Skip to main content


Eclipse Community Forums

      Home
Home » Archived » Hudson » [Hudson] NT account locked when wrong password to login to Hudson
icon11.gif  [Hudson] NT account locked when wrong password to login to Hudson [message #1043068] Wed, 17 April 2013 04:25 Go to next message
Eclipse UserFriend
Hi

This is my first post on this forum. Razz

We are using Hudson as monitoring tool (check if all the services, DBs, .. are up)

Everything is working fine except that when we try to logon to the interface with a wrong password only once, the NT account gets locked on the AD side.

Let me explain :
The policy here in the company is to lock the account if a user tries to logon more than 9 times on the Domain Controller.

Apparently Hudson tries the credentials on each and every Domain Controller he finds at the first tentative.

As we have more than 9 DCs, the account gets locked.

I don't know if I am being super clear here but is there a way to ask Hudson to try only like 3 times the credentials ?

Thanks for your help.
Re: [Hudson] NT account locked when wrong password to login to Hudson [message #1043548 is a reply to message #1043068] Wed, 17 April 2013 17:16 Go to previous messageGo to next message
Eclipse UserFriend
Hi,

What Hudson version do you use?
If you are using Hudson 3, Active Directory Security Realm along with the latest version of Active Directory plugin (1.31-h1) you can specify which AD server you want to use. If you dont specify it, plugin will ask GlobalCatalog first to fetch available DomainControllers then ask them one by one. I do not know when this functionaly was introduced but when I was on Hudson 2 I had to rewrite AD plugin not to ask GC and all available AD servers but the server I want. Our IT department did not like the traffic Hudson generated asking GC over and over again.

Regards!
Re: [Hudson] NT account locked when wrong password to login to Hudson [message #1048218 is a reply to message #1043548] Wed, 24 April 2013 03:24 Go to previous message
Eclipse UserFriend
Thanks for your reply.

Actually we are still on an older version : Hudson ver. 1.393
And using Hudson Active Directory plugin v1.17

Indeed the documentation speaks about what you're saying:

Override Switches
Override domain controllers
This plugin follows the standard lookup procedure to determine the list of candidate Active Directory domain controllers, and this should be suffice for the normal circumstances. But if for some reasons it isn't, you can manually override and provide the list of domain controllers by setting the system property "hudson.plugins.active_directory.ActiveDirectorySecurityRealm.domainControllers" with the value of the format "host:port,host:port,...". The port should be normally 3269 (for global catalog over SSL), 636 (LDAP over SSL), 3268 (for global catalog), or 389 (LDAP.)

I'll look into this

Thanks for your help.
Previous Topic:Problem with CVS plugin
Next Topic:Deploy to artifactory - Not launched
Goto Forum:
  


Current Time: Tue Jul 22 17:45:27 EDT 2025

Powered by FUDForum. Page generated in 0.03017 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top

Sign up to our Newsletter

A fresh new issue delivered monthly