Rundeck on Windows server (Community Version) - ActiveDirectory integrated login configuration

[naveen krishna vadakoppula]

Hi Team,

I'm trying to configure Active Directory integration with my Rundeck running on Windows. I have did this multiple times on Rundeck running on Linux flavours. 

But here with Rundeck running on Windows server has issues as i cant login with domain credentials after configuration

Modified real.prop to disable default admin credendtials

modified jass-loginmodule to route requests to my activedirectory.conf

modified profiles to use activedirectory as login module

with the same setup and user, im able to successfully configure and login to Linux-Rundeck's but not working for Windows-Rundeck

I'm not able to find the documentation as well for Windows-Rundeck AD integrations

Below are error details:-

[2021-07-06T07:04:42,098] DEBUG authentication.GrailsUsernamePasswordAuthenticationFilter - Request is to process authentication

[2021-07-06T07:04:42,099] DEBUG authentication.GrailsUsernamePasswordAuthenticationFilter - Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials

org.springframework.security.authentication.BadCredentialsException: Bad credentials

Please help me

Thank you

Naveen

[rac...@rundeck.com]

Hi Naveen,

Take a look at this to the official documentation and this for AD configuration.

Here how I configured, here the launch script, and here the profile.bat content.

In addition, check this thread to discard all possible reasons of the "Bad credentials" error.

Hope it helps!

[naveen krishna vadakoppula]

Hi Team,

i have tried above suggestions but no luck

below is my profile.bat

set RDECK_BASE=C:\ProgramData\rundeck

set JAVA_HOME=C:\Program Files (x86)\Java\jre1.8.0_221

:: Unsetting JRE_HOME to ensure there is no conflict with JAVA_HOME
(set JRE_HOME=)

set Path=%JAVA_HOME%\bin;%RDECK_BASE%\tools\bin;%Path%

set RDECK_SSL_OPTS="-Djavax.net.ssl.trustStore=%RDECK_BASE%\etc\truststore -Djavax.net.ssl.trustStoreType=jks -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol"
set RDECK_CLI_OPTS=-Xms128m -Xmx256m
set RD_LIBDIR=%RDECK_BASE%\tools\lib
Set RDECK_JVM_OPTS=-Drundeck.jaaslogin=false -Djava.security.auth.login.config=C:\ProgramData\rundeck\server\config\jaas-activedirectory.conf -Dloginmodule.name=activedirectory

below is my launch.bat

set CURDIR=%~dp0
call %CURDIR%\etc\profile.bat
java %RDECK_CLI_OPTS% %RDECK_SSL_OPTS% -jar rundeck-3.3.12-20210521.war --skipinstall -d  >> %CURDIR%\var\logs\service.log  2>&1

below is my profile

RDECK_BASE=C:\ProgramData\rundeck
export RDECK_BASE

JAVA_HOME=C:\Program Files (x86)\Java\jre1.8.0_221
export JAVA_HOME

PATH=$JAVA_HOME\bin:$RDECK_BASE\tools\bin:$PATH
export PATH

export JAVA_CMD=$JAVA_HOME\bin\java

if test -n "$JRE_HOME"
then
   unset JRE_HOME
fi

#
# Set min/max heap size
#
export RDECK_JVM="$RDECK_JVM -Xmx1024m -Xms256m -XX:MaxMetaspaceSize=256m -server"

export RDECK_SSL_OPTS="-Djavax.net.ssl.trustStore=$RDECK_BASE/etc/truststore -Djavax.net.ssl.trustStoreType=jks -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol"

export RDECK_JVM="-Djava.security.auth.login.config=C:\ProgramData\rundeck\server\config\jaas-activedirectory.conf -Dloginmodule.name=activedirectory"

umask 002

still i see bad credential error

below is the error

[2021-07-06T13:05:23,634] DEBUG authentication.GrailsUsernamePasswordAuthenticationFilter - Request is to process authentication
[2021-07-06T13:05:23,684] DEBUG authentication.GrailsUsernamePasswordAuthenticationFilter - Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials
org.springframework.security.authentication.BadCredentialsException: Bad credentials

***Just curious on web.xml file for roles mapping

in the linux environment we store it under /var/lib/rundeck/web/WEB-APP/web.xml

what will the location for windows environment to store this file for roles mapping the AD groups

please have a look

Thank you

Naveen 

--
You received this message because you are subscribed to the Google Groups "rundeck-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rundeck-discu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rundeck-discuss/dd7c5a7c-6d75-4f61-b60d-73da6597cd46n%40googlegroups.com.

[naveen krishna vadakoppula]

Ignore my above email....This has been taken care

Thank you

Naveen