While trying to activate security on a Windows 2008 R2 hosted Jenkins Version 1.514 with the Active Directory plugin version 1.33 I get the following error while trying to logon:
INFO: Login attempt failed
org.acegisecurity.BadCredentialsException: Incorrect password for username DN=CN=username\, username,OU=Employees,OU=Users,OU=STUFF,OU=_AccountObjects,DC=domain,DC=domain,DC=com:
nested exception is com4j.ComException: 80072028
A more secure authentication method is required for this server.
The part I think is of interest is:
nested exception is com4j.ComException: 80072028
A more secure authentication method is required for this server.
I don't see any options for changing the authentication. I have tried setting the Domain name without any change in the error message.
Best Answer
I don't have any experience with Jenkins, but it sounds like it is attempting an unsigned/simple and that your Domain Controllers are configured to require signing on LDAP connections.
What is the value of
Domain Controller: LDAP server signing requirementsin agpresultunderComputer Configuration | Policies | Windows Settings | Security Settings | Local Policies | Security Options?See the following articles for more information:
Click here to see information about security settingsEDIT
I wonder if you can simply prefix
LDAPS://and/or append:636to the server/domain name you have configured Jenkins to authenticate against?See the following pages for (potentially) more info:
If it comes down to it, can you disable the signing requirement GPO setting for your domain? If this is not an option, you may look into devoting a DC to Jenkins authentication. That DC would be configured via group policy to allow simple binds. You'd then want to configure a GPO to prevent the DC from registering SRV records. See the second half of How to Build an AD Replication Delay (Lag) Site for details.