Certain users can't interface with stash from their PCs

Haemish Kyd June 23, 2015

Hi,

We run Stash which is connnected to the company active directory. We have noticed with two users now that suddenly their PCs are unable to interact with stash at all (can't pull, push, clone). We do not use putty or any ssh keys. However both users do have putty installed. I have eliminated certain things:

  • They can clone from elsewhere (also push and pull). They can interact with git repositories that require no authentication (github, other repositories on the local network)
  • On another PC that user can access the stash server and interact.

These two things suggest that there is nothing wrong with the user profile on stash (permissions etc are fine)

What I have summised from this is that the user has something in their profile (windows profile) that is causing the problem. We deleted one of these users entire profile and reconstituted it and this resolved the issue. This is obviously not an ideal solution.

My question is what do I need to delete from the users profile to make sure that they can authenticate with stash properly. A normal user gets prompted for their password when interacting with stash but these users do not get this request. 

I have searched for an answer for ages but can't seem to find someone with a similar problem.

 

Any help would be appreciated.

Haemish

6 answers

0 votes
Cezariusz Marek September 21, 2015

Version 1.9.5.msysgit.1 is broken, it doesn't send Realm in the authorization header. Use 1.9.5.msysgit.0.

0 votes
Jeff Thomas
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 23, 2015

The timeout error is coming from the Cisco Web Security Appliance. Do these users sit on a difference network or connect through a proxy to get to the server? If they have a local VPN running, have them turn it off and try again.

0 votes
Haemish Kyd June 23, 2015

Thanks for your feedback. I have captured the logs below. The broken computer is first. It seems to find the server but then timesout because of a lack of response. Any thoughts. Thanks for your help so far. *********************************************The broken computer's log is********************************************* $ git pull * Couldn't find host ezstash.opmain.ds.corp in the _netrc file; using defaults * Trying 10.93.250.10... * Connected to zapryproxy01.opmain.ds.corp (10.93.250.10) port 3128 (#0) * Proxy auth using Basic with user 'ezwest' > GET http://ezhaem@ezstash.opmain.ds.corp/scm/latex/doctemplate.git/info/refs?s ervice=git-upload-pack HTTP/1.1 Proxy-Authorization: Basic ZXp3ZXN0OkhvcGUyMDE1 User-Agent: git/1.9.5.msysgit.1 Host: ezstash.opmain.ds.corp Accept: */* Accept-Encoding: gzip Proxy-Connection: Keep-Alive Pragma: no-cache < HTTP/1.1 504 Gateway Timeout < Mime-Version: 1.0 < Date: Tue, 23 Jun 2015 14:15:51 GMT < Via: 1.1 ZAPRYPROXY01.opmain.ds.corp:3128 (Cisco-WSA/8.5.2-027) < Content-Type: text/html < Connection: keep-alive < Proxy-Connection: keep-alive < Content-Length: 2715 < * Connection #0 to host zapryproxy01.opmain.ds.corp left intact fatal: unable to access 'http://ezhaem@ezstash.opmain.ds.corp/scm/latex/doctempl ate.git/': The requested URL returned error: 504 ************************************************The working computer's log is***************************************** $ git pull * Couldn't find host ezstash.opmain.ds.corp in the _netrc file; using defaults * Adding handle: conn: 0x227efd0 * Adding handle: send: 0 * Adding handle: recv: 0 * Curl_addHandleToPipeline: length: 1 * - Conn 0 (0x227efd0) send_pipe: 1, recv_pipe: 0 * About to connect() to ezstash.opmain.ds.corp port 80 (#0) * Trying 10.93.228.21... * Connected to ezstash.opmain.ds.corp (10.93.228.21) port 80 (#0) > GET /scm/latex/doctemplate.git/info/refs?service=git-upload-pack HTTP/1.1 User-Agent: git/1.9.5.msysgit.0 Host: ezstash.opmain.ds.corp Accept: */* Accept-Encoding: gzip Pragma: no-cache < HTTP/1.1 401 Unauthorized * Server Apache-Coyote/1.1 is not blacklisted < Server: Apache-Coyote/1.1 < X-AREQUESTID: @1OE7SHYx978x72322x0 < X-ASEN: SEN-3068575 < X-XSS-Protection: 1; mode=block < X-Frame-Options: SAMEORIGIN < X-Content-Type-Options: nosniff < WWW-Authenticate: Basic realm="Atlassian Stash" < Content-Length: 0 < Date: Tue, 23 Jun 2015 14:18:58 GMT < * Connection #0 to host ezstash.opmain.ds.corp left intact * Issue another request to this URL: 'http://EZWEST@ezstash.opmain.ds.corp/scm/l atex/doctemplate.git/info/refs?service=git-upload-pack' * Couldn't find host ezstash.opmain.ds.corp in the _netrc file; using defaults * Found bundle for host ezstash.opmain.ds.corp: 0x2261b88 * Re-using existing connection! (#0) with host ezstash.opmain.ds.corp * Connected to ezstash.opmain.ds.corp (10.93.228.21) port 80 (#0) * Adding handle: conn: 0x227efd0 * Adding handle: send: 0 * Adding handle: recv: 0 * Curl_addHandleToPipeline: length: 1 * - Conn 0 (0x227efd0) send_pipe: 1, recv_pipe: 0 * Server auth using Basic with user 'EZWEST' > GET /scm/latex/doctemplate.git/info/refs?service=git-upload-pack HTTP/1.1 Authorization: Basic RVpXRVNUOg== User-Agent: git/1.9.5.msysgit.0 Host: ezstash.opmain.ds.corp Accept: */* Accept-Encoding: gzip Pragma: no-cache < HTTP/1.1 401 Unauthorized * Server Apache-Coyote/1.1 is not blacklisted < Server: Apache-Coyote/1.1 < X-AREQUESTID: @1OE7SHYx978x72323x0 < X-ASEN: SEN-3068575 < Set-Cookie: _atl_stash_remember_me=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ * Authentication problem. Ignoring this. < WWW-Authenticate: Basic realm="Atlassian Stash" < Content-Length: 0 < Date: Tue, 23 Jun 2015 14:18:58 GMT < * Connection #0 to host ezstash.opmain.ds.corp left intact Password for 'http://EZWEST@ezstash.opmain.ds.corp';: * Couldn't find host ezstash.opmain.ds.corp in the _netrc file; using defaults * Found bundle for host ezstash.opmain.ds.corp: 0x2261b88 * Re-using existing connection! (#0) with host ezstash.opmain.ds.corp * Connected to ezstash.opmain.ds.corp (10.93.228.21) port 80 (#0) * Adding handle: conn: 0x227efd0 * Adding handle: send: 0 * Adding handle: recv: 0 * Curl_addHandleToPipeline: length: 1 * - Conn 0 (0x227efd0) send_pipe: 1, recv_pipe: 0 * Server auth using Basic with user 'EZWEST' > GET /scm/latex/doctemplate.git/info/refs?service=git-upload-pack HTTP/1.1 Authorization: Basic RVpXRVNUOkNhc3MyMDIz User-Agent: git/1.9.5.msysgit.0 Host: ezstash.opmain.ds.corp Accept: */* Accept-Encoding: gzip Pragma: no-cache < HTTP/1.1 401 Unauthorized * Server Apache-Coyote/1.1 is not blacklisted < Server: Apache-Coyote/1.1 < X-AREQUESTID: @1OE7SHYx979x72324x0 < X-ASEN: SEN-3068575 < Set-Cookie: _atl_stash_remember_me=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ * Authentication problem. Ignoring this. < WWW-Authenticate: Basic realm="Atlassian Stash" < Content-Length: 0 < Date: Tue, 23 Jun 2015 14:19:06 GMT < * Connection #0 to host ezstash.opmain.ds.corp left intact fatal: Authentication failed for 'http://EZWEST@ezstash.opmain.ds.corp/scm/latex /doctemplate.git/'

0 votes
JamieA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
June 23, 2015

I don't have much, but I would advise setting: set GIT_CURL_VERBOSE=1 then running the git command. You can post the output up here. Also compare it the output from one of the working users/machines.

0 votes
Haemish Kyd June 23, 2015

That is correct yes. Under normal conditions we clone using a url like so: http://EZHAEM@ezstash.opmain.ds.corp/scm/latex/doctemplate.git it then requests a password (which is our windows active directory password) and once we put it in we are away. With the users experiencing this problem the password is never asked for!

0 votes
JamieA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
June 23, 2015

You do not use SSH keys, so that implies all push/pull etc is over https?

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events