I have a problem with users to authenticate in JIRA, if they have a policy setup in AD to authenticate only on own computers.
The users that have the ability to logon on all the computers in the domain have no problem logging into JIRA.
The others, cannot login at all in JIRA.
Here is the error line :
2013-04-09 12:30:38,058 http-bio-8080-exec-12 anonymous 750x8387x1 75mz6v 10.2.32.12 /rest/gadget/1.0/login login : 'xxx' tried to login but they do not have USE permission or weren't found. Deleting remember me cookie.
2013-04-09 12:30:38,064 http-bio-8080-exec-12 anonymous 750x8387x1 75mz6v 10.2.32.12 /rest/gadget/1.0/login The user 'xxx' has FAILED authentication. Failure count equals 4
Also, when testing over the AD : Test user can authenticate=Failed
It is not a group policy, it’s an internal policy that specifies for each user to be allowed to Log On only to the computer that he uses ( done via user configuration in Active Directory Users and Computers->Account->Log On To );
Microsoft Windows Server 2003 Active Directory (LDAP v3);
Example : There are users that work in the IT department, users created in AD, that can login to JIRA without problems. These users do not have this policy. The other users, from other departments, like Sales, are limited by the local policy to logon only on a designated workstation, cannot login in JIRA.
If the local policy is disabled for these users, they can login without problems in JIRA.
There is no problem for the Administrator account created in the Internal Directory.
First I thought if I grant the user from Sales (J1) the right to login to JiraServer it will solve the problem, but it seems it does not.
I also found another workaround, unfortunately not acceptable : give logon permission to user J1 to DC . If we give access to the user to logon to the domain controller than it will be able to login into Jira also.
So, I have 2 workarounds for this, both of them unacceptable till now. I have been adviced to ask here, on answers, as Atlassian canot reproduce this scenario :
As the ticket described, the standard protocol of LDAP does not read the "log on to..." information, and by missing this information, I believe it hits the limitation encountered by you. We have also tried to replicate the problem and try to find a workaround, but due to the nature of this problem with multiple third party configurations, we could not able to get a valid workaround to your case. Furthermore, as mentioned this is an out of scope support as you have determined that this issue is related to policy applied which all is configured on a third party applications.
Does anyone have run into the same problem before? Or anyone have any clues?
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot