internal users not working

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version

ES- 6.5.2 ,search guard version - search-guard-6

  • Installed and used enterprise modules, if any

No. disabled x-pack on the installation

  • JVM version and operating system version

java version “1.8.0_191” , Ubuntu - 16

  • Search Guard configuration files

sg_internal_users.yml

phanis:
hash: $2y$12$S508kJSlMWygf4FQU92WB.ZVr5NCYKWTrIy77MeCOAMkKkFO1lQoK
roles:
- skbrole

roles.yml

sg_roles.yml:
indices:
’:
'
’:
- READ

sg_roles_mapping.yml

sg_skbm:
backendroles:
- skbrole

  • Elasticsearch log messages on debug level

[2018-12-28T12:20:49,223][INFO ][o.e.p.PluginsService ] [tK858lY] loaded module [x-pack-logstash]
[2018-12-28T12:20:49,223][INFO ][o.e.p.PluginsService ] [tK858lY] loaded module [x-pack-ml]
[2018-12-28T12:20:49,223][INFO ][o.e.p.PluginsService ] [tK858lY] loaded module [x-pack-monitoring]
[2018-12-28T12:20:49,223][INFO ][o.e.p.PluginsService ] [tK858lY] loaded module [x-pack-rollup]
[2018-12-28T12:20:49,224][INFO ][o.e.p.PluginsService ] [tK858lY] loaded module [x-pack-security]
[2018-12-28T12:20:49,224][INFO ][o.e.p.PluginsService ] [tK858lY] loaded module [x-pack-sql]
[2018-12-28T12:20:49,224][INFO ][o.e.p.PluginsService ] [tK858lY] loaded module [x-pack-upgrade]
[2018-12-28T12:20:49,224][INFO ][o.e.p.PluginsService ] [tK858lY] loaded module [x-pack-watcher]
[2018-12-28T12:20:49,224][INFO ][o.e.p.PluginsService ] [tK858lY] loaded plugin [search-guard-6]
[2018-12-28T12:20:49,248][INFO ][c.f.s.SearchGuardPlugin ] [tK858lY] Disabled https compression by default to mitigate BREACH attacks. You can enable it by setting ‘http.compression: true’ in elasticsearch.yml
[2018-12-28T12:20:53,203][INFO ][o.e.x.m.j.p.l.CppLogMessageHandler] [tK858lY] [controller/22196] [Main.cc@109] controller (64 bit): Version 6.5.2 (Build 767566e25172d6) Copyright © 2018 Elasticsearch BV
[2018-12-28T12:20:53,422][INFO ][c.f.s.a.i.AuditLogImpl ] [tK858lY] Configured categories on rest layer to ignore: [AUTHENTICATED, GRANTED_PRIVILEGES]
[2018-12-28T12:20:53,423][INFO ][c.f.s.a.i.AuditLogImpl ] [tK858lY] Configured categories on transport layer to ignore: [AUTHENTICATED, GRANTED_PRIVILEGES]
[2018-12-28T12:20:53,423][INFO ][c.f.s.a.i.AuditLogImpl ] [tK858lY] Configured Users to ignore: [kibanaserver]
[2018-12-28T12:20:53,423][INFO ][c.f.s.a.i.AuditLogImpl ] [tK858lY] Configured Users to ignore for read compliance events: [kibanaserver]
[2018-12-28T12:20:53,423][INFO ][c.f.s.a.i.AuditLogImpl ] [tK858lY] Configured Users to ignore for write compliance events: [kibanaserver]
[2018-12-28T12:20:53,429][INFO ][c.f.s.a.i.AuditLogImpl ] [tK858lY] Message routing enabled: true
[2018-12-28T12:20:53,432][WARN ][c.f.s.c.ComplianceConfig ] [tK858lY] If you plan to use field masking pls configure searchguard.compliance.salt to be a random string of 16 chars length identical on all nodes
[2018-12-28T12:20:53,432][INFO ][c.f.s.c.ComplianceConfig ] [tK858lY] PII configuration [auditLogPattern=org.joda.time.format.DateTimeFormatter@508f4bb5, auditLogIndex=null]: {}
[2018-12-28T12:20:53,673][DEBUG][o.e.a.ActionModule ] [tK858lY] Using REST wrapper from plugin com.floragunn.searchguard.SearchGuardPlugin
[2018-12-28T12:20:53,937][INFO ][o.e.d.DiscoveryModule ] [tK858lY] using discovery type [zen] and host providers [settings]
[2018-12-28T12:20:54,789][INFO ][o.e.n.Node ] [tK858lY] initialized
[2018-12-28T12:20:54,790][INFO ][o.e.n.Node ] [tK858lY] starting …
[2018-12-28T12:20:54,899][INFO ][o.e.t.TransportService ] [tK858lY] publish_address {68.183.51.152:9300}, bound_addresses {68.183.51.152:9300}
[2018-12-28T12:20:54,967][INFO ][o.e.b.BootstrapChecks ] [tK858lY] bound or publishing to a non-loopback address, enforcing bootstrap checks
[2018-12-28T12:20:54,979][INFO ][c.f.s.c.IndexBaseConfigurationRepository] [tK858lY] Check if searchguard index exists …
[2018-12-28T12:20:54,985][DEBUG][o.e.a.a.i.e.i.TransportIndicesExistsAction] [tK858lY] no known master node, scheduling a retry
[2018-12-28T12:21:01,634][INFO ][c.f.s.c.IndexBaseConfigurationRepository] [tK858lY] Search Guard License Info: SearchGuardLicense [uid=00000000-0000-0000-0000-000000000000, type=TRIAL, features=[COMPLIANCE], issueDate=2018-12-18, expiryDate=2019-02-16, issuedTo=The world, issuer=floragunn GmbH, startDate=2018-12-18, majorVersion=6, clusterName=*, allowedNodeCount=2147483647, msgs=, expiresInDays=50, isExpired=false, valid=true, action=, prodUsage=Yes, one cluster with all commercial features and unlimited nodes per cluster., clusterService=org.elasticsearch.cluster.service.ClusterService@34e5839b, getMsgs()=, getExpiresInDays()=50, isExpired()=false, isValid()=true, getAction()=, getProdUsage()=Yes, one cluster with all commercial features and unlimited nodes per cluster.]
[2018-12-28T12:21:01,635][INFO ][c.f.s.c.IndexBaseConfigurationRepository] [tK858lY] Search Guard License Type: TRIAL, valid
[2018-12-28T12:21:01,635][INFO ][c.f.s.c.IndexBaseConfigurationRepository] [tK858lY] Node ‘tK858lY’ initialized

  • Other installed Elasticsearch or Kibana plugins, if any

disabled some plugins

xpack.security.enabled: false

console.enabled: true
timelion.enabled: false
elasticsearch.ssl.verificationMode: none

  • when creating new user with above configuration i have restarted ES as well but i am unable to login with new users please advice me.

Thanks

Phani

Can you post your sg_internal_users.yml and sg_roles_mapping.yml file (as attachments)?

···

Am 28.12.2018 um 13:27 schrieb Phani.Nadiminti@goktree.com:

When asking questions, please provide the following information:

* Search Guard and Elasticsearch version
   ES- 6.5.2 ,search guard version - search-guard-6
* Installed and used enterprise modules, if any
   No. disabled x-pack on the installation
* JVM version and operating system version
   java version "1.8.0_191" , Ubuntu - 16
* Search Guard configuration files
   sg_internal_users.yml
   phanis:
   hash: $2y$12$S508kJSlMWygf4FQU92WB.ZVr5NCYKWTrIy77MeCOAMkKkFO1lQoK
   roles:
    - skbrole

  roles.yml

  sg_roles.yml:
  indices:
    '<indexname>*':
      '*':
        - READ

sg_roles_mapping.yml

  sg_skbm:
  backendroles:
    - skbrole
  
* Elasticsearch log messages on debug level

[2018-12-28T12:20:49,223][INFO ][o.e.p.PluginsService ] [tK858lY] loaded module [x-pack-logstash]
[2018-12-28T12:20:49,223][INFO ][o.e.p.PluginsService ] [tK858lY] loaded module [x-pack-ml]
[2018-12-28T12:20:49,223][INFO ][o.e.p.PluginsService ] [tK858lY] loaded module [x-pack-monitoring]
[2018-12-28T12:20:49,223][INFO ][o.e.p.PluginsService ] [tK858lY] loaded module [x-pack-rollup]
[2018-12-28T12:20:49,224][INFO ][o.e.p.PluginsService ] [tK858lY] loaded module [x-pack-security]
[2018-12-28T12:20:49,224][INFO ][o.e.p.PluginsService ] [tK858lY] loaded module [x-pack-sql]
[2018-12-28T12:20:49,224][INFO ][o.e.p.PluginsService ] [tK858lY] loaded module [x-pack-upgrade]
[2018-12-28T12:20:49,224][INFO ][o.e.p.PluginsService ] [tK858lY] loaded module [x-pack-watcher]
[2018-12-28T12:20:49,224][INFO ][o.e.p.PluginsService ] [tK858lY] loaded plugin [search-guard-6]
[2018-12-28T12:20:49,248][INFO ][c.f.s.SearchGuardPlugin ] [tK858lY] Disabled https compression by default to mitigate BREACH attacks. You can enable it by setting 'http.compression: true' in elasticsearch.yml
[2018-12-28T12:20:53,203][INFO ][o.e.x.m.j.p.l.CppLogMessageHandler] [tK858lY] [controller/22196] [Main.cc@109] controller (64 bit): Version 6.5.2 (Build 767566e25172d6) Copyright (c) 2018 Elasticsearch BV
[2018-12-28T12:20:53,422][INFO ][c.f.s.a.i.AuditLogImpl ] [tK858lY] Configured categories on rest layer to ignore: [AUTHENTICATED, GRANTED_PRIVILEGES]
[2018-12-28T12:20:53,423][INFO ][c.f.s.a.i.AuditLogImpl ] [tK858lY] Configured categories on transport layer to ignore: [AUTHENTICATED, GRANTED_PRIVILEGES]
[2018-12-28T12:20:53,423][INFO ][c.f.s.a.i.AuditLogImpl ] [tK858lY] Configured Users to ignore: [kibanaserver]
[2018-12-28T12:20:53,423][INFO ][c.f.s.a.i.AuditLogImpl ] [tK858lY] Configured Users to ignore for read compliance events: [kibanaserver]
[2018-12-28T12:20:53,423][INFO ][c.f.s.a.i.AuditLogImpl ] [tK858lY] Configured Users to ignore for write compliance events: [kibanaserver]
[2018-12-28T12:20:53,429][INFO ][c.f.s.a.i.AuditLogImpl ] [tK858lY] Message routing enabled: true
[2018-12-28T12:20:53,432][WARN ][c.f.s.c.ComplianceConfig ] [tK858lY] If you plan to use field masking pls configure searchguard.compliance.salt to be a random string of 16 chars length identical on all nodes
[2018-12-28T12:20:53,432][INFO ][c.f.s.c.ComplianceConfig ] [tK858lY] PII configuration [auditLogPattern=org.joda.time.format.DateTimeFormatter@508f4bb5, auditLogIndex=null]: {}
[2018-12-28T12:20:53,673][DEBUG][o.e.a.ActionModule ] [tK858lY] Using REST wrapper from plugin com.floragunn.searchguard.SearchGuardPlugin
[2018-12-28T12:20:53,937][INFO ][o.e.d.DiscoveryModule ] [tK858lY] using discovery type [zen] and host providers [settings]
[2018-12-28T12:20:54,789][INFO ][o.e.n.Node ] [tK858lY] initialized
[2018-12-28T12:20:54,790][INFO ][o.e.n.Node ] [tK858lY] starting ...
[2018-12-28T12:20:54,899][INFO ][o.e.t.TransportService ] [tK858lY] publish_address {68.183.51.152:9300}, bound_addresses {68.183.51.152:9300}
[2018-12-28T12:20:54,967][INFO ][o.e.b.BootstrapChecks ] [tK858lY] bound or publishing to a non-loopback address, enforcing bootstrap checks
[2018-12-28T12:20:54,979][INFO ][c.f.s.c.IndexBaseConfigurationRepository] [tK858lY] Check if searchguard index exists ...
[2018-12-28T12:20:54,985][DEBUG][o.e.a.a.i.e.i.TransportIndicesExistsAction] [tK858lY] no known master node, scheduling a retry
[2018-12-28T12:21:01,634][INFO ][c.f.s.c.IndexBaseConfigurationRepository] [tK858lY] Search Guard License Info: SearchGuardLicense [uid=00000000-0000-0000-0000-000000000000, type=TRIAL, features=[COMPLIANCE], issueDate=2018-12-18, expiryDate=2019-02-16, issuedTo=The world, issuer=floragunn GmbH, startDate=2018-12-18, majorVersion=6, clusterName=*, allowedNodeCount=2147483647, msgs=, expiresInDays=50, isExpired=false, valid=true, action=, prodUsage=Yes, one cluster with all commercial features and unlimited nodes per cluster., clusterService=org.elasticsearch.cluster.service.ClusterService@34e5839b, getMsgs()=, getExpiresInDays()=50, isExpired()=false, isValid()=true, getAction()=, getProdUsage()=Yes, one cluster with all commercial features and unlimited nodes per cluster.]
[2018-12-28T12:21:01,635][INFO ][c.f.s.c.IndexBaseConfigurationRepository] [tK858lY] Search Guard License Type: TRIAL, valid
[2018-12-28T12:21:01,635][INFO ][c.f.s.c.IndexBaseConfigurationRepository] [tK858lY] Node 'tK858lY' initialized
   
* Other installed Elasticsearch or Kibana plugins, if any
disabled some plugins

xpack.security.enabled: false

console.enabled: true
timelion.enabled: false
elasticsearch.ssl.verificationMode: none

* when creating new user with above configuration i have restarted ES as well but i am unable to login with new users please advice me.

Thanks
Phani

--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/2960169e-b8e3-491e-9264-885901590da3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Hello,

Thankyou for the response. I made a mistake defining correct permissions to. Kibana index when assigning role permissions now it is working as expected.

Phani

···

On Tue, 1 Jan 2019, 7:59 pm SG <info@search-guard.com wrote:

Can you post your sg_internal_users.yml and sg_roles_mapping.yml file (as attachments)?

Am 28.12.2018 um 13:27 schrieb Phani.Nadiminti@goktree.com:

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version

ES- 6.5.2 ,search guard version - search-guard-6

  • Installed and used enterprise modules, if any

No. disabled x-pack on the installation

  • JVM version and operating system version

java version “1.8.0_191” , Ubuntu - 16

  • Search Guard configuration files

sg_internal_users.yml

phanis:

hash: $2y$12$S508kJSlMWygf4FQU92WB.ZVr5NCYKWTrIy77MeCOAMkKkFO1lQoK

roles:

- skbrole

roles.yml

sg_roles.yml:

indices:

'<indexname>*':
  '*':
    - READ

sg_roles_mapping.yml

sg_skbm:

backendroles:

- skbrole
  • Elasticsearch log messages on debug level

[2018-12-28T12:20:49,223][INFO ][o.e.p.PluginsService ] [tK858lY] loaded module [x-pack-logstash]

[2018-12-28T12:20:49,223][INFO ][o.e.p.PluginsService ] [tK858lY] loaded module [x-pack-ml]

[2018-12-28T12:20:49,223][INFO ][o.e.p.PluginsService ] [tK858lY] loaded module [x-pack-monitoring]

[2018-12-28T12:20:49,223][INFO ][o.e.p.PluginsService ] [tK858lY] loaded module [x-pack-rollup]

[2018-12-28T12:20:49,224][INFO ][o.e.p.PluginsService ] [tK858lY] loaded module [x-pack-security]

[2018-12-28T12:20:49,224][INFO ][o.e.p.PluginsService ] [tK858lY] loaded module [x-pack-sql]

[2018-12-28T12:20:49,224][INFO ][o.e.p.PluginsService ] [tK858lY] loaded module [x-pack-upgrade]

[2018-12-28T12:20:49,224][INFO ][o.e.p.PluginsService ] [tK858lY] loaded module [x-pack-watcher]

[2018-12-28T12:20:49,224][INFO ][o.e.p.PluginsService ] [tK858lY] loaded plugin [search-guard-6]

[2018-12-28T12:20:49,248][INFO ][c.f.s.SearchGuardPlugin ] [tK858lY] Disabled https compression by default to mitigate BREACH attacks. You can enable it by setting ‘http.compression: true’ in elasticsearch.yml

[2018-12-28T12:20:53,203][INFO ][o.e.x.m.j.p.l.CppLogMessageHandler] [tK858lY] [controller/22196] [Main.cc@109] controller (64 bit): Version 6.5.2 (Build 767566e25172d6) Copyright © 2018 Elasticsearch BV

[2018-12-28T12:20:53,422][INFO ][c.f.s.a.i.AuditLogImpl ] [tK858lY] Configured categories on rest layer to ignore: [AUTHENTICATED, GRANTED_PRIVILEGES]

[2018-12-28T12:20:53,423][INFO ][c.f.s.a.i.AuditLogImpl ] [tK858lY] Configured categories on transport layer to ignore: [AUTHENTICATED, GRANTED_PRIVILEGES]

[2018-12-28T12:20:53,423][INFO ][c.f.s.a.i.AuditLogImpl ] [tK858lY] Configured Users to ignore: [kibanaserver]

[2018-12-28T12:20:53,423][INFO ][c.f.s.a.i.AuditLogImpl ] [tK858lY] Configured Users to ignore for read compliance events: [kibanaserver]

[2018-12-28T12:20:53,423][INFO ][c.f.s.a.i.AuditLogImpl ] [tK858lY] Configured Users to ignore for write compliance events: [kibanaserver]

[2018-12-28T12:20:53,429][INFO ][c.f.s.a.i.AuditLogImpl ] [tK858lY] Message routing enabled: true

[2018-12-28T12:20:53,432][WARN ][c.f.s.c.ComplianceConfig ] [tK858lY] If you plan to use field masking pls configure searchguard.compliance.salt to be a random string of 16 chars length identical on all nodes

[2018-12-28T12:20:53,432][INFO ][c.f.s.c.ComplianceConfig ] [tK858lY] PII configuration [auditLogPattern=org.joda.time.format.DateTimeFormatter@508f4bb5, auditLogIndex=null]: {}

[2018-12-28T12:20:53,673][DEBUG][o.e.a.ActionModule ] [tK858lY] Using REST wrapper from plugin com.floragunn.searchguard.SearchGuardPlugin

[2018-12-28T12:20:53,937][INFO ][o.e.d.DiscoveryModule ] [tK858lY] using discovery type [zen] and host providers [settings]

[2018-12-28T12:20:54,789][INFO ][o.e.n.Node ] [tK858lY] initialized

[2018-12-28T12:20:54,790][INFO ][o.e.n.Node ] [tK858lY] starting …

[2018-12-28T12:20:54,899][INFO ][o.e.t.TransportService ] [tK858lY] publish_address {68.183.51.152:9300}, bound_addresses {68.183.51.152:9300}

[2018-12-28T12:20:54,967][INFO ][o.e.b.BootstrapChecks ] [tK858lY] bound or publishing to a non-loopback address, enforcing bootstrap checks

[2018-12-28T12:20:54,979][INFO ][c.f.s.c.IndexBaseConfigurationRepository] [tK858lY] Check if searchguard index exists …

[2018-12-28T12:20:54,985][DEBUG][o.e.a.a.i.e.i.TransportIndicesExistsAction] [tK858lY] no known master node, scheduling a retry

[2018-12-28T12:21:01,634][INFO ][c.f.s.c.IndexBaseConfigurationRepository] [tK858lY] Search Guard License Info: SearchGuardLicense [uid=00000000-0000-0000-0000-000000000000, type=TRIAL, features=[COMPLIANCE], issueDate=2018-12-18, expiryDate=2019-02-16, issuedTo=The world, issuer=floragunn GmbH, startDate=2018-12-18, majorVersion=6, clusterName=*, allowedNodeCount=2147483647, msgs=, expiresInDays=50, isExpired=false, valid=true, action=, prodUsage=Yes, one cluster with all commercial features and unlimited nodes per cluster., clusterService=org.elasticsearch.cluster.service.ClusterService@34e5839b, getMsgs()=, getExpiresInDays()=50, isExpired()=false, isValid()=true, getAction()=, getProdUsage()=Yes, one cluster with all commercial features and unlimited nodes per cluster.]

[2018-12-28T12:21:01,635][INFO ][c.f.s.c.IndexBaseConfigurationRepository] [tK858lY] Search Guard License Type: TRIAL, valid

[2018-12-28T12:21:01,635][INFO ][c.f.s.c.IndexBaseConfigurationRepository] [tK858lY] Node ‘tK858lY’ initialized

  • Other installed Elasticsearch or Kibana plugins, if any

disabled some plugins

xpack.security.enabled: false

console.enabled: true

timelion.enabled: false

elasticsearch.ssl.verificationMode: none

  • when creating new user with above configuration i have restarted ES as well but i am unable to login with new users please advice me.

Thanks

Phani

You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/2960169e-b8e3-491e-9264-885901590da3%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/9BBB7F4F-2ED8-472E-82FD-6B19415DF6EE%40search-guard.com.

For more options, visit https://groups.google.com/d/optout.