some users cant log in - windows pop up

Lukas Konrad May 1, 2014

Hi all,

Some users can not log into JIRA. After they enter a URL, they see the windows pop up where they enter the credentials for the JIRA server. Credentials will not work and after x attempts they get message http 401. This applies to several dozen users who have the same settings as the others, which it is okay. Security policies are set globally. If the affected users try to log on station, where a log-worked, their logging are without any problems.

2 answers

1 accepted

0 votes
Answer accepted
Lukas Konrad May 4, 2014

Solved - I turned off ntlm auth. and now is OK. Problem was with licencing, thanks

0 votes
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
May 1, 2014

You say "the windows popup" - do you mean you are getting a popup from the browser, or literally a windows login popup? (If it's an application popup, then how have you done that? Jira doesn't pop up a window for login, it goes to a login screen, so Im a bit confused by that)

Lukas Konrad May 1, 2014

its a windows login popup and this popup shows before JIRA login page

Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
May 1, 2014

Ok, if you're seeing a windows login, that's probably caused by your network - your users open the browser, try to go to Jira and the network doesn't think they're logged in. So they need to enter their windows/network login into it, not Jira.

I'm afraid that's a networking problem, not Jira. Unless you're using some form of directory integration and SSO - is that the case?

Lukas Konrad May 1, 2014

I think it could be a problem verifying the Tomcat. I tried to use the affected user profile on my workstation and popup appeared again. When the user enters their credentials, so it will not work, but when I enter my data, so I get to JIRA.

we using ntlm auth.

Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
May 1, 2014

Sorry, how have you hooked NTLM into Jira?

Lukas Konrad May 1, 2014

I do not know exactly what you mean? Do you want to insert the contents of web.xml and seraph.xml?

Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
May 1, 2014

Well, not the details, just explain how you've hooked it up and how Jira talks to your user listing (I'm guessing that's Active Directory?)

Lukas Konrad May 1, 2014

yes Active Directory on port 389

Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
May 1, 2014

Ok, then you probably need to read the AD logs to find out why their logins are failing.

But it might be worth posting the AD configuration in Jira here for us to sanity check it (it's probably fine, as you do have people who can get in, but it's still useful background for us to see while we epxlore the AD logs)

Lukas Konrad May 1, 2014

i checked AD logs, but no errors or similar events for this day

Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
May 1, 2014

I'm afraid you need to turn the logging up on AD then.

The problem here is that your network doesn't believe your user is logged in, and then it's refusing to accept whatever they're typing in when the box pops up. This is entirely down to AD and your network, they're not even reaching Jira when this is happening.

Lukas Konrad May 1, 2014

hmm, now after restarting Tomcat impaired users already get without a problem, I do not know whether to appear other users on Monday. Do you have any idea what it could be?

Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
May 1, 2014

Hmm. The last time I saw that happen, it was broken AD. Stopping Tomcat fixed it because whatever was broken started getting "not found" from Tomcat instead of the authentication stuff, so it cleared some form of cache. But it might be a cache in Tomcat for you, or something else.

It's pretty much impossible to diagnose this without tracing what is going on when a user tries to authenticate via AD, which means you need to log it in AD.

Lukas Konrad May 4, 2014

Today we have the same problem with different users, I found in ntlm-auth.log

This may be the cause?

HttpSecurityService: 192.168.3.166:62345: Authentication failed: NETLOGON failure

2014-05-05 08:50:22: Jespa license.key: SN2151120131022|0|0|1389331860|Jespa 60 Day Trial Licensing Key||||||

2014-05-05 08:50:22: Jespa code-source: /D:/jira-612/atlassian-jira/WEB-INF/lib/jespa-1.1.19.jar

2014-05-05 08:50:22: HttpSecurityService: IP: USER successfully authenticated

2014-05-05 08:50:28: java.io.IOException: Jespa license.key 25 user limit exceeded

Lukas Konrad May 4, 2014

is there any easy way to turn off ntlm auth?

Suggest an answer

Log in or Sign up to answer