2

While trying to activate security on a Windows 2008 R2 hosted Jenkins Version 1.514 with the Active Directory plugin version 1.33 I get the following error while trying to logon:

INFO: Login attempt failed org.acegisecurity.BadCredentialsException: Incorrect password for username DN=CN=username\, username,OU=Employees,OU=Users,OU=STUFF,OU=_AccountObjects,DC=domain,DC=domain,DC=com: nested exception is com4j.ComException: 80072028 A more secure authentication method is required for this server.

The part I think is of interest is:

nested exception is com4j.ComException: 80072028 A more secure authentication method is required for this server.

I don't see any options for changing the authentication. I have tried setting the Domain name without any change in the error message.

Improve this question

1 Answer 1

Reset to default
2
+50

I don't have any experience with Jenkins, but it sounds like it is attempting an unsigned/simple and that your Domain Controllers are configured to require signing on LDAP connections.

What is the value of Domain Controller: LDAP server signing requirements in a gpresult under Computer Configuration | Policies | Windows Settings | Security Settings | Local Policies | Security Options?

See the following articles for more information:

EDIT

I wonder if you can simply prefix LDAPS:// and/or append :636 to the server/domain name you have configured Jenkins to authenticate against?

See the following pages for (potentially) more info:

If it comes down to it, can you disable the signing requirement GPO setting for your domain? If this is not an option, you may look into devoting a DC to Jenkins authentication. That DC would be configured via group policy to allow simple binds. You'd then want to configure a GPO to prevent the DC from registering SRV records. See the second half of How to Build an AD Replication Delay (Lag) Site for details.

Improve this answer
3
  • 1
    Yup. AD is requiring TLS to continue, and Jenkins is only providing a simple password auth to bind. Commented May 27, 2013 at 16:51
  • I also know nothing about Jenkins, but there is an addon specifically for LDAP you might try instead. wiki.jenkins-ci.org/display/JENKINS/LDAP+Plugin Commented May 28, 2013 at 18:23
  • These helped but in the end we found that you can authenticate jenkins via the teamforge plugin and that is the route we ended up going. Commented May 31, 2013 at 12:10

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.