Jérémie, 'Unknown user name or bad password.'
Suggests that this is an issue on AD side. See https://fawnoos.com/2022/11/24/cas70x-azure-active-directory/ or this older one https://fawnoos.com/2017/11/22/cas-saml-integration-adfs/ Ray On Mon, 2023-06-19 at 00:41 -0700, Jérémie wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. All logs were already set to DEBUG. I don't think firewall rules are causing the issue here as I'm reaching the AD. Tomcat stdout logs : 2023-06-19 07:32:52,281 INFO [org.apereo.cas.authentication.DefaultAuthenticationManager] - <[LdapAuthenticationHandler] exception details: [].> 2023-06-19 07:32:52,281 INFO [org.apereo.cas.authentication.DefaultAuthenticationManager] - <[Static Credentials] exception details: [cas not found in backing map.].> 2023-06-19 07:32:52,281 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: cas WHAT: [UsernamePasswordCredential(username=cas, source=null, customFields={})] ACTION: AUTHENTICATION_FAILED APPLICATION: CAS WHEN: Mon Jun 19 07:32:52 UTC 2023 cas is my user to recall. AD Logs (not sure if I can get more detailed, not an AD expert) : [F8LpQIKbQg.png] Account For Which Logon Failed: Security ID: NULL SID Account Name: cas Account Domain: AAA Failure Information: Failure Reason: Unknown user name or bad password. Status: 0xC000006D Sub Status: 0xC000006A Process Information: Caller Process ID: 0x34c Caller Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: XXX Source Network Address: 127.0.0.1 Source Port: 51309 Detailed Authentication Information: Logon Process: Advapi Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Transited Services: - Package Name (NTLM only): - Key Length: 0 Le samedi 17 juin 2023 à 06:38:24 UTC+2, dfisher a écrit : On Fri, Jun 16, 2023 at 5:56 AM Jérémie <[email protected]> wrote: Thank for the logger, I've added it at the end of log4j2 file and set level todebug You'll probably get a more complete picture if you set all of `org.ldaptive` to DEBUG. Here is my error log now (debug logs doesn't seem to give much more information) : 2023-06-16 09:12:06,090 INFO [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <[0] expired tickets removed.> 2023-06-16 09:12:22,891 WARN [org.ldaptive.transport.netty.NettyConnection] - <Inbound handler caught exception for org.ldaptive.transport.netty.NettyConnection@472298790::ldapUrl=[org.ldaptive.LdapURL@1454060764::scheme=ldap, hostname=localhost, port=389, baseDn=null, attributes=null, scope=null, filter=null, inetAddress=null], isOpen=true, connectTime=2023-06-16T09:09:32.569972500Z, connectionConfig=[org.ldaptive.ConnectionConfig@1751226570::ldapUrl=ldap://localhost:389, connectTimeout=PT5S, responseTimeout=PT5S, reconnectTimeout=PT2M, autoReconnect=true, autoReconnectCondition=org.ldaptive.ConnectionConfig$$Lambda$1680/0x0000000100199c40@594e605c, autoReplay=true, sslConfig=[org.ldaptive.ssl.SslConfig@1885893078::credentialConfig=null, trustManagers=null, hostnameVerifier=org.ldaptive.ssl.DefaultHostnameVerifier@26a2d23f, enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null, handshakeTimeout=PT1M], useStartTLS=false, connectionInitializers=null, connectionStrategy=[org.ldaptive.ActivePassiveConnectionStrategy@1122089449::ldapURLSet=[org.ldaptive.LdapURLSet@1745317225::active=[[org.ldaptive.LdapURL@1454060764::scheme=ldap, hostname=localhost, port=389, baseDn=null, attributes=null, scope=null, filter=null, inetAddress=null]], inactive=[]], activateCondition=org.ldaptive.transport.TransportConnection$$Lambda$1692/0x0000000100bd7840@6bd15511, retryCondition=org.ldaptive.AbstractConnectionStrategy$$Lambda$1683/0x0000000100b72040@24308773, initialized=true], connectionValidator=null, transportOptions={}], channel=[id: 0x560c13d8, L:/127.0.0.1:64781<http://127.0.0.1:64781> - R:localhost/127.0.0.1:389<http://127.0.0.1:389>]> Any localhost firewall rules that may be causing problems? What does the AD logs say? --Daniel Fisher -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/6df5e5a744384cf694d1cd63cf3246fa51941dea.camel%40uvic.ca.
