I've got a website that uses cfntauthenticate to authenticate users.
It's been working great, but after moving the website to a new server it's suddenly stopped working.
When trying to authenticate, this is the error message I get:
javax.servlet.jsp.JspException: coldfusion.security.BadUserNameException: The user name or group name <username> is invalid in domain <domain>.
The error message sort of makes it seem like there something wonky going on in the connection between the server and the domain controller, but I'm not sure.
Old and new server is in the same domain.
Can't find anything related to this in the logs.
It's even working when I develop locally on my laptop.
I've tried to do some googling, but haven't really been able to find anything.
Anyone here got any ideas on what the issue could be?
(Originally we were using cfldap, but after migrating to using cfldap with starttls, we were seeing intermittent login errors (e.g. your first login would fail, but the second would be successful))
Compare the scenario that works with the one that doesn't, ensuring that:
So I'm a bit lost 😕
Is it possible to log in manually on the problem server, using the same username and password?
Yeah I can RDP in to the server just fine, but the same credentials don't work with the cfntauthenticate tag (on the new server).
That suggests to me that there is something different between the two servers. Possibly a difference in either the Operating System or the ColdFusion version. So what is:
Sorry for taking a while to reply.
Regarding windows version, it's server 2019 vs 2022 (old/new).
Windows Server 2019 Standard
Major Minor Build Revision ----- ----- ----- -------- 10 0 17763 0
Windows Server 2022 Standard
Major Minor Build Revision ----- ----- ----- -------- 10 0 20348 0
It doesn't seem like cfNTauthenticate is deprecated?
I.e. cfNTauthenticate != cfauthenticate.
Oh, an oversight of mine. Please ignore. So, cfntauthenticate it is.
I have gone back, and have been experimenting with cfntauthenticate, but can't find any pointers yet.
What made me think of deprecation is the phrase
<username> is invalid in domain <domain>
I am assuming that "<username>" and "<domain>" actually occur in the error message. If so, then my guess is that ColdFusion might not even be connecting with Windows Server 2022. Hence the use of default (placeholder) names "domain" and "username". That would imply some kind of disconnection between ColdFusion and Windows Server 2022.
Ah, no, those are placeholders.
So the error is something like "thumbo is invalid in domain awesomedomain".
OK. We can then move on.