SSH Auth Breaks with No Password error from ActiveDirectoryUnixAuthenticationProvider

Article ID:215856078
1 minute readKnowledge base

Issue

  • The following stacktrace appears when trying to be authenticated against Jenkins using the jenkins-cli.

Aug 07, 2015 5:01:36 PM hudson.TcpSlaveAgentListener$ConnectionHandler run
INFO: Accepted connection #9 from /127.0.0.1:48680
Exception in thread "Thread-1234" org.acegisecurity.userdetails.UsernameNotFoundException: Authentication was successful but cannot locate the user information for
  at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:295)
  at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:219)
  at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:163)
  at hudson.plugins.active_directory.AbstractActiveDirectoryAuthenticationProvider.loadUserByUsername(AbstractActiveDirectoryAuthenticationProvider.java:53)
  at jenkins.security.ImpersonatingUserDetailsService.loadUserByUsername(ImpersonatingUserDetailsService.java:32)
  at hudson.model.User.impersonate(User.java:309)
  at org.jenkinsci.main.modules.cli.auth.ssh.SshCliAuthenticator.authenticate(SshCliAuthenticator.java:44)
  at hudson.cli.CliManagerImpl$2.run(CliManagerImpl.java:109)

Environment

  • CloudBees Jenkins Enterprise

  • Active Directory Plugin

Resolution

At least one of the reasons why this issue might happen is because somehow there is a defined user internally on with a/several space/s as name. Something like:

https://<JENKINS_URL>/user/%20/configure

This user might have the same SSH Key than the Chef user you are using. I am able to reproduce the issue you are facing when this happens.

You can check if there are several users with the same SSH Key with the Groovy script below that you can execute in https://<JENKINS_URL>/script

import hudson.model.User
import hudson.model.UserProperty
import org.jenkinsci.main.modules.cli.auth.ssh.*

User rootUser = User.get("<CHEF_USER>");
UserPropertyImpl userRootProperty = rootUser.getProperty(UserPropertyImpl.class);

allUsers = User.getAll();
            allUsers.each { user ->
                UserPropertyImpl userProperty = user.getProperty(UserPropertyImpl.class);
                if (userProperty!=null && userProperty.authorizedKeys==userRootProperty.authorizedKeys) {
                    println "User $rootUser has the same SSH key than $user"
                }
            }