > >>
> > > >>
> > > >> On Tue, Mar 20, 2018 at 9:49 AM, soundar rajan <
> > bsoundarajan@gmail.com>
> > > >> wrote:
> > > >>
> > > >> > Hi Daan,
> > > >> >
> > > >> > Please find the log
> > > >> >
> > > >> > 2018-03-20 14:17:55,650 DEBUG [c.c.u.AccountManagerImpl]
> > > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Attempting to log
> in
> > > >> user:
> > > >> > shyam.soundar in domain 1
> > > >> > 2018-03-20 14:17:55,673 DEBUG [o.a.c.l.LdapContextFactory]
> > > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) initializing ldap
> > with
> > > >> > provider url: ldap://172.xx.xx.11:389
> > > >> > 2018-03-20 14:17:55,724 DEBUG [o.a.c.l.LdapContextFactory]
> > > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) initializing ldap
> > with
> > > >> > provider url: ldap://172.xx.xx.11:389
> > > >> > 2018-03-20 14:17:55,725 DEBUG [c.c.u.AccountManagerImpl]
> > > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Unable to
> > authenticate
> > > >> user
> > > >> > with username shyam.soundar in domain 1
> > > >> > 2018-03-20 14:17:55,726 DEBUG [c.c.u.AccountManagerImpl]
> > > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) User:
> shyam.soundar
> > in
> > > >> > domain 1 has failed to log in
> > > >> > 2018-03-20 14:17:55,728 DEBUG [c.c.a.ApiServlet]
> > > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Authentication
> > failure:
> > > >> > {"loginresponse":{"uuidList":[],"errorcode":531,"errortext":
> "Failed
> > to
> > > >> > authenticate user shyam.soundar in domain 1; please provide valid
> > > >> > credentials"}}
> > > >> >
> > > >> > Regards
> > > >> > Shyam
> > > >> >
> > > >> > On Tue, Mar 20, 2018 at 12:58 PM, Daan Hoogland <
> > > >> daan.hoogland@gmail.com>
> > > >> > wrote:
> > > >> >
> > > >> > > not at first glance no, it can be a configuration or a code bug.
> > Can
> > > >> you
> > > >> > > find anything in the logs around the moment of the login?
> > > >> > >
> > > >> > > On Tue, Mar 20, 2018 at 6:56 AM, soundar rajan <
> > > >> bsoundarajan@gmail.com>
> > > >> > > wrote:
> > > >> > >
> > > >> > > > Hi Daan,
> > > >> > > >
> > > >> > > > I dont see any request hitting  our domain controller while
> > logging
> > > >> > but i
> > > >> > > > am able to import all users. Any idea.
> > > >> > > >
> > > >> > > > Regards
> > > >> > > > Shyam
> > > >> > > >
> > > >> > > > On Mon, Mar 19, 2018 at 11:20 PM, Daan Hoogland <
> > > >> > daan.hoogland@gmail.com
> > > >> > > >
> > > >> > > > wrote:
> > > >> > > >
> > > >> > > > > Shyam, do you have any related log message, preferably with
> > stack
> > > >> > trace
> > > >> > > > > that is related? Do you see that request are coming in on
> > your AD?
> > > >> > > > >
> > > >> > > > > On Mon, Mar 19, 2018 at 12:41 PM, soundar rajan <
> > > >> > > bsoundarajan@gmail.com>
> > > >> > > > > wrote:
> > > >> > > > >
> > > >> > > > > > Please find the error message
> > > >> > > > > >
> > > >> > > > > > Authentication failure:
> > > >> > > > > > {"loginresponse":{"uuidList":[
> > ],"errorcode":531,"errortext":
> > > >> > "Failed
> > > >> > > to
> > > >> > > > > > authenticate user shyam.soundar in domain 1; please
> provide
> > > >> valid
> > > >> > > > > > credentials"}}
> > > >> > > > > >
> > > >> > > > > >
> > > >> > > > > > On Mon, Mar 19, 2018 at 6:10 PM, soundar rajan <
> > > >> > > bsoundarajan@gmail.com
> > > >> > > > >
> > > >> > > > > > wrote:
> > > >> > > > > >
> > > >> > > > > > > Hi,
> > > >> > > > > > >
> > > >> > > > > > > Version i use is 4.11
> > > >> > > > > > >
> > > >> > > > > > > Regards
> > > >> > > > > > > Shyam
> > > >> > > > > > >
> > > >> > > > > > > On Mon, Mar 19, 2018 at 5:38 PM, Daan Hoogland <
> > > >> > > > > daan.hoogland@gmail.com>
> > > >> > > > > > > wrote:
> > > >> > > > > > >
> > > >> > > > > > >> Shyam, sorry to hear. What versions are you using?
> > > >> > > > > > >>
> > > >> > > > > > >> On Mon, Mar 19, 2018 at 11:55 AM, soundar rajan <
> > > >> > > > > bsoundarajan@gmail.com
> > > >> > > > > > >
> > > >> > > > > > >> wrote:
> > > >> > > > > > >>
> > > >> > > > > > >> > Hi ALL,
> > > >> > > > > > >> >
> > > >> > > > > > >> > I have successfully configured Active directory and
> > able to
> > > >> > > import
> > > >> > > > > the
> > > >> > > > > > >> > users to cloudstack.
> > > >> > > > > > >> >
> > > >> > > > > > >> > But users is not able to login with there domain
> > > >> credentials
> > > >> > do
> > > >> > > i
> > > >> > > > > miss
> > > >> > > > > > >> > anything in the configuration?
> > > >> > > > > > >> >
> > > >> > > > > > >> > Regards
> > > >> > > > > > >> > Shyam
> > > >> > > > > > >> >
> > > >> > > > > > >>
> > > >> > > > > > >>
> > > >> > > > > > >>
> > > >> > > > > > >> --
> > > >> > > > > > >> Daan
> > > >> > > > > > >>
> > > >> > > > > > >
> > > >> > > > > > >
> > > >> > > > > >
> > > >> > > > >
> > > >> > > > >
> > > >> > > > >
> > > >> > > > > --
> > > >> > > > > Daan
> > > >> > > > >
> > > >> > > >
> > > >> > >
> > > >> > >
> > > >> > >
> > > >> > > --
> > > >> > > Daan
> > > >> > >
> > > >> >
> > > >>
> > > >>
> > > >>
> > > >> --
> > > >> Daan
> > > >>
> > > >
> > > >
> >
> >
>
> rohit.yadav@shapeblue.com
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
> @shapeblue
>
>
>
>

Re: Not able to authenticate using microsoft AD

[Rohit Yadav <ro...@shapeblue.com>]

All,


Thanks for discussing and reporting this. After you've added a host, have you got your SAML user authorized against the IdP? The current SAML2 plugin requires that authenticated users should be pre-authorized.


- Rohit

<https://cloudstack.apache.org>



________________________________
From: soundar rajan <bs...@gmail.com>
Sent: Wednesday, March 21, 2018 10:07:43 AM
To: users@cloudstack.apache.org
Subject: Re: Not able to authenticate using microsoft AD

Yep Even i tried with tcpdump and able to see the request and respone. In
that case its a bug in the 4.11 version i think.

Regards
Shyam

On Tue, Mar 20, 2018 at 9:06 PM, Javier Rodríguez Caquilala <
javier.caquilala@adderglobal.com> wrote:

>
> Hi Shyam,
> I have the same problem with AD authentication. My platform was working
> perfectly with CS 4.9.2. After the upgrade Cloudstack to 4.11 I can't login
> with LDAP users but I can list ldap users in "Add LDAP account". In log I
> get the following error:
> Authentication failure: {"loginresponse":{"uuidList":[
> ],"errorcode":531,"errortext":"Failed to authenticate user
> javier@adderglobal.com in domain 1; please provide valid credentials"}}
>
> I check with tcpdump the communication between cloudstack-management and
> AD and I find cloudstack send correctly  a bindRequest and AD response was
> success so I think cloudstack is not interpreting the response in the right
> way.
>
>
>
>
> LDAPMessage bindRequest(1) "CN=javier,OU=XXXX,OU=XXXX,OU=XXXX,DC=XXXX,DC=XXXX"
> password
>
> LDAPMEssage bindResponse(1) "success"
>
>
>
>
> I compare the bind request and bindResponse in Cloudstack 4.9.2 and it
> looks like the same request an response.
>
> Regards,
> Javier
>
>
> -----Mensaje original-----
> > De: "soundar rajan" <bs...@gmail.com>
> > A: users@cloudstack.apache.org
> > Fecha: 20/03/18 12:59
> > Asunto: Re: Not able to authenticate using microsoft AD
> >
> > sometime while restarting i am getting this information
> >
> >  Did not find configuration ldap.username.attribute in Config.java.
> Perhaps
> > moved to ConfigDepot
> >
> > On Tue, Mar 20, 2018 at 4:53 PM, soundar rajan <bs...@gmail.com>
> > wrote:
> >
> > > yes its microsoftad and all the required parameters are configured
> > > correctly
> > >
> > > On Tue, Mar 20, 2018 at 3:22 PM, Daan Hoogland <
> daan.hoogland@gmail.com>
> > > wrote:
> > >
> > >> Shyam, your reply to Rajani doesn't seem to include any settings. most
> > >> particularly what is the value of 'ldap.provider'?
> > >>
> > >>
> > >>
> > >> On Tue, Mar 20, 2018 at 9:49 AM, soundar rajan <
> bsoundarajan@gmail.com>
> > >> wrote:
> > >>
> > >> > Hi Daan,
> > >> >
> > >> > Please find the log
> > >> >
> > >> > 2018-03-20 14:17:55,650 DEBUG [c.c.u.AccountManagerImpl]
> > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Attempting to log in
> > >> user:
> > >> > shyam.soundar in domain 1
> > >> > 2018-03-20 14:17:55,673 DEBUG [o.a.c.l.LdapContextFactory]
> > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) initializing ldap
> with
> > >> > provider url: ldap://172.xx.xx.11:389
> > >> > 2018-03-20 14:17:55,724 DEBUG [o.a.c.l.LdapContextFactory]
> > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) initializing ldap
> with
> > >> > provider url: ldap://172.xx.xx.11:389
> > >> > 2018-03-20 14:17:55,725 DEBUG [c.c.u.AccountManagerImpl]
> > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Unable to
> authenticate
> > >> user
> > >> > with username shyam.soundar in domain 1
> > >> > 2018-03-20 14:17:55,726 DEBUG [c.c.u.AccountManagerImpl]
> > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) User: shyam.soundar
> in
> > >> > domain 1 has failed to log in
> > >> > 2018-03-20 14:17:55,728 DEBUG [c.c.a.ApiServlet]
> > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Authentication
> failure:
> > >> > {"loginresponse":{"uuidList":[],"errorcode":531,"errortext":"Failed
> to
> > >> > authenticate user shyam.soundar in domain 1; please provide valid
> > >> > credentials"}}
> > >> >
> > >> > Regards
> > >> > Shyam
> > >> >
> > >> > On Tue, Mar 20, 2018 at 12:58 PM, Daan Hoogland <
> > >> daan.hoogland@gmail.com>
> > >> > wrote:
> > >> >
> > >> > > not at first glance no, it can be a configuration or a code bug.
> Can
> > >> you
> > >> > > find anything in the logs around the moment of the login?
> > >> > >
> > >> > > On Tue, Mar 20, 2018 at 6:56 AM, soundar rajan <
> > >> bsoundarajan@gmail.com>
> > >> > > wrote:
> > >> > >
> > >> > > > Hi Daan,
> > >> > > >
> > >> > > > I dont see any request hitting  our domain controller while
> logging
> > >> > but i
> > >> > > > am able to import all users. Any idea.
> > >> > > >
> > >> > > > Regards
> > >> > > > Shyam
> > >> > > >
> > >> > > > On Mon, Mar 19, 2018 at 11:20 PM, Daan Hoogland <
> > >> > daan.hoogland@gmail.com
> > >> > > >
> > >> > > > wrote:
> > >> > > >
> > >> > > > > Shyam, do you have any related log message, preferably with
> stack
> > >> > trace
> > >> > > > > that is related? Do you see that request are coming in on
> your AD?
> > >> > > > >
> > >> > > > > On Mon, Mar 19, 2018 at 12:41 PM, soundar rajan <
> > >> > > bsoundarajan@gmail.com>
> > >> > > > > wrote:
> > >> > > > >
> > >> > > > > > Please find the error message
> > >> > > > > >
> > >> > > > > > Authentication failure:
> > >> > > > > > {"loginresponse":{"uuidList":[
> ],"errorcode":531,"errortext":
> > >> > "Failed
> > >> > > to
> > >> > > > > > authenticate user shyam.soundar in domain 1; please provide
> > >> valid
> > >> > > > > > credentials"}}
> > >> > > > > >
> > >> > > > > >
> > >> > > > > > On Mon, Mar 19, 2018 at 6:10 PM, soundar rajan <
> > >> > > bsoundarajan@gmail.com
> > >> > > > >
> > >> > > > > > wrote:
> > >> > > > > >
> > >> > > > > > > Hi,
> > >> > > > > > >
> > >> > > > > > > Version i use is 4.11
> > >> > > > > > >
> > >> > > > > > > Regards
> > >> > > > > > > Shyam
> > >> > > > > > >
> > >> > > > > > > On Mon, Mar 19, 2018 at 5:38 PM, Daan Hoogland <
> > >> > > > > daan.hoogland@gmail.com>
> > >> > > > > > > wrote:
> > >> > > > > > >
> > >> > > > > > >> Shyam, sorry to hear. What versions are you using?
> > >> > > > > > >>
> > >> > > > > > >> On Mon, Mar 19, 2018 at 11:55 AM, soundar rajan <
> > >> > > > > bsoundarajan@gmail.com
> > >> > > > > > >
> > >> > > > > > >> wrote:
> > >> > > > > > >>
> > >> > > > > > >> > Hi ALL,
> > >> > > > > > >> >
> > >> > > > > > >> > I have successfully configured Active directory and
> able to
> > >> > > import
> > >> > > > > the
> > >> > > > > > >> > users to cloudstack.
> > >> > > > > > >> >
> > >> > > > > > >> > But users is not able to login with there domain
> > >> credentials
> > >> > do
> > >> > > i
> > >> > > > > miss
> > >> > > > > > >> > anything in the configuration?
> > >> > > > > > >> >
> > >> > > > > > >> > Regards
> > >> > > > > > >> > Shyam
> > >> > > > > > >> >
> > >> > > > > > >>
> > >> > > > > > >>
> > >> > > > > > >>
> > >> > > > > > >> --
> > >> > > > > > >> Daan
> > >> > > > > > >>
> > >> > > > > > >
> > >> > > > > > >
> > >> > > > > >
> > >> > > > >
> > >> > > > >
> > >> > > > >
> > >> > > > > --
> > >> > > > > Daan
> > >> > > > >
> > >> > > >
> > >> > >
> > >> > >
> > >> > >
> > >> > > --
> > >> > > Daan
> > >> > >
> > >> >
> > >>
> > >>
> > >>
> > >> --
> > >> Daan
> > >>
> > >
> > >
>
>

rohit.yadav@shapeblue.com 
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue
  
 

Re: Not able to authenticate using microsoft AD

[soundar rajan <bs...@gmail.com>]

Yep Even i tried with tcpdump and able to see the request and respone. In
that case its a bug in the 4.11 version i think.

Regards
Shyam

On Tue, Mar 20, 2018 at 9:06 PM, Javier Rodríguez Caquilala <
javier.caquilala@adderglobal.com> wrote:

>
> Hi Shyam,
> I have the same problem with AD authentication. My platform was working
> perfectly with CS 4.9.2. After the upgrade Cloudstack to 4.11 I can't login
> with LDAP users but I can list ldap users in "Add LDAP account". In log I
> get the following error:
> Authentication failure: {"loginresponse":{"uuidList":[
> ],"errorcode":531,"errortext":"Failed to authenticate user
> javier@adderglobal.com in domain 1; please provide valid credentials"}}
>
> I check with tcpdump the communication between cloudstack-management and
> AD and I find cloudstack send correctly  a bindRequest and AD response was
> success so I think cloudstack is not interpreting the response in the right
> way.
>
>
>
>
> LDAPMessage bindRequest(1) "CN=javier,OU=XXXX,OU=XXXX,OU=XXXX,DC=XXXX,DC=XXXX"
> password
>
> LDAPMEssage bindResponse(1) "success"
>
>
>
>
> I compare the bind request and bindResponse in Cloudstack 4.9.2 and it
> looks like the same request an response.
>
> Regards,
> Javier
>
>
> -----Mensaje original-----
> > De: "soundar rajan" <bs...@gmail.com>
> > A: users@cloudstack.apache.org
> > Fecha: 20/03/18 12:59
> > Asunto: Re: Not able to authenticate using microsoft AD
> >
> > sometime while restarting i am getting this information
> >
> >  Did not find configuration ldap.username.attribute in Config.java.
> Perhaps
> > moved to ConfigDepot
> >
> > On Tue, Mar 20, 2018 at 4:53 PM, soundar rajan <bs...@gmail.com>
> > wrote:
> >
> > > yes its microsoftad and all the required parameters are configured
> > > correctly
> > >
> > > On Tue, Mar 20, 2018 at 3:22 PM, Daan Hoogland <
> daan.hoogland@gmail.com>
> > > wrote:
> > >
> > >> Shyam, your reply to Rajani doesn't seem to include any settings. most
> > >> particularly what is the value of 'ldap.provider'?
> > >>
> > >>
> > >>
> > >> On Tue, Mar 20, 2018 at 9:49 AM, soundar rajan <
> bsoundarajan@gmail.com>
> > >> wrote:
> > >>
> > >> > Hi Daan,
> > >> >
> > >> > Please find the log
> > >> >
> > >> > 2018-03-20 14:17:55,650 DEBUG [c.c.u.AccountManagerImpl]
> > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Attempting to log in
> > >> user:
> > >> > shyam.soundar in domain 1
> > >> > 2018-03-20 14:17:55,673 DEBUG [o.a.c.l.LdapContextFactory]
> > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) initializing ldap
> with
> > >> > provider url: ldap://172.xx.xx.11:389
> > >> > 2018-03-20 14:17:55,724 DEBUG [o.a.c.l.LdapContextFactory]
> > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) initializing ldap
> with
> > >> > provider url: ldap://172.xx.xx.11:389
> > >> > 2018-03-20 14:17:55,725 DEBUG [c.c.u.AccountManagerImpl]
> > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Unable to
> authenticate
> > >> user
> > >> > with username shyam.soundar in domain 1
> > >> > 2018-03-20 14:17:55,726 DEBUG [c.c.u.AccountManagerImpl]
> > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) User: shyam.soundar
> in
> > >> > domain 1 has failed to log in
> > >> > 2018-03-20 14:17:55,728 DEBUG [c.c.a.ApiServlet]
> > >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Authentication
> failure:
> > >> > {"loginresponse":{"uuidList":[],"errorcode":531,"errortext":"Failed
> to
> > >> > authenticate user shyam.soundar in domain 1; please provide valid
> > >> > credentials"}}
> > >> >
> > >> > Regards
> > >> > Shyam
> > >> >
> > >> > On Tue, Mar 20, 2018 at 12:58 PM, Daan Hoogland <
> > >> daan.hoogland@gmail.com>
> > >> > wrote:
> > >> >
> > >> > > not at first glance no, it can be a configuration or a code bug.
> Can
> > >> you
> > >> > > find anything in the logs around the moment of the login?
> > >> > >
> > >> > > On Tue, Mar 20, 2018 at 6:56 AM, soundar rajan <
> > >> bsoundarajan@gmail.com>
> > >> > > wrote:
> > >> > >
> > >> > > > Hi Daan,
> > >> > > >
> > >> > > > I dont see any request hitting  our domain controller while
> logging
> > >> > but i
> > >> > > > am able to import all users. Any idea.
> > >> > > >
> > >> > > > Regards
> > >> > > > Shyam
> > >> > > >
> > >> > > > On Mon, Mar 19, 2018 at 11:20 PM, Daan Hoogland <
> > >> > daan.hoogland@gmail.com
> > >> > > >
> > >> > > > wrote:
> > >> > > >
> > >> > > > > Shyam, do you have any related log message, preferably with
> stack
> > >> > trace
> > >> > > > > that is related? Do you see that request are coming in on
> your AD?
> > >> > > > >
> > >> > > > > On Mon, Mar 19, 2018 at 12:41 PM, soundar rajan <
> > >> > > bsoundarajan@gmail.com>
> > >> > > > > wrote:
> > >> > > > >
> > >> > > > > > Please find the error message
> > >> > > > > >
> > >> > > > > > Authentication failure:
> > >> > > > > > {"loginresponse":{"uuidList":[
> ],"errorcode":531,"errortext":
> > >> > "Failed
> > >> > > to
> > >> > > > > > authenticate user shyam.soundar in domain 1; please provide
> > >> valid
> > >> > > > > > credentials"}}
> > >> > > > > >
> > >> > > > > >
> > >> > > > > > On Mon, Mar 19, 2018 at 6:10 PM, soundar rajan <
> > >> > > bsoundarajan@gmail.com
> > >> > > > >
> > >> > > > > > wrote:
> > >> > > > > >
> > >> > > > > > > Hi,
> > >> > > > > > >
> > >> > > > > > > Version i use is 4.11
> > >> > > > > > >
> > >> > > > > > > Regards
> > >> > > > > > > Shyam
> > >> > > > > > >
> > >> > > > > > > On Mon, Mar 19, 2018 at 5:38 PM, Daan Hoogland <
> > >> > > > > daan.hoogland@gmail.com>
> > >> > > > > > > wrote:
> > >> > > > > > >
> > >> > > > > > >> Shyam, sorry to hear. What versions are you using?
> > >> > > > > > >>
> > >> > > > > > >> On Mon, Mar 19, 2018 at 11:55 AM, soundar rajan <
> > >> > > > > bsoundarajan@gmail.com
> > >> > > > > > >
> > >> > > > > > >> wrote:
> > >> > > > > > >>
> > >> > > > > > >> > Hi ALL,
> > >> > > > > > >> >
> > >> > > > > > >> > I have successfully configured Active directory and
> able to
> > >> > > import
> > >> > > > > the
> > >> > > > > > >> > users to cloudstack.
> > >> > > > > > >> >
> > >> > > > > > >> > But users is not able to login with there domain
> > >> credentials
> > >> > do
> > >> > > i
> > >> > > > > miss
> > >> > > > > > >> > anything in the configuration?
> > >> > > > > > >> >
> > >> > > > > > >> > Regards
> > >> > > > > > >> > Shyam
> > >> > > > > > >> >
> > >> > > > > > >>
> > >> > > > > > >>
> > >> > > > > > >>
> > >> > > > > > >> --
> > >> > > > > > >> Daan
> > >> > > > > > >>
> > >> > > > > > >
> > >> > > > > > >
> > >> > > > > >
> > >> > > > >
> > >> > > > >
> > >> > > > >
> > >> > > > > --
> > >> > > > > Daan
> > >> > > > >
> > >> > > >
> > >> > >
> > >> > >
> > >> > >
> > >> > > --
> > >> > > Daan
> > >> > >
> > >> >
> > >>
> > >>
> > >>
> > >> --
> > >> Daan
> > >>
> > >
> > >
>
>

Re: Not able to authenticate using microsoft AD

[Javier Rodríguez Caquilala <ja...@adderglobal.com>]

Hi Shyam, 
I have the same problem with AD authentication. My platform was working perfectly with CS 4.9.2. After the upgrade Cloudstack to 4.11 I can't login with LDAP users but I can list ldap users in "Add LDAP account". In log I get the following error:
Authentication failure: {"loginresponse":{"uuidList":[],"errorcode":531,"errortext":"Failed to authenticate user javier@adderglobal.com in domain 1; please provide valid credentials"}}

I check with tcpdump the communication between cloudstack-management and AD and I find cloudstack send correctly  a bindRequest and AD response was success so I think cloudstack is not interpreting the response in the right way.  




LDAPMessage bindRequest(1) "CN=javier,OU=XXXX,OU=XXXX,OU=XXXX,DC=XXXX,DC=XXXX" password

LDAPMEssage bindResponse(1) "success"




I compare the bind request and bindResponse in Cloudstack 4.9.2 and it looks like the same request an response.

Regards,
Javier


-----Mensaje original----- 
> De: "soundar rajan" <bs...@gmail.com> 
> A: users@cloudstack.apache.org 
> Fecha: 20/03/18 12:59 
> Asunto: Re: Not able to authenticate using microsoft AD 
> 
> sometime while restarting i am getting this information
> 
>  Did not find configuration ldap.username.attribute in Config.java. Perhaps
> moved to ConfigDepot
> 
> On Tue, Mar 20, 2018 at 4:53 PM, soundar rajan <bs...@gmail.com>
> wrote:
> 
> > yes its microsoftad and all the required parameters are configured
> > correctly
> >
> > On Tue, Mar 20, 2018 at 3:22 PM, Daan Hoogland <da...@gmail.com>
> > wrote:
> >
> >> Shyam, your reply to Rajani doesn't seem to include any settings. most
> >> particularly what is the value of 'ldap.provider'?
> >>
> >>
> >>
> >> On Tue, Mar 20, 2018 at 9:49 AM, soundar rajan <bs...@gmail.com>
> >> wrote:
> >>
> >> > Hi Daan,
> >> >
> >> > Please find the log
> >> >
> >> > 2018-03-20 14:17:55,650 DEBUG [c.c.u.AccountManagerImpl]
> >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Attempting to log in
> >> user:
> >> > shyam.soundar in domain 1
> >> > 2018-03-20 14:17:55,673 DEBUG [o.a.c.l.LdapContextFactory]
> >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) initializing ldap with
> >> > provider url: ldap://172.xx.xx.11:389
> >> > 2018-03-20 14:17:55,724 DEBUG [o.a.c.l.LdapContextFactory]
> >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) initializing ldap with
> >> > provider url: ldap://172.xx.xx.11:389
> >> > 2018-03-20 14:17:55,725 DEBUG [c.c.u.AccountManagerImpl]
> >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Unable to authenticate
> >> user
> >> > with username shyam.soundar in domain 1
> >> > 2018-03-20 14:17:55,726 DEBUG [c.c.u.AccountManagerImpl]
> >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) User: shyam.soundar in
> >> > domain 1 has failed to log in
> >> > 2018-03-20 14:17:55,728 DEBUG [c.c.a.ApiServlet]
> >> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Authentication failure:
> >> > {"loginresponse":{"uuidList":[],"errorcode":531,"errortext":"Failed to
> >> > authenticate user shyam.soundar in domain 1; please provide valid
> >> > credentials"}}
> >> >
> >> > Regards
> >> > Shyam
> >> >
> >> > On Tue, Mar 20, 2018 at 12:58 PM, Daan Hoogland <
> >> daan.hoogland@gmail.com>
> >> > wrote:
> >> >
> >> > > not at first glance no, it can be a configuration or a code bug. Can
> >> you
> >> > > find anything in the logs around the moment of the login?
> >> > >
> >> > > On Tue, Mar 20, 2018 at 6:56 AM, soundar rajan <
> >> bsoundarajan@gmail.com>
> >> > > wrote:
> >> > >
> >> > > > Hi Daan,
> >> > > >
> >> > > > I dont see any request hitting  our domain controller while logging
> >> > but i
> >> > > > am able to import all users. Any idea.
> >> > > >
> >> > > > Regards
> >> > > > Shyam
> >> > > >
> >> > > > On Mon, Mar 19, 2018 at 11:20 PM, Daan Hoogland <
> >> > daan.hoogland@gmail.com
> >> > > >
> >> > > > wrote:
> >> > > >
> >> > > > > Shyam, do you have any related log message, preferably with stack
> >> > trace
> >> > > > > that is related? Do you see that request are coming in on your AD?
> >> > > > >
> >> > > > > On Mon, Mar 19, 2018 at 12:41 PM, soundar rajan <
> >> > > bsoundarajan@gmail.com>
> >> > > > > wrote:
> >> > > > >
> >> > > > > > Please find the error message
> >> > > > > >
> >> > > > > > Authentication failure:
> >> > > > > > {"loginresponse":{"uuidList":[],"errorcode":531,"errortext":
> >> > "Failed
> >> > > to
> >> > > > > > authenticate user shyam.soundar in domain 1; please provide
> >> valid
> >> > > > > > credentials"}}
> >> > > > > >
> >> > > > > >
> >> > > > > > On Mon, Mar 19, 2018 at 6:10 PM, soundar rajan <
> >> > > bsoundarajan@gmail.com
> >> > > > >
> >> > > > > > wrote:
> >> > > > > >
> >> > > > > > > Hi,
> >> > > > > > >
> >> > > > > > > Version i use is 4.11
> >> > > > > > >
> >> > > > > > > Regards
> >> > > > > > > Shyam
> >> > > > > > >
> >> > > > > > > On Mon, Mar 19, 2018 at 5:38 PM, Daan Hoogland <
> >> > > > > daan.hoogland@gmail.com>
> >> > > > > > > wrote:
> >> > > > > > >
> >> > > > > > >> Shyam, sorry to hear. What versions are you using?
> >> > > > > > >>
> >> > > > > > >> On Mon, Mar 19, 2018 at 11:55 AM, soundar rajan <
> >> > > > > bsoundarajan@gmail.com
> >> > > > > > >
> >> > > > > > >> wrote:
> >> > > > > > >>
> >> > > > > > >> > Hi ALL,
> >> > > > > > >> >
> >> > > > > > >> > I have successfully configured Active directory and able to
> >> > > import
> >> > > > > the
> >> > > > > > >> > users to cloudstack.
> >> > > > > > >> >
> >> > > > > > >> > But users is not able to login with there domain
> >> credentials
> >> > do
> >> > > i
> >> > > > > miss
> >> > > > > > >> > anything in the configuration?
> >> > > > > > >> >
> >> > > > > > >> > Regards
> >> > > > > > >> > Shyam
> >> > > > > > >> >
> >> > > > > > >>
> >> > > > > > >>
> >> > > > > > >>
> >> > > > > > >> --
> >> > > > > > >> Daan
> >> > > > > > >>
> >> > > > > > >
> >> > > > > > >
> >> > > > > >
> >> > > > >
> >> > > > >
> >> > > > >
> >> > > > > --
> >> > > > > Daan
> >> > > > >
> >> > > >
> >> > >
> >> > >
> >> > >
> >> > > --
> >> > > Daan
> >> > >
> >> >
> >>
> >>
> >>
> >> --
> >> Daan
> >>
> >
> >

Re: Not able to authenticate using microsoft AD

[soundar rajan <bs...@gmail.com>]

sometime while restarting i am getting this information

 Did not find configuration ldap.username.attribute in Config.java. Perhaps
moved to ConfigDepot

On Tue, Mar 20, 2018 at 4:53 PM, soundar rajan <bs...@gmail.com>
wrote:

> yes its microsoftad and all the required parameters are configured
> correctly
>
> On Tue, Mar 20, 2018 at 3:22 PM, Daan Hoogland <da...@gmail.com>
> wrote:
>
>> Shyam, your reply to Rajani doesn't seem to include any settings. most
>> particularly what is the value of 'ldap.provider'?
>>
>>
>>
>> On Tue, Mar 20, 2018 at 9:49 AM, soundar rajan <bs...@gmail.com>
>> wrote:
>>
>> > Hi Daan,
>> >
>> > Please find the log
>> >
>> > 2018-03-20 14:17:55,650 DEBUG [c.c.u.AccountManagerImpl]
>> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Attempting to log in
>> user:
>> > shyam.soundar in domain 1
>> > 2018-03-20 14:17:55,673 DEBUG [o.a.c.l.LdapContextFactory]
>> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) initializing ldap with
>> > provider url: ldap://172.xx.xx.11:389
>> > 2018-03-20 14:17:55,724 DEBUG [o.a.c.l.LdapContextFactory]
>> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) initializing ldap with
>> > provider url: ldap://172.xx.xx.11:389
>> > 2018-03-20 14:17:55,725 DEBUG [c.c.u.AccountManagerImpl]
>> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Unable to authenticate
>> user
>> > with username shyam.soundar in domain 1
>> > 2018-03-20 14:17:55,726 DEBUG [c.c.u.AccountManagerImpl]
>> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) User: shyam.soundar in
>> > domain 1 has failed to log in
>> > 2018-03-20 14:17:55,728 DEBUG [c.c.a.ApiServlet]
>> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Authentication failure:
>> > {"loginresponse":{"uuidList":[],"errorcode":531,"errortext":"Failed to
>> > authenticate user shyam.soundar in domain 1; please provide valid
>> > credentials"}}
>> >
>> > Regards
>> > Shyam
>> >
>> > On Tue, Mar 20, 2018 at 12:58 PM, Daan Hoogland <
>> daan.hoogland@gmail.com>
>> > wrote:
>> >
>> > > not at first glance no, it can be a configuration or a code bug. Can
>> you
>> > > find anything in the logs around the moment of the login?
>> > >
>> > > On Tue, Mar 20, 2018 at 6:56 AM, soundar rajan <
>> bsoundarajan@gmail.com>
>> > > wrote:
>> > >
>> > > > Hi Daan,
>> > > >
>> > > > I dont see any request hitting  our domain controller while logging
>> > but i
>> > > > am able to import all users. Any idea.
>> > > >
>> > > > Regards
>> > > > Shyam
>> > > >
>> > > > On Mon, Mar 19, 2018 at 11:20 PM, Daan Hoogland <
>> > daan.hoogland@gmail.com
>> > > >
>> > > > wrote:
>> > > >
>> > > > > Shyam, do you have any related log message, preferably with stack
>> > trace
>> > > > > that is related? Do you see that request are coming in on your AD?
>> > > > >
>> > > > > On Mon, Mar 19, 2018 at 12:41 PM, soundar rajan <
>> > > bsoundarajan@gmail.com>
>> > > > > wrote:
>> > > > >
>> > > > > > Please find the error message
>> > > > > >
>> > > > > > Authentication failure:
>> > > > > > {"loginresponse":{"uuidList":[],"errorcode":531,"errortext":
>> > "Failed
>> > > to
>> > > > > > authenticate user shyam.soundar in domain 1; please provide
>> valid
>> > > > > > credentials"}}
>> > > > > >
>> > > > > >
>> > > > > > On Mon, Mar 19, 2018 at 6:10 PM, soundar rajan <
>> > > bsoundarajan@gmail.com
>> > > > >
>> > > > > > wrote:
>> > > > > >
>> > > > > > > Hi,
>> > > > > > >
>> > > > > > > Version i use is 4.11
>> > > > > > >
>> > > > > > > Regards
>> > > > > > > Shyam
>> > > > > > >
>> > > > > > > On Mon, Mar 19, 2018 at 5:38 PM, Daan Hoogland <
>> > > > > daan.hoogland@gmail.com>
>> > > > > > > wrote:
>> > > > > > >
>> > > > > > >> Shyam, sorry to hear. What versions are you using?
>> > > > > > >>
>> > > > > > >> On Mon, Mar 19, 2018 at 11:55 AM, soundar rajan <
>> > > > > bsoundarajan@gmail.com
>> > > > > > >
>> > > > > > >> wrote:
>> > > > > > >>
>> > > > > > >> > Hi ALL,
>> > > > > > >> >
>> > > > > > >> > I have successfully configured Active directory and able to
>> > > import
>> > > > > the
>> > > > > > >> > users to cloudstack.
>> > > > > > >> >
>> > > > > > >> > But users is not able to login with there domain
>> credentials
>> > do
>> > > i
>> > > > > miss
>> > > > > > >> > anything in the configuration?
>> > > > > > >> >
>> > > > > > >> > Regards
>> > > > > > >> > Shyam
>> > > > > > >> >
>> > > > > > >>
>> > > > > > >>
>> > > > > > >>
>> > > > > > >> --
>> > > > > > >> Daan
>> > > > > > >>
>> > > > > > >
>> > > > > > >
>> > > > > >
>> > > > >
>> > > > >
>> > > > >
>> > > > > --
>> > > > > Daan
>> > > > >
>> > > >
>> > >
>> > >
>> > >
>> > > --
>> > > Daan
>> > >
>> >
>>
>>
>>
>> --
>> Daan
>>
>
>

Re: Not able to authenticate using microsoft AD

[soundar rajan <bs...@gmail.com>]

yes its microsoftad and all the required parameters are configured
correctly

On Tue, Mar 20, 2018 at 3:22 PM, Daan Hoogland <da...@gmail.com>
wrote:

> Shyam, your reply to Rajani doesn't seem to include any settings. most
> particularly what is the value of 'ldap.provider'?
>
>
>
> On Tue, Mar 20, 2018 at 9:49 AM, soundar rajan <bs...@gmail.com>
> wrote:
>
> > Hi Daan,
> >
> > Please find the log
> >
> > 2018-03-20 14:17:55,650 DEBUG [c.c.u.AccountManagerImpl]
> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Attempting to log in
> user:
> > shyam.soundar in domain 1
> > 2018-03-20 14:17:55,673 DEBUG [o.a.c.l.LdapContextFactory]
> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) initializing ldap with
> > provider url: ldap://172.xx.xx.11:389
> > 2018-03-20 14:17:55,724 DEBUG [o.a.c.l.LdapContextFactory]
> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) initializing ldap with
> > provider url: ldap://172.xx.xx.11:389
> > 2018-03-20 14:17:55,725 DEBUG [c.c.u.AccountManagerImpl]
> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Unable to authenticate
> user
> > with username shyam.soundar in domain 1
> > 2018-03-20 14:17:55,726 DEBUG [c.c.u.AccountManagerImpl]
> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) User: shyam.soundar in
> > domain 1 has failed to log in
> > 2018-03-20 14:17:55,728 DEBUG [c.c.a.ApiServlet]
> > (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Authentication failure:
> > {"loginresponse":{"uuidList":[],"errorcode":531,"errortext":"Failed to
> > authenticate user shyam.soundar in domain 1; please provide valid
> > credentials"}}
> >
> > Regards
> > Shyam
> >
> > On Tue, Mar 20, 2018 at 12:58 PM, Daan Hoogland <daan.hoogland@gmail.com
> >
> > wrote:
> >
> > > not at first glance no, it can be a configuration or a code bug. Can
> you
> > > find anything in the logs around the moment of the login?
> > >
> > > On Tue, Mar 20, 2018 at 6:56 AM, soundar rajan <bsoundarajan@gmail.com
> >
> > > wrote:
> > >
> > > > Hi Daan,
> > > >
> > > > I dont see any request hitting  our domain controller while logging
> > but i
> > > > am able to import all users. Any idea.
> > > >
> > > > Regards
> > > > Shyam
> > > >
> > > > On Mon, Mar 19, 2018 at 11:20 PM, Daan Hoogland <
> > daan.hoogland@gmail.com
> > > >
> > > > wrote:
> > > >
> > > > > Shyam, do you have any related log message, preferably with stack
> > trace
> > > > > that is related? Do you see that request are coming in on your AD?
> > > > >
> > > > > On Mon, Mar 19, 2018 at 12:41 PM, soundar rajan <
> > > bsoundarajan@gmail.com>
> > > > > wrote:
> > > > >
> > > > > > Please find the error message
> > > > > >
> > > > > > Authentication failure:
> > > > > > {"loginresponse":{"uuidList":[],"errorcode":531,"errortext":
> > "Failed
> > > to
> > > > > > authenticate user shyam.soundar in domain 1; please provide valid
> > > > > > credentials"}}
> > > > > >
> > > > > >
> > > > > > On Mon, Mar 19, 2018 at 6:10 PM, soundar rajan <
> > > bsoundarajan@gmail.com
> > > > >
> > > > > > wrote:
> > > > > >
> > > > > > > Hi,
> > > > > > >
> > > > > > > Version i use is 4.11
> > > > > > >
> > > > > > > Regards
> > > > > > > Shyam
> > > > > > >
> > > > > > > On Mon, Mar 19, 2018 at 5:38 PM, Daan Hoogland <
> > > > > daan.hoogland@gmail.com>
> > > > > > > wrote:
> > > > > > >
> > > > > > >> Shyam, sorry to hear. What versions are you using?
> > > > > > >>
> > > > > > >> On Mon, Mar 19, 2018 at 11:55 AM, soundar rajan <
> > > > > bsoundarajan@gmail.com
> > > > > > >
> > > > > > >> wrote:
> > > > > > >>
> > > > > > >> > Hi ALL,
> > > > > > >> >
> > > > > > >> > I have successfully configured Active directory and able to
> > > import
> > > > > the
> > > > > > >> > users to cloudstack.
> > > > > > >> >
> > > > > > >> > But users is not able to login with there domain credentials
> > do
> > > i
> > > > > miss
> > > > > > >> > anything in the configuration?
> > > > > > >> >
> > > > > > >> > Regards
> > > > > > >> > Shyam
> > > > > > >> >
> > > > > > >>
> > > > > > >>
> > > > > > >>
> > > > > > >> --
> > > > > > >> Daan
> > > > > > >>
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Daan
> > > > >
> > > >
> > >
> > >
> > >
> > > --
> > > Daan
> > >
> >
>
>
>
> --
> Daan
>

Re: Not able to authenticate using microsoft AD

[Daan Hoogland <da...@gmail.com>]

Shyam, your reply to Rajani doesn't seem to include any settings. most
particularly what is the value of 'ldap.provider'?



On Tue, Mar 20, 2018 at 9:49 AM, soundar rajan <bs...@gmail.com>
wrote:

> Hi Daan,
>
> Please find the log
>
> 2018-03-20 14:17:55,650 DEBUG [c.c.u.AccountManagerImpl]
> (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Attempting to log in user:
> shyam.soundar in domain 1
> 2018-03-20 14:17:55,673 DEBUG [o.a.c.l.LdapContextFactory]
> (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) initializing ldap with
> provider url: ldap://172.xx.xx.11:389
> 2018-03-20 14:17:55,724 DEBUG [o.a.c.l.LdapContextFactory]
> (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) initializing ldap with
> provider url: ldap://172.xx.xx.11:389
> 2018-03-20 14:17:55,725 DEBUG [c.c.u.AccountManagerImpl]
> (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Unable to authenticate user
> with username shyam.soundar in domain 1
> 2018-03-20 14:17:55,726 DEBUG [c.c.u.AccountManagerImpl]
> (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) User: shyam.soundar in
> domain 1 has failed to log in
> 2018-03-20 14:17:55,728 DEBUG [c.c.a.ApiServlet]
> (qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Authentication failure:
> {"loginresponse":{"uuidList":[],"errorcode":531,"errortext":"Failed to
> authenticate user shyam.soundar in domain 1; please provide valid
> credentials"}}
>
> Regards
> Shyam
>
> On Tue, Mar 20, 2018 at 12:58 PM, Daan Hoogland <da...@gmail.com>
> wrote:
>
> > not at first glance no, it can be a configuration or a code bug. Can you
> > find anything in the logs around the moment of the login?
> >
> > On Tue, Mar 20, 2018 at 6:56 AM, soundar rajan <bs...@gmail.com>
> > wrote:
> >
> > > Hi Daan,
> > >
> > > I dont see any request hitting  our domain controller while logging
> but i
> > > am able to import all users. Any idea.
> > >
> > > Regards
> > > Shyam
> > >
> > > On Mon, Mar 19, 2018 at 11:20 PM, Daan Hoogland <
> daan.hoogland@gmail.com
> > >
> > > wrote:
> > >
> > > > Shyam, do you have any related log message, preferably with stack
> trace
> > > > that is related? Do you see that request are coming in on your AD?
> > > >
> > > > On Mon, Mar 19, 2018 at 12:41 PM, soundar rajan <
> > bsoundarajan@gmail.com>
> > > > wrote:
> > > >
> > > > > Please find the error message
> > > > >
> > > > > Authentication failure:
> > > > > {"loginresponse":{"uuidList":[],"errorcode":531,"errortext":
> "Failed
> > to
> > > > > authenticate user shyam.soundar in domain 1; please provide valid
> > > > > credentials"}}
> > > > >
> > > > >
> > > > > On Mon, Mar 19, 2018 at 6:10 PM, soundar rajan <
> > bsoundarajan@gmail.com
> > > >
> > > > > wrote:
> > > > >
> > > > > > Hi,
> > > > > >
> > > > > > Version i use is 4.11
> > > > > >
> > > > > > Regards
> > > > > > Shyam
> > > > > >
> > > > > > On Mon, Mar 19, 2018 at 5:38 PM, Daan Hoogland <
> > > > daan.hoogland@gmail.com>
> > > > > > wrote:
> > > > > >
> > > > > >> Shyam, sorry to hear. What versions are you using?
> > > > > >>
> > > > > >> On Mon, Mar 19, 2018 at 11:55 AM, soundar rajan <
> > > > bsoundarajan@gmail.com
> > > > > >
> > > > > >> wrote:
> > > > > >>
> > > > > >> > Hi ALL,
> > > > > >> >
> > > > > >> > I have successfully configured Active directory and able to
> > import
> > > > the
> > > > > >> > users to cloudstack.
> > > > > >> >
> > > > > >> > But users is not able to login with there domain credentials
> do
> > i
> > > > miss
> > > > > >> > anything in the configuration?
> > > > > >> >
> > > > > >> > Regards
> > > > > >> > Shyam
> > > > > >> >
> > > > > >>
> > > > > >>
> > > > > >>
> > > > > >> --
> > > > > >> Daan
> > > > > >>
> > > > > >
> > > > > >
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Daan
> > > >
> > >
> >
> >
> >
> > --
> > Daan
> >
>



-- 
Daan

Re: Not able to authenticate using microsoft AD

[soundar rajan <bs...@gmail.com>]

Hi Daan,

Please find the log

2018-03-20 14:17:55,650 DEBUG [c.c.u.AccountManagerImpl]
(qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Attempting to log in user:
shyam.soundar in domain 1
2018-03-20 14:17:55,673 DEBUG [o.a.c.l.LdapContextFactory]
(qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) initializing ldap with
provider url: ldap://172.xx.xx.11:389
2018-03-20 14:17:55,724 DEBUG [o.a.c.l.LdapContextFactory]
(qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) initializing ldap with
provider url: ldap://172.xx.xx.11:389
2018-03-20 14:17:55,725 DEBUG [c.c.u.AccountManagerImpl]
(qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Unable to authenticate user
with username shyam.soundar in domain 1
2018-03-20 14:17:55,726 DEBUG [c.c.u.AccountManagerImpl]
(qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) User: shyam.soundar in
domain 1 has failed to log in
2018-03-20 14:17:55,728 DEBUG [c.c.a.ApiServlet]
(qtp510113906-27:ctx-d5e5dcf9) (logid:4d1b7c7c) Authentication failure:
{"loginresponse":{"uuidList":[],"errorcode":531,"errortext":"Failed to
authenticate user shyam.soundar in domain 1; please provide valid
credentials"}}

Regards
Shyam

On Tue, Mar 20, 2018 at 12:58 PM, Daan Hoogland <da...@gmail.com>
wrote:

> not at first glance no, it can be a configuration or a code bug. Can you
> find anything in the logs around the moment of the login?
>
> On Tue, Mar 20, 2018 at 6:56 AM, soundar rajan <bs...@gmail.com>
> wrote:
>
> > Hi Daan,
> >
> > I dont see any request hitting  our domain controller while logging but i
> > am able to import all users. Any idea.
> >
> > Regards
> > Shyam
> >
> > On Mon, Mar 19, 2018 at 11:20 PM, Daan Hoogland <daan.hoogland@gmail.com
> >
> > wrote:
> >
> > > Shyam, do you have any related log message, preferably with stack trace
> > > that is related? Do you see that request are coming in on your AD?
> > >
> > > On Mon, Mar 19, 2018 at 12:41 PM, soundar rajan <
> bsoundarajan@gmail.com>
> > > wrote:
> > >
> > > > Please find the error message
> > > >
> > > > Authentication failure:
> > > > {"loginresponse":{"uuidList":[],"errorcode":531,"errortext":"Failed
> to
> > > > authenticate user shyam.soundar in domain 1; please provide valid
> > > > credentials"}}
> > > >
> > > >
> > > > On Mon, Mar 19, 2018 at 6:10 PM, soundar rajan <
> bsoundarajan@gmail.com
> > >
> > > > wrote:
> > > >
> > > > > Hi,
> > > > >
> > > > > Version i use is 4.11
> > > > >
> > > > > Regards
> > > > > Shyam
> > > > >
> > > > > On Mon, Mar 19, 2018 at 5:38 PM, Daan Hoogland <
> > > daan.hoogland@gmail.com>
> > > > > wrote:
> > > > >
> > > > >> Shyam, sorry to hear. What versions are you using?
> > > > >>
> > > > >> On Mon, Mar 19, 2018 at 11:55 AM, soundar rajan <
> > > bsoundarajan@gmail.com
> > > > >
> > > > >> wrote:
> > > > >>
> > > > >> > Hi ALL,
> > > > >> >
> > > > >> > I have successfully configured Active directory and able to
> import
> > > the
> > > > >> > users to cloudstack.
> > > > >> >
> > > > >> > But users is not able to login with there domain credentials do
> i
> > > miss
> > > > >> > anything in the configuration?
> > > > >> >
> > > > >> > Regards
> > > > >> > Shyam
> > > > >> >
> > > > >>
> > > > >>
> > > > >>
> > > > >> --
> > > > >> Daan
> > > > >>
> > > > >
> > > > >
> > > >
> > >
> > >
> > >
> > > --
> > > Daan
> > >
> >
>
>
>
> --
> Daan
>

Re: Not able to authenticate using microsoft AD

[Daan Hoogland <da...@gmail.com>]

not at first glance no, it can be a configuration or a code bug. Can you
find anything in the logs around the moment of the login?

On Tue, Mar 20, 2018 at 6:56 AM, soundar rajan <bs...@gmail.com>
wrote:

> Hi Daan,
>
> I dont see any request hitting  our domain controller while logging but i
> am able to import all users. Any idea.
>
> Regards
> Shyam
>
> On Mon, Mar 19, 2018 at 11:20 PM, Daan Hoogland <da...@gmail.com>
> wrote:
>
> > Shyam, do you have any related log message, preferably with stack trace
> > that is related? Do you see that request are coming in on your AD?
> >
> > On Mon, Mar 19, 2018 at 12:41 PM, soundar rajan <bs...@gmail.com>
> > wrote:
> >
> > > Please find the error message
> > >
> > > Authentication failure:
> > > {"loginresponse":{"uuidList":[],"errorcode":531,"errortext":"Failed to
> > > authenticate user shyam.soundar in domain 1; please provide valid
> > > credentials"}}
> > >
> > >
> > > On Mon, Mar 19, 2018 at 6:10 PM, soundar rajan <bsoundarajan@gmail.com
> >
> > > wrote:
> > >
> > > > Hi,
> > > >
> > > > Version i use is 4.11
> > > >
> > > > Regards
> > > > Shyam
> > > >
> > > > On Mon, Mar 19, 2018 at 5:38 PM, Daan Hoogland <
> > daan.hoogland@gmail.com>
> > > > wrote:
> > > >
> > > >> Shyam, sorry to hear. What versions are you using?
> > > >>
> > > >> On Mon, Mar 19, 2018 at 11:55 AM, soundar rajan <
> > bsoundarajan@gmail.com
> > > >
> > > >> wrote:
> > > >>
> > > >> > Hi ALL,
> > > >> >
> > > >> > I have successfully configured Active directory and able to import
> > the
> > > >> > users to cloudstack.
> > > >> >
> > > >> > But users is not able to login with there domain credentials do i
> > miss
> > > >> > anything in the configuration?
> > > >> >
> > > >> > Regards
> > > >> > Shyam
> > > >> >
> > > >>
> > > >>
> > > >>
> > > >> --
> > > >> Daan
> > > >>
> > > >
> > > >
> > >
> >
> >
> >
> > --
> > Daan
> >
>



-- 
Daan

Re: Not able to authenticate using microsoft AD

[soundar rajan <bs...@gmail.com>]

Hi Rajani,

Please find the settings



Regards
Shyam

On Tue, Mar 20, 2018 at 1:41 PM, Rajani Karuturi <ra...@apache.org> wrote:

> Can you check if LDAP is allowed in authenticators list? It's a global
> configuration.
>
> ~Rajani
>
> Sent from phone.
>
> On 20 Mar 2018 11:27 am, "soundar rajan" <bs...@gmail.com> wrote:
>
> > Hi Daan,
> >
> > I dont see any request hitting  our domain controller while logging but i
> > am able to import all users. Any idea.
> >
> > Regards
> > Shyam
> >
> > On Mon, Mar 19, 2018 at 11:20 PM, Daan Hoogland <daan.hoogland@gmail.com
> >
> > wrote:
> >
> > > Shyam, do you have any related log message, preferably with stack trace
> > > that is related? Do you see that request are coming in on your AD?
> > >
> > > On Mon, Mar 19, 2018 at 12:41 PM, soundar rajan <
> bsoundarajan@gmail.com>
> > > wrote:
> > >
> > > > Please find the error message
> > > >
> > > > Authentication failure:
> > > > {"loginresponse":{"uuidList":[],"errorcode":531,"errortext":"Failed
> to
> > > > authenticate user shyam.soundar in domain 1; please provide valid
> > > > credentials"}}
> > > >
> > > >
> > > > On Mon, Mar 19, 2018 at 6:10 PM, soundar rajan <
> bsoundarajan@gmail.com
> > >
> > > > wrote:
> > > >
> > > > > Hi,
> > > > >
> > > > > Version i use is 4.11
> > > > >
> > > > > Regards
> > > > > Shyam
> > > > >
> > > > > On Mon, Mar 19, 2018 at 5:38 PM, Daan Hoogland <
> > > daan.hoogland@gmail.com>
> > > > > wrote:
> > > > >
> > > > >> Shyam, sorry to hear. What versions are you using?
> > > > >>
> > > > >> On Mon, Mar 19, 2018 at 11:55 AM, soundar rajan <
> > > bsoundarajan@gmail.com
> > > > >
> > > > >> wrote:
> > > > >>
> > > > >> > Hi ALL,
> > > > >> >
> > > > >> > I have successfully configured Active directory and able to
> import
> > > the
> > > > >> > users to cloudstack.
> > > > >> >
> > > > >> > But users is not able to login with there domain credentials do
> i
> > > miss
> > > > >> > anything in the configuration?
> > > > >> >
> > > > >> > Regards
> > > > >> > Shyam
> > > > >> >
> > > > >>
> > > > >>
> > > > >>
> > > > >> --
> > > > >> Daan
> > > > >>
> > > > >
> > > > >
> > > >
> > >
> > >
> > >
> > > --
> > > Daan
> > >
> >
>

Re: Not able to authenticate using microsoft AD

[Rajani Karuturi <ra...@apache.org>]

Can you check if LDAP is allowed in authenticators list? It's a global
configuration.

~Rajani

Sent from phone.

On 20 Mar 2018 11:27 am, "soundar rajan" <bs...@gmail.com> wrote:

> Hi Daan,
>
> I dont see any request hitting  our domain controller while logging but i
> am able to import all users. Any idea.
>
> Regards
> Shyam
>
> On Mon, Mar 19, 2018 at 11:20 PM, Daan Hoogland <da...@gmail.com>
> wrote:
>
> > Shyam, do you have any related log message, preferably with stack trace
> > that is related? Do you see that request are coming in on your AD?
> >
> > On Mon, Mar 19, 2018 at 12:41 PM, soundar rajan <bs...@gmail.com>
> > wrote:
> >
> > > Please find the error message
> > >
> > > Authentication failure:
> > > {"loginresponse":{"uuidList":[],"errorcode":531,"errortext":"Failed to
> > > authenticate user shyam.soundar in domain 1; please provide valid
> > > credentials"}}
> > >
> > >
> > > On Mon, Mar 19, 2018 at 6:10 PM, soundar rajan <bsoundarajan@gmail.com
> >
> > > wrote:
> > >
> > > > Hi,
> > > >
> > > > Version i use is 4.11
> > > >
> > > > Regards
> > > > Shyam
> > > >
> > > > On Mon, Mar 19, 2018 at 5:38 PM, Daan Hoogland <
> > daan.hoogland@gmail.com>
> > > > wrote:
> > > >
> > > >> Shyam, sorry to hear. What versions are you using?
> > > >>
> > > >> On Mon, Mar 19, 2018 at 11:55 AM, soundar rajan <
> > bsoundarajan@gmail.com
> > > >
> > > >> wrote:
> > > >>
> > > >> > Hi ALL,
> > > >> >
> > > >> > I have successfully configured Active directory and able to import
> > the
> > > >> > users to cloudstack.
> > > >> >
> > > >> > But users is not able to login with there domain credentials do i
> > miss
> > > >> > anything in the configuration?
> > > >> >
> > > >> > Regards
> > > >> > Shyam
> > > >> >
> > > >>
> > > >>
> > > >>
> > > >> --
> > > >> Daan
> > > >>
> > > >
> > > >
> > >
> >
> >
> >
> > --
> > Daan
> >
>

Re: Not able to authenticate using microsoft AD

[soundar rajan <bs...@gmail.com>]

Hi Daan,

I dont see any request hitting  our domain controller while logging but i
am able to import all users. Any idea.

Regards
Shyam

On Mon, Mar 19, 2018 at 11:20 PM, Daan Hoogland <da...@gmail.com>
wrote:

> Shyam, do you have any related log message, preferably with stack trace
> that is related? Do you see that request are coming in on your AD?
>
> On Mon, Mar 19, 2018 at 12:41 PM, soundar rajan <bs...@gmail.com>
> wrote:
>
> > Please find the error message
> >
> > Authentication failure:
> > {"loginresponse":{"uuidList":[],"errorcode":531,"errortext":"Failed to
> > authenticate user shyam.soundar in domain 1; please provide valid
> > credentials"}}
> >
> >
> > On Mon, Mar 19, 2018 at 6:10 PM, soundar rajan <bs...@gmail.com>
> > wrote:
> >
> > > Hi,
> > >
> > > Version i use is 4.11
> > >
> > > Regards
> > > Shyam
> > >
> > > On Mon, Mar 19, 2018 at 5:38 PM, Daan Hoogland <
> daan.hoogland@gmail.com>
> > > wrote:
> > >
> > >> Shyam, sorry to hear. What versions are you using?
> > >>
> > >> On Mon, Mar 19, 2018 at 11:55 AM, soundar rajan <
> bsoundarajan@gmail.com
> > >
> > >> wrote:
> > >>
> > >> > Hi ALL,
> > >> >
> > >> > I have successfully configured Active directory and able to import
> the
> > >> > users to cloudstack.
> > >> >
> > >> > But users is not able to login with there domain credentials do i
> miss
> > >> > anything in the configuration?
> > >> >
> > >> > Regards
> > >> > Shyam
> > >> >
> > >>
> > >>
> > >>
> > >> --
> > >> Daan
> > >>
> > >
> > >
> >
>
>
>
> --
> Daan
>

Re: Not able to authenticate using microsoft AD

[Daan Hoogland <da...@gmail.com>]

Shyam, do you have any related log message, preferably with stack trace
that is related? Do you see that request are coming in on your AD?

On Mon, Mar 19, 2018 at 12:41 PM, soundar rajan <bs...@gmail.com>
wrote:

> Please find the error message
>
> Authentication failure:
> {"loginresponse":{"uuidList":[],"errorcode":531,"errortext":"Failed to
> authenticate user shyam.soundar in domain 1; please provide valid
> credentials"}}
>
>
> On Mon, Mar 19, 2018 at 6:10 PM, soundar rajan <bs...@gmail.com>
> wrote:
>
> > Hi,
> >
> > Version i use is 4.11
> >
> > Regards
> > Shyam
> >
> > On Mon, Mar 19, 2018 at 5:38 PM, Daan Hoogland <da...@gmail.com>
> > wrote:
> >
> >> Shyam, sorry to hear. What versions are you using?
> >>
> >> On Mon, Mar 19, 2018 at 11:55 AM, soundar rajan <bsoundarajan@gmail.com
> >
> >> wrote:
> >>
> >> > Hi ALL,
> >> >
> >> > I have successfully configured Active directory and able to import the
> >> > users to cloudstack.
> >> >
> >> > But users is not able to login with there domain credentials do i miss
> >> > anything in the configuration?
> >> >
> >> > Regards
> >> > Shyam
> >> >
> >>
> >>
> >>
> >> --
> >> Daan
> >>
> >
> >
>



-- 
Daan

Re: Not able to authenticate using microsoft AD

[soundar rajan <bs...@gmail.com>]

Please find the error message

Authentication failure:
{"loginresponse":{"uuidList":[],"errorcode":531,"errortext":"Failed to
authenticate user shyam.soundar in domain 1; please provide valid
credentials"}}


On Mon, Mar 19, 2018 at 6:10 PM, soundar rajan <bs...@gmail.com>
wrote:

> Hi,
>
> Version i use is 4.11
>
> Regards
> Shyam
>
> On Mon, Mar 19, 2018 at 5:38 PM, Daan Hoogland <da...@gmail.com>
> wrote:
>
>> Shyam, sorry to hear. What versions are you using?
>>
>> On Mon, Mar 19, 2018 at 11:55 AM, soundar rajan <bs...@gmail.com>
>> wrote:
>>
>> > Hi ALL,
>> >
>> > I have successfully configured Active directory and able to import the
>> > users to cloudstack.
>> >
>> > But users is not able to login with there domain credentials do i miss
>> > anything in the configuration?
>> >
>> > Regards
>> > Shyam
>> >
>>
>>
>>
>> --
>> Daan
>>
>
>

Re: Not able to authenticate using microsoft AD

[soundar rajan <bs...@gmail.com>]

Hi,

Version i use is 4.11

Regards
Shyam

On Mon, Mar 19, 2018 at 5:38 PM, Daan Hoogland <da...@gmail.com>
wrote:

> Shyam, sorry to hear. What versions are you using?
>
> On Mon, Mar 19, 2018 at 11:55 AM, soundar rajan <bs...@gmail.com>
> wrote:
>
> > Hi ALL,
> >
> > I have successfully configured Active directory and able to import the
> > users to cloudstack.
> >
> > But users is not able to login with there domain credentials do i miss
> > anything in the configuration?
> >
> > Regards
> > Shyam
> >
>
>
>
> --
> Daan
>

Re: Not able to authenticate using microsoft AD

[Daan Hoogland <da...@gmail.com>]

Shyam, sorry to hear. What versions are you using?

On Mon, Mar 19, 2018 at 11:55 AM, soundar rajan <bs...@gmail.com>
wrote:

> Hi ALL,
>
> I have successfully configured Active directory and able to import the
> users to cloudstack.
>
> But users is not able to login with there domain credentials do i miss
> anything in the configuration?
>
> Regards
> Shyam
>



-- 
Daan