https://www.redmine.org/https://www.redmine.org/favicon.ico?16793021292015-10-08T06:48:24ZRedmineRedmine - Defect #20699: ldap error - not permitted to logon at this workstationhttps://www.redmine.org/issues/20699?journal_id=665332015-10-08T06:48:24ZToshi MARUYAMA
<ul><li><strong>Description</strong> updated (<a title="View differences" href="/journals/66533/diff?detail_id=51376">diff</a>)</li></ul> Redmine - Defect #20699: ldap error - not permitted to logon at this workstationhttps://www.redmine.org/issues/20699?journal_id=812112017-09-21T02:40:34Zxuezhi li
<ul></ul><p>I had the same problem with you. Have you solved this problem without adding AD server to "userWorkstations" list of each domain user?</p> Redmine - Defect #20699: ldap error - not permitted to logon at this workstationhttps://www.redmine.org/issues/20699?journal_id=822082017-11-22T14:38:54ZAlexander Ryabinovskiy
<ul></ul><p>xuezhi li wrote:</p>
<blockquote>
<p>I had the same problem with you. Have you solved this problem without adding AD server to "userWorkstations" list of each domain user?</p>
</blockquote>
<p>No, currently I`m using solution with Apache + sspi mod :(<br /><a class="external" href="http://www.redmine.org/boards/2/topics/127?page=2">http://www.redmine.org/boards/2/topics/127?page=2</a></p> Redmine - Defect #20699: ldap error - not permitted to logon at this workstationhttps://www.redmine.org/issues/20699?journal_id=826242017-12-13T11:15:32ZAlexander Ryabinovskiy
<ul><li><strong>File</strong> <a href="/attachments/19721">redmine_auth_source_ldap_531fix.diff</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/19721/redmine_auth_source_ldap_531fix.diff">redmine_auth_source_ldap_531fix.diff</a> added</li></ul><p>I used this patch for auth_source_ldap to enable ldap authentification in my situation.<br />The idea is based on this description of "error 531" and confirmed with my tests:<br /><pre>
80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 531, v893
HEX: 0x531 - not permitted to logon from this workstation
DEC: 1329 - ERROR_INVALID_WORKSTATION (Logon failure: user not allowed to log on to this computer.)
LDAP[userWorkstations: <multivalued list of workstation names>]
NOTE: Returns only when presented with valid username and password/credential.
</pre><br />So, if this error was returned - username / password are ok, and I return "true" as a authenticate_dn result.<br />I understand that searching in error text is not very good solution, but I don`t have any other, and it works.</p>