Try authenticated type instead, cas.authn.ldap[0].type=AUTHENTICATED cas.authn.ldap[0].bindDn=YOUR_BIND_DN, Can be upn format as well instead of full dn cas.authn.ldap[0].bindCredential=YOUR_BIND_PASSWORD
On Wednesday, June 21, 2023 at 9:42:15 AM UTC-5 Ray Bon wrote: > Jérémie, > > 'Unknown user name or bad password.' > > Suggests that this is an issue on AD side. > See https://fawnoos.com/2022/11/24/cas70x-azure-active-directory/ or this > older one https://fawnoos.com/2017/11/22/cas-saml-integration-adfs/ > > Ray > > On Mon, 2023-06-19 at 00:41 -0700, Jérémie wrote: > > Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information. > > All logs were already set to DEBUG. > > I don't think firewall rules are causing the issue here as I'm reaching > the AD. > > Tomcat stdout logs : > > > > > > > > > *2023-06-19 07:32:52,281 INFO > [org.apereo.cas.authentication.DefaultAuthenticationManager] - > <[LdapAuthenticationHandler] exception details: [].> 2023-06-19 > 07:32:52,281 INFO > [org.apereo.cas.authentication.DefaultAuthenticationManager] - <[Static > Credentials] exception details: [cas not found in backing map.].> > 2023-06-19 07:32:52,281 INFO > [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit > trail record BEGIN > ============================================================= WHO: cas > WHAT: [UsernamePasswordCredential(username=cas, source=null, > customFields={})] ACTION: AUTHENTICATION_FAILED APPLICATION: CAS WHEN: Mon > Jun 19 07:32:52 UTC 2023* > > *cas* is my user to recall. > > AD Logs (not sure if I can get more detailed, not an AD expert) : > [image: F8LpQIKbQg.png] > Account For Which Logon Failed: > Security ID: NULL SID > Account Name: cas > Account Domain: AAA > > Failure Information: > Failure Reason: Unknown user name or bad password. > Status: 0xC000006D > Sub Status: 0xC000006A > > Process Information: > Caller Process ID: 0x34c > Caller Process Name: C:\Windows\System32\lsass.exe > > Network Information: > Workstation Name: XXX > Source Network Address: 127.0.0.1 > Source Port: 51309 > > Detailed Authentication Information: > Logon Process: Advapi > Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 > Transited Services: - > Package Name (NTLM only): - > Key Length: 0 > Le samedi 17 juin 2023 à 06:38:24 UTC+2, dfisher a écrit : > > On Fri, Jun 16, 2023 at 5:56 AM Jérémie <crazybr...@gmail.com> wrote: > > Thank for the logger, I've added it at the end of log4j2 file and set > level to*debug* > > > You'll probably get a more complete picture if you set all of > `org.ldaptive` to DEBUG. > > > > Here is my error log now (debug logs doesn't seem to give much more > information) : > > > *2023-06-16 09:12:06,090 INFO > [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <[0] > expired tickets removed.> 2023-06-16 09:12:22,891 WARN > [org.ldaptive.transport.netty.NettyConnection] - <Inbound handler caught > exception for > org.ldaptive.transport.netty.NettyConnection@472298790::ldapUrl=[org.ldaptive.LdapURL@1454060764::scheme=ldap, > > hostname=localhost, port=389, baseDn=null, attributes=null, scope=null, > filter=null, inetAddress=null], isOpen=true, > connectTime=2023-06-16T09:09:32.569972500Z, > connectionConfig=[org.ldaptive.ConnectionConfig@1751226570::ldapUrl=ldap://localhost:389, > > connectTimeout=PT5S, responseTimeout=PT5S, reconnectTimeout=PT2M, > autoReconnect=true, > autoReconnectCondition=org.ldaptive.ConnectionConfig$$Lambda$1680/0x0000000100199c40@594e605c, > > autoReplay=true, > sslConfig=[org.ldaptive.ssl.SslConfig@1885893078::credentialConfig=null, > trustManagers=null, > hostnameVerifier=org.ldaptive.ssl.DefaultHostnameVerifier@26a2d23f, > enabledCipherSuites=null, enabledProtocols=null, > handshakeCompletedListeners=null, handshakeTimeout=PT1M], > useStartTLS=false, connectionInitializers=null, > connectionStrategy=[org.ldaptive.ActivePassiveConnectionStrategy@1122089449::ldapURLSet=[org.ldaptive.LdapURLSet@1745317225::active=[[org.ldaptive.LdapURL@1454060764::scheme=ldap, > > hostname=localhost, port=389, baseDn=null, attributes=null, scope=null, > filter=null, inetAddress=null]], inactive=[]], > activateCondition=org.ldaptive.transport.TransportConnection$$Lambda$1692/0x0000000100bd7840@6bd15511, > > retryCondition=org.ldaptive.AbstractConnectionStrategy$$Lambda$1683/0x0000000100b72040@24308773, > > initialized=true], connectionValidator=null, transportOptions={}], > channel=[id: 0x560c13d8, L:/127.0.0.1:64781 <http://127.0.0.1:64781> - > R:localhost/127.0.0.1:389 <http://127.0.0.1:389>]>* > > > Any localhost firewall rules that may be causing problems? What does the > AD logs say? > > --Daniel Fisher > > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/15727e8d-1679-4f1a-b6cb-f959d3d641b0n%40apereo.org.
