SSH Auth Breaks with No Password error from ActiveDirectoryUnixAuthenticationProvider

Issue

  • The following stacktrace appears when trying to be authenticated against Jenkins using the jenkins-cli.
Aug 07, 2015 5:01:36 PM hudson.TcpSlaveAgentListener$ConnectionHandler run
INFO: Accepted connection #9 from /127.0.0.1:48680
Exception in thread "Thread-1234" org.acegisecurity.userdetails.UsernameNotFoundException: Authentication was successful but cannot locate the user information for
  at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:295)
  at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:219)
  at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:163)
  at hudson.plugins.active_directory.AbstractActiveDirectoryAuthenticationProvider.loadUserByUsername(AbstractActiveDirectoryAuthenticationProvider.java:53)
  at jenkins.security.ImpersonatingUserDetailsService.loadUserByUsername(ImpersonatingUserDetailsService.java:32)
  at hudson.model.User.impersonate(User.java:309)
  at org.jenkinsci.main.modules.cli.auth.ssh.SshCliAuthenticator.authenticate(SshCliAuthenticator.java:44)
  at hudson.cli.CliManagerImpl$2.run(CliManagerImpl.java:109)

Environment

  • CloudBees Jenkins Enterprise
  • Active Directory Plugin

Resolution

At least one of the reasons why this issue might happen is because somehow there is a defined user internally on with a/several space/s as name. Something like:

http://<JENKINS_URL>/user/%20/configure

This user might have the same SSH Key than the Chef user you are using. I am able to re-produce the issue you are facing when this happen.

You can check if there are several users with the same SSH Key with the Groovy script below that you can execute in http://<JENKINS_URL>/script

import hudson.model.User
import hudson.model.UserProperty
import org.jenkinsci.main.modules.cli.auth.ssh.*

User rootUser = User.get("<CHEF_USER>");
UserPropertyImpl userRootProperty = rootUser.getProperty(UserPropertyImpl.class);

allUsers = User.getAll();
            allUsers.each { user ->
                UserPropertyImpl userProperty = user.getProperty(UserPropertyImpl.class);
                if (userProperty!=null && userProperty.authorizedKeys==userRootProperty.authorizedKeys) {
                    println "User $rootUser has the same SSH key than $user"
                }
            }
Was this article helpful?
0 out of 0 found this helpful

Have more questions?

0 Comments

Please sign in to leave a comment.