Authentication finally failed exception.

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version 6.0.0

  • Installed and used enterprise modules, if any No

  • JVM version and operating system version

  • Search Guard configuration files

  • Elasticsearch log messages on debug level

  • Other installed Elasticsearch or Kibana plugins, if any

Hi,

I am integrating searchguard elasticsearch with LDAP but I am getting below exception please provide solution.

Authentication finally failed for username.

Below is my configuration snippet:

ldap:

enabled: false

order: 1

http_authenticator:

type: basic

challenge: true

authentication_backend:

LDAP authentication backend (authenticate users against a LDAP or Active Directory)

type: ldap # NOT FREE FOR COMMERCIAL USE

config:

enable true

enable_ssl: true

enable start tls, enable_ssl should be false

enable_start_tls: false

send client certificate

enable_ssl_client_auth: false

verify ldap hostname

verify_hostnames: true

hosts:

bind_dn: CN=s-WalletA,DC=ad,DC=crisil,DC=com

password: Pass@1234

userbase: OU=Technology,OU=Corporate Technology,OU=Corporate Group,OU=Mumbai Crisil House,DC=ad,DC=crisil,DC=com

Filter to search for users (currently in the whole subtree beneath userbase)

{0} is substituted with the username

usersearch: ‘(sAMAccountName={0})’

Use this attribute from the user as username (if not set then DN is used)

username_attribute: uid

#searchguard.ssl.transport.pemcert_filepath: /home/elastic/elasticsearch-6.0.0/config/kirk.pem

#searchguard.ssl.transport.pemkey_filepath: /home/elastic/elasticsearch-6.0.0/config/kirk-key.pem

#pemtrustedcas_filepath: /home/elastic/elasticsearch-6.0.0/config/root-ca.pem

Thanks,

Ajit

We need to see the elasticsearch logs:

  • Elasticsearch log messages on debug level

Can you please enable debug logging as described here:

http://docs.search-guard.com/latest/troubleshooting-tls

Then issue the failing request again and post the logs here. Thanks.

···

On Wednesday, February 14, 2018 at 1:42:11 PM UTC+1, Ajit Bhosale wrote:

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version 6.0.0
  • Installed and used enterprise modules, if any No
  • JVM version and operating system version
  • Search Guard configuration files
  • Elasticsearch log messages on debug level
  • Other installed Elasticsearch or Kibana plugins, if any

Hi,

I am integrating searchguard elasticsearch with LDAP but I am getting below exception please provide solution.

Authentication finally failed for username.

Below is my configuration snippet:

ldap:

enabled: false

order: 1

http_authenticator:

type: basic

challenge: true

authentication_backend:

LDAP authentication backend (authenticate users against a LDAP or Active Directory)

type: ldap # NOT FREE FOR COMMERCIAL USE

config:

enable true

enable_ssl: true

enable start tls, enable_ssl should be false

enable_start_tls: false

send client certificate

enable_ssl_client_auth: false

verify ldap hostname

verify_hostnames: true

hosts:

bind_dn: CN=s-WalletA,DC=ad,DC=crisil,DC=com

password: Pass@1234

userbase: OU=Technology,OU=Corporate Technology,OU=Corporate Group,OU=Mumbai Crisil House,DC=ad,DC=crisil,DC=com

Filter to search for users (currently in the whole subtree beneath userbase)

{0} is substituted with the username

usersearch: ‘(sAMAccountName={0})’

Use this attribute from the user as username (if not set then DN is used)

username_attribute: uid

#searchguard.ssl.transport.pemcert_filepath: /home/elastic/elasticsearch-6.0.0/config/kirk.pem

#searchguard.ssl.transport.pemkey_filepath: /home/elastic/elasticsearch-6.0.0/config/kirk-key.pem

#pemtrustedcas_filepath: /home/elastic/elasticsearch-6.0.0/config/root-ca.pem

Thanks,

Ajit