I've been trying to solve an issue with Git repo that is hosted on an on-prem TFS2017, cannot do a "git clone" command from a linux machine which is not in the domain, keep getting
"fatal: Authentication failed for".
The user i am using is a local user on the Linux machine (same name as domain user, same password)
the user is granted user in the Git repo
While working same drill from a domain joined Windows machine, everything works fine (i use Git Bash).
Ive created ssh key on the Linux and updated it in the TFS user profile as public, didnt help.
Here is a TFS activity log:
In the picture we can see the TOP request has no Authentication, no identity and Application (when trying to access from Linux), yet on the bottom, same access from Git Bash (Win machine), Authentication type is "Negotiate", there is Identity name and the Application.
TY guys.
Ive managed to overcome the issue, one of the steps was to configure the SSH authentication..1. On the Linux Machine, ive added the TFS server to HOSTS file and installed Git client. Then ive followed this guide guide for ContOS >> AD authentication, i followed up to step 4.2. On the Linux machine generate Public Key using "ssh-keygen", and use this key as 3. On the TFS web page, at the user icon, we have security tab, went to SSH public keys and added the generated key from Linux (must be from public key, not private). 4. Eventually from the Linux i type in the full repo address, for example git clone ssh://tfs.domain.com:22/Defaultcollection/_projectname/git It will prompt you to authorize the RSA connection, and that's it.
Hope that helps.
First, please double confirm you have followed this tutorial-- Use SSH key authentication to connect to your Git repos. Avoid adding whitespace or new lines into the Key Data field-they can cause VSTS to use an invalid public key.
Besides, you could also try to configure Basic Authentication on your TFS Application Tier server or use Git Credential Managers to authenticate from Linux. This will narrow down if the issue is related your ssh authentication type or environment on your Linux machine.
Try to disable the firewall on the Linux build agent during the git clone command test.
Related
I have an Azure Virtual Machine connected with Azure Active Directory. A user from this AD is added to this machine as an admin. Other people can successfully RDP to the machine with this user's credential, but I get error saying "The user account used to connect to remote PC did not work. Try again". Well, I am trying the whole day. Does anyone know what can cause this?
The fun fact is, I can RDP to the machine using the local admin, but again it fails with AD user.
I tried connecting with Microsoft Remote Desktop for Mac, mstsc for Windows and with Remote Desktop Connection Manager. The same result everywhere.
I tried different usernames format:
alex.sikilinda#mydomain.com - other people can successfully login using this format
AzureAD\alex.sikilinda#mydomain.com - for windows client getting the same error, for Microsoft Remote Desktop for Mac getting "Your session ended because of an error. If this keeps happening, contact your network administrator for assistance. Error code: 0x807"
AzureAD\AlexSikilinda mstsc error - "Remote machine is AAD joined. If you are signing in to your work account, try using work email instead", Mac - "Your session ended because of an error. If this keeps happening, contact your network administrator for assistance. Error code: 0x807"
Microsoft Remote Desktop for Mac version 10.2.3 (1343)
Windows 10 version 16299 (also tried with 1803 on another machine, the same result).
I also came across the same error for the win10 that is AAD join, and I tried the following way to solve this:
Change VM Remote desktop settings same as the picture
Create a new RDP config file
Open mstsc.exe, click on Show Options and then click Save As(give it a new name such as AzureAD_RDP, save it somewhere easy to find).
Open the saved file using Notepad. Verify that the following two lines are present, if not, add them, and save.
enablecredsspsupport:i:0
authentication level:i:2
RDP to the target VM
Open the RDP config file that you just edited, enter the IP address of the VM, do not enter any username, and then connect.
Here you could use AzureAD\UPN or username to log in.
I haven't tried disabling the NLA (and wouldn't recommend), however in my case was the legacy MFA getting in the way of getting into the VM, even if only enabled for the account, and not forced.
In my case, we're using the Conditional Access with MFA, but we have to exclude the VM from the cloud apps (Azure Windows VM Sign-In), because we're not using Windows Hello (thanks Microsoft for a half baked solution!).
See Login to Windows virtual machine in Azure using Azure Active Directory authentication for more details.
I have deployed a LAMP stack to a virtual machine in Azure, by following this tutorial:
https://learn.microsoft.com/en-us/azure/virtual-machines/linux/tutorial-lamp-stack
It's all up and running. However, I can't figure out how to manage the files on the server, and/or copy/upload files to the server.
I can ssh into the VM using the Azure Cloud shell, but I don't seem to have access to my local files if I do it that way. So I installed the Azure CLI on my local machine but when I try to open an ssh session to the server I get 'permission denied (publickey)'.
I've looked into secure copy - scp - and have tried connecting to the server with Putty and WinSCP, but the error that I get is 'No supported authentication methods available (server sent: publickey)'
I'm new to Apache and just can't figure out how to list the files on the server or manage them at all...
When you use the secure copy "scp", there is one point you should pay attention to. If you create the Azure VM with setting the user as azureuser, and then you just can use the command scp /path/file azureuser#domainName:/home/azureuser/filename to copy the file. Because you just have the permission of the user "azureuser" so that you just can copy the file from outside to the vm directory /home/azureuser no matter you use a password or the ssh public key.
Update
If you create the Azure VM with ssh public key, you need to store the key in where you want to connect the VM. For example, you want to connect to the VM in local Windows 10. The key should be stored in the directory "C:\Users\charlesx\.ssh". So that you can connect to the VM, also with scp command.
I solved this by using puTTY and WinSCP. Whereas before I had been using the Azure Cloudshell commands to create the VM and generate the ssh keys - so I could connect to the VM using Cloudshell but since I didn't know where the auto-generated keys were stored, I couldn't connect on my local machine.
My solution was to create the VM through the Azure portal UI interface. I used puTTYgen to generate ssh key pairs on my local machine, then I input the public key into the Azure UI when creating the VM. Once the VM was provisioned in Azure, I could connect to it using puTTY and install LAMP and any other command-line stuff that way.
I also used WinSCP to copy the files to where I wanted - I could have done it command-line with scp, but I'm a visual person and it was useful to be able to see the directory structure that had been created. So a combination of the two worked well for me.
I'm new to Azure; I wanted to take advantage of being able to run PrestaShop (e-commerce software) and Azure marketplace has single VM plan. I followed this video and got it up and running. Trouble is to login to the site's Admin interface you need to know the secret folder that is randomly created by the installer. I have tried the Azure Storage Explorer , but nothing useful is displayed. I also tried to login using putty and SSH, but keep getting access denied. I suspect I need to configure an endpoint for port 22, as described here in order to get ftp working, but apparently this is not possible with a free subscription (?).
Any help as to how I can find that folder name would be appreciated.
With Azure Free Trial Subscription, I can successfully login into the PrestaShop Azure Linux VM without any issue.
Note: No need to configure an endpoint for port 22.
To connect to your Linux virtual machine using SSH, use the following command: ssh username#IPAddress and password.
If you are facing an issue with your login, you can reset the password.
I am trying to deploy a website to the same machine it was built on. It builds everything correctly and then gets stuck at this line. Deployment started for machine: 192.168.1.201 with port 5985. I get the error message that I cannot connect to the remote machine. I am very confused on how to get this last step setup.
Image of setup for WinRm deploy - enter image description here
It seems you are using IIS Web App Deployment Using WinRM extension on TFS 2017. From your screenshot, you may need to check the items below and correct them to have another try.
In Machines parameter, try to specify comma separated list of machine FQDNs/IP addresses along with port.
In Admin Login and Password parameters, you need to specify a domain or Local administrator and corresponding password of the target host.
In Web Deploy Package parameter, you need to specify the location of the web deploy zip package file on the target machine or on a UNC path that is accessible to the administrator credentials of the machine.
Detailed documentation for this task you can refer to this website: https://github.com/Microsoft/vsts-rm-extensions/blob/master/Extensions/IISWebAppDeploy/Src/Tasks/IISWebAppDeploy/README_IISAppDeploy.md
Objective:
Setup Git repository on Oracle Linux 6. Users connecting from Windows, Mac and Linux, using AD credentials. I would like to limit access base on AD groups. I have been searching for a way to set this up. I have seen several options that allow for fine grained access control of the repository but I haven't found anything that can use AD groups to manage access.
So the question is: Is this even possible? Can someone point me in the direction of documentation that would explain the process?
Update:
There now appear to be more options:
GitLab supports LDAP authentication
Gogs supports LDAP too
Update:
GitBlit, "an open-source, pure Java stack for managing, viewing, and serving Git repositories", supports LDAP authentication out of the box:
LDAP can be used to authenticate Users and optionally control Team memberships. When properly configured, Gitblit will delegate authentication to your LDAP server and will cache some user information in the usual users.conf file.
GitBlit also lists support for Windows authentication, but only when installed on Windows, and only tested against local accounts.
Previous answer:
If you move your Git server to Bonobo Git Server on Windows you can use Windows authentication:
Windows Authentication
This authentication is very useful when your git server sits inside the company network and your accounts and logging information could be managed via IIS. The advantage of this approach is that your users won’t have to create another account for logging to Bonobo Git Server. They will use the existing Windows account they use on the network.
Doing this from Linux is possible, but unlikely to be easy. You'll probably have to set PAM up to use either LDAP or Kerberos authentication and then do quite a lot of configuration. If you've got Windows licences I strongly recommend checking out Bonobo.