ElasticsearchSecurityException[user not found]

Search Guard
1

Hey,

I’ve initialized the elastic search cluster with searchguard index using sgadmin-

sudo sh /usr/share/elasticsearch/plugins/search-guard-5/tools/sgadmin.sh
-h servername -p 9300 -ts /etc/elasticsearch/truststore.jks
-tspass truststorepass -ks /etc/elasticsearch/esadmin-keystore.jks -kspass keystorepass -cd
/usr/share/elasticsearch/plugins/search-guard-5/sgconfig -cl cls-nam-elastic

however, when I try to access the cluster via head plugin using the user esadmin (that is defined in the esadmin-keystore.jks), I get this error in cluster log-

[2017-04-19T09:50:58,869][INFO ][c.f.s.a.BackendRegistry ] Cannot authenticate user (or add roles) with ad 4 due to ElasticsearchSecurityException[com.google.common.util.concurrent.UncheckedExecutinException: ElasticsearchSecurityException[esadmin not found]]; nested: UncheckedExecutionException[ElasticsearchSecurityException[esadmin not found]]; nested: ElasticsarchSecurityException[esadmin not found];, try next

I tried editing these files and add these settings-

  1. sg_internal_users.yml

esadmin:

hash: $2a$12$Jj0jfVbj3Gfz5TQnpMRe7uhwLlmJQKQWH6OFrWiCUMp2A2P5qhk7y

#password is: ***

roles:

  • captains

  • starfleet

  • vulcan

  • all_access

(tried also without the “roles” section cause in the file the “admin” user is without a roles section - didn’t help)

  1. sg_roles_mapping.yml

sg_all_access:

users:

  • admin

  • esadmin (added)

  • adm

But nothing helps :frowning: still get the error and the user can’t view anything…

What am I missing here?

Thanks,

Hila

2

Issue resolved, after reading the documentation in https://github.com/floragunncom/search-guard-docs/blob/master/sgadmin.md, I understood that changes done in sgconfig are going into effect not after elasticsearch service restart, but after running sgadmin again. after doing so, the user is recognizable by elastic.

בתאריך יום רביעי, 19 באפריל 2017 בשעה 15:07:40 UTC+3, מאת HilaF:

···

Hey,

I’ve initialized the elastic search cluster with searchguard index using sgadmin-

sudo sh /usr/share/elasticsearch/plugins/search-guard-5/tools/sgadmin.sh
-h servername -p 9300 -ts /etc/elasticsearch/truststore.jks
-tspass truststorepass -ks /etc/elasticsearch/esadmin-keystore.jks -kspass keystorepass -cd
/usr/share/elasticsearch/plugins/search-guard-5/sgconfig -cl cls-nam-elastic

however, when I try to access the cluster via head plugin using the user esadmin (that is defined in the esadmin-keystore.jks), I get this error in cluster log-

[2017-04-19T09:50:58,869][INFO ][c.f.s.a.BackendRegistry ] Cannot authenticate user (or add roles) with ad 4 due to ElasticsearchSecurityException[com.google.common.util.concurrent.UncheckedExecutinException: ElasticsearchSecurityException[esadmin not found]]; nested: UncheckedExecutionException[ElasticsearchSecurityException[esadmin not found]]; nested: ElasticsarchSecurityException[esadmin not found];, try next

I tried editing these files and add these settings-

  1. sg_internal_users.yml

esadmin:

hash: $2a$12$Jj0jfVbj3Gfz5TQnpMRe7uhwLlmJQKQWH6OFrWiCUMp2A2P5qhk7y

#password is: ***

roles:

  • captains
  • starfleet
  • vulcan
  • all_access

(tried also without the “roles” section cause in the file the “admin” user is without a roles section - didn’t help)

  1. sg_roles_mapping.yml

sg_all_access:

users:

  • admin
  • esadmin (added)
  • adm

But nothing helps :frowning: still get the error and the user can’t view anything…

What am I missing here?

Thanks,

Hila