internal users not working

phani.nadiminti · December 28, 2018, 12:27pm

When asking questions, please provide the following information:

Search Guard and Elasticsearch version

ES- 6.5.2 ,search guard version - search-guard-6

Installed and used enterprise modules, if any

No. disabled x-pack on the installation

JVM version and operating system version

java version “1.8.0_191” , Ubuntu - 16

Search Guard configuration files

sg_internal_users.yml

phanis:
hash: $2y$12$S508kJSlMWygf4FQU92WB.ZVr5NCYKWTrIy77MeCOAMkKkFO1lQoK
roles:
- skbrole

roles.yml

sg_roles.yml:
indices:
‘':
'’:
- READ

sg_roles_mapping.yml

sg_skbm:
backendroles:
- skbrole

Elasticsearch log messages on debug level

[2018-12-28T12:20:49,223][INFO ][o.e.p.PluginsService ] [tK858lY] loaded module [x-pack-logstash]
[2018-12-28T12:20:49,223][INFO ][o.e.p.PluginsService ] [tK858lY] loaded module [x-pack-ml]
[2018-12-28T12:20:49,223][INFO ][o.e.p.PluginsService ] [tK858lY] loaded module [x-pack-monitoring]
[2018-12-28T12:20:49,223][INFO ][o.e.p.PluginsService ] [tK858lY] loaded module [x-pack-rollup]
[2018-12-28T12:20:49,224][INFO ][o.e.p.PluginsService ] [tK858lY] loaded module [x-pack-security]
[2018-12-28T12:20:49,224][INFO ][o.e.p.PluginsService ] [tK858lY] loaded module [x-pack-sql]
[2018-12-28T12:20:49,224][INFO ][o.e.p.PluginsService ] [tK858lY] loaded module [x-pack-upgrade]
[2018-12-28T12:20:49,224][INFO ][o.e.p.PluginsService ] [tK858lY] loaded module [x-pack-watcher]
[2018-12-28T12:20:49,224][INFO ][o.e.p.PluginsService ] [tK858lY] loaded plugin [search-guard-6]
[2018-12-28T12:20:49,248][INFO ][c.f.s.SearchGuardPlugin ] [tK858lY] Disabled https compression by default to mitigate BREACH attacks. You can enable it by setting ‘http.compression: true’ in elasticsearch.yml
[2018-12-28T12:20:53,203][INFO ][o.e.x.m.j.p.l.CppLogMessageHandler] [tK858lY] [controller/22196] [Main.cc@109] controller (64 bit): Version 6.5.2 (Build 767566e25172d6) Copyright (c) 2018 Elasticsearch BV
[2018-12-28T12:20:53,422][INFO ][c.f.s.a.i.AuditLogImpl ] [tK858lY] Configured categories on rest layer to ignore: [AUTHENTICATED, GRANTED_PRIVILEGES]
[2018-12-28T12:20:53,423][INFO ][c.f.s.a.i.AuditLogImpl ] [tK858lY] Configured categories on transport layer to ignore: [AUTHENTICATED, GRANTED_PRIVILEGES]
[2018-12-28T12:20:53,423][INFO ][c.f.s.a.i.AuditLogImpl ] [tK858lY] Configured Users to ignore: [kibanaserver]
[2018-12-28T12:20:53,423][INFO ][c.f.s.a.i.AuditLogImpl ] [tK858lY] Configured Users to ignore for read compliance events: [kibanaserver]
[2018-12-28T12:20:53,423][INFO ][c.f.s.a.i.AuditLogImpl ] [tK858lY] Configured Users to ignore for write compliance events: [kibanaserver]
[2018-12-28T12:20:53,429][INFO ][c.f.s.a.i.AuditLogImpl ] [tK858lY] Message routing enabled: true
[2018-12-28T12:20:53,432][WARN ][c.f.s.c.ComplianceConfig ] [tK858lY] If you plan to use field masking pls configure searchguard.compliance.salt to be a random string of 16 chars length identical on all nodes
[2018-12-28T12:20:53,432][INFO ][c.f.s.c.ComplianceConfig ] [tK858lY] PII configuration [auditLogPattern=org.joda.time.format.DateTimeFormatter@508f4bb5, auditLogIndex=null]: {}
[2018-12-28T12:20:53,673][DEBUG][o.e.a.ActionModule ] [tK858lY] Using REST wrapper from plugin com.floragunn.searchguard.SearchGuardPlugin
[2018-12-28T12:20:53,937][INFO ][o.e.d.DiscoveryModule ] [tK858lY] using discovery type [zen] and host providers [settings]
[2018-12-28T12:20:54,789][INFO ][o.e.n.Node ] [tK858lY] initialized
[2018-12-28T12:20:54,790][INFO ][o.e.n.Node ] [tK858lY] starting …
[2018-12-28T12:20:54,899][INFO ][o.e.t.TransportService ] [tK858lY] publish_address {68.183.51.152:9300}, bound_addresses {68.183.51.152:9300}
[2018-12-28T12:20:54,967][INFO ][o.e.b.BootstrapChecks ] [tK858lY] bound or publishing to a non-loopback address, enforcing bootstrap checks
[2018-12-28T12:20:54,979][INFO ][c.f.s.c.IndexBaseConfigurationRepository] [tK858lY] Check if searchguard index exists …
[2018-12-28T12:20:54,985][DEBUG][o.e.a.a.i.e.i.TransportIndicesExistsAction] [tK858lY] no known master node, scheduling a retry
[2018-12-28T12:21:01,634][INFO ][c.f.s.c.IndexBaseConfigurationRepository] [tK858lY] Search Guard License Info: SearchGuardLicense [uid=00000000-0000-0000-0000-000000000000, type=TRIAL, features=[COMPLIANCE], issueDate=2018-12-18, expiryDate=2019-02-16, issuedTo=The world, issuer=floragunn GmbH, startDate=2018-12-18, majorVersion=6, clusterName=*, allowedNodeCount=2147483647, msgs=, expiresInDays=50, isExpired=false, valid=true, action=, prodUsage=Yes, one cluster with all commercial features and unlimited nodes per cluster., clusterService=org.elasticsearch.cluster.service.ClusterService@34e5839b, getMsgs()=, getExpiresInDays()=50, isExpired()=false, isValid()=true, getAction()=, getProdUsage()=Yes, one cluster with all commercial features and unlimited nodes per cluster.]
[2018-12-28T12:21:01,635][INFO ][c.f.s.c.IndexBaseConfigurationRepository] [tK858lY] Search Guard License Type: TRIAL, valid
[2018-12-28T12:21:01,635][INFO ][c.f.s.c.IndexBaseConfigurationRepository] [tK858lY] Node ‘tK858lY’ initialized

Other installed Elasticsearch or Kibana plugins, if any

disabled some plugins

xpack.security.enabled: false

console.enabled: true
timelion.enabled: false
elasticsearch.ssl.verificationMode: none

when creating new user with above configuration i have restarted ES as well but i am unable to login with new users please advice me.

Thanks

Phani

searchguard_google_group · January 1, 2019, 2:29pm

Can you post your sg_internal_users.yml and sg_roles_mapping.yml file (as attachments)?

···

Am 28.12.2018 um 13:27 schrieb Phani.Nadiminti@goktree.com:

When asking questions, please provide the following information:

* Search Guard and Elasticsearch version
   ES- 6.5.2 ,search guard version - search-guard-6
* Installed and used enterprise modules, if any
   No. disabled x-pack on the installation
* JVM version and operating system version
   java version "1.8.0_191" , Ubuntu - 16
* Search Guard configuration files
   sg_internal_users.yml
   phanis:
   hash: $2y$12$S508kJSlMWygf4FQU92WB.ZVr5NCYKWTrIy77MeCOAMkKkFO1lQoK
   roles:
    - skbrole

  roles.yml

  sg_roles.yml:
  indices:
    '<indexname>*':
      '*':
        - READ

sg_roles_mapping.yml

  sg_skbm:
  backendroles:
    - skbrole

* Elasticsearch log messages on debug level

[2018-12-28T12:20:49,223][INFO ][o.e.p.PluginsService ] [tK858lY] loaded module [x-pack-logstash]
[2018-12-28T12:20:49,223][INFO ][o.e.p.PluginsService ] [tK858lY] loaded module [x-pack-ml]
[2018-12-28T12:20:49,223][INFO ][o.e.p.PluginsService ] [tK858lY] loaded module [x-pack-monitoring]
[2018-12-28T12:20:49,223][INFO ][o.e.p.PluginsService ] [tK858lY] loaded module [x-pack-rollup]
[2018-12-28T12:20:49,224][INFO ][o.e.p.PluginsService ] [tK858lY] loaded module [x-pack-security]
[2018-12-28T12:20:49,224][INFO ][o.e.p.PluginsService ] [tK858lY] loaded module [x-pack-sql]
[2018-12-28T12:20:49,224][INFO ][o.e.p.PluginsService ] [tK858lY] loaded module [x-pack-upgrade]
[2018-12-28T12:20:49,224][INFO ][o.e.p.PluginsService ] [tK858lY] loaded module [x-pack-watcher]
[2018-12-28T12:20:49,224][INFO ][o.e.p.PluginsService ] [tK858lY] loaded plugin [search-guard-6]
[2018-12-28T12:20:49,248][INFO ][c.f.s.SearchGuardPlugin ] [tK858lY] Disabled https compression by default to mitigate BREACH attacks. You can enable it by setting 'http.compression: true' in elasticsearch.yml
[2018-12-28T12:20:53,203][INFO ][o.e.x.m.j.p.l.CppLogMessageHandler] [tK858lY] [controller/22196] [Main.cc@109] controller (64 bit): Version 6.5.2 (Build 767566e25172d6) Copyright (c) 2018 Elasticsearch BV
[2018-12-28T12:20:53,422][INFO ][c.f.s.a.i.AuditLogImpl ] [tK858lY] Configured categories on rest layer to ignore: [AUTHENTICATED, GRANTED_PRIVILEGES]
[2018-12-28T12:20:53,423][INFO ][c.f.s.a.i.AuditLogImpl ] [tK858lY] Configured categories on transport layer to ignore: [AUTHENTICATED, GRANTED_PRIVILEGES]
[2018-12-28T12:20:53,423][INFO ][c.f.s.a.i.AuditLogImpl ] [tK858lY] Configured Users to ignore: [kibanaserver]
[2018-12-28T12:20:53,423][INFO ][c.f.s.a.i.AuditLogImpl ] [tK858lY] Configured Users to ignore for read compliance events: [kibanaserver]
[2018-12-28T12:20:53,423][INFO ][c.f.s.a.i.AuditLogImpl ] [tK858lY] Configured Users to ignore for write compliance events: [kibanaserver]
[2018-12-28T12:20:53,429][INFO ][c.f.s.a.i.AuditLogImpl ] [tK858lY] Message routing enabled: true
[2018-12-28T12:20:53,432][WARN ][c.f.s.c.ComplianceConfig ] [tK858lY] If you plan to use field masking pls configure searchguard.compliance.salt to be a random string of 16 chars length identical on all nodes
[2018-12-28T12:20:53,432][INFO ][c.f.s.c.ComplianceConfig ] [tK858lY] PII configuration [auditLogPattern=org.joda.time.format.DateTimeFormatter@508f4bb5, auditLogIndex=null]: {}
[2018-12-28T12:20:53,673][DEBUG][o.e.a.ActionModule ] [tK858lY] Using REST wrapper from plugin com.floragunn.searchguard.SearchGuardPlugin
[2018-12-28T12:20:53,937][INFO ][o.e.d.DiscoveryModule ] [tK858lY] using discovery type [zen] and host providers [settings]
[2018-12-28T12:20:54,789][INFO ][o.e.n.Node ] [tK858lY] initialized
[2018-12-28T12:20:54,790][INFO ][o.e.n.Node ] [tK858lY] starting ...
[2018-12-28T12:20:54,899][INFO ][o.e.t.TransportService ] [tK858lY] publish_address {68.183.51.152:9300}, bound_addresses {68.183.51.152:9300}
[2018-12-28T12:20:54,967][INFO ][o.e.b.BootstrapChecks ] [tK858lY] bound or publishing to a non-loopback address, enforcing bootstrap checks
[2018-12-28T12:20:54,979][INFO ][c.f.s.c.IndexBaseConfigurationRepository] [tK858lY] Check if searchguard index exists ...
[2018-12-28T12:20:54,985][DEBUG][o.e.a.a.i.e.i.TransportIndicesExistsAction] [tK858lY] no known master node, scheduling a retry
[2018-12-28T12:21:01,634][INFO ][c.f.s.c.IndexBaseConfigurationRepository] [tK858lY] Search Guard License Info: SearchGuardLicense [uid=00000000-0000-0000-0000-000000000000, type=TRIAL, features=[COMPLIANCE], issueDate=2018-12-18, expiryDate=2019-02-16, issuedTo=The world, issuer=floragunn GmbH, startDate=2018-12-18, majorVersion=6, clusterName=*, allowedNodeCount=2147483647, msgs=, expiresInDays=50, isExpired=false, valid=true, action=, prodUsage=Yes, one cluster with all commercial features and unlimited nodes per cluster., clusterService=org.elasticsearch.cluster.service.ClusterService@34e5839b, getMsgs()=, getExpiresInDays()=50, isExpired()=false, isValid()=true, getAction()=, getProdUsage()=Yes, one cluster with all commercial features and unlimited nodes per cluster.]
[2018-12-28T12:21:01,635][INFO ][c.f.s.c.IndexBaseConfigurationRepository] [tK858lY] Search Guard License Type: TRIAL, valid
[2018-12-28T12:21:01,635][INFO ][c.f.s.c.IndexBaseConfigurationRepository] [tK858lY] Node 'tK858lY' initialized

* Other installed Elasticsearch or Kibana plugins, if any
disabled some plugins

xpack.security.enabled: false

console.enabled: true
timelion.enabled: false
elasticsearch.ssl.verificationMode: none

* when creating new user with above configuration i have restarted ES as well but i am unable to login with new users please advice me.

Thanks
Phani

--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/2960169e-b8e3-491e-9264-885901590da3%40googlegroups.com\.
For more options, visit https://groups.google.com/d/optout\.

Phani_Nadiminti · January 1, 2019, 3:38pm

Hello,

Thankyou for the response. I made a mistake defining correct permissions to. Kibana index when assigning role permissions now it is working as expected.

Phani

···

On Tue, 1 Jan 2019, 7:59 pm SG <info@search-guard.com wrote:

Can you post your sg_internal_users.yml and sg_roles_mapping.yml file (as attachments)?

Am 28.12.2018 um 13:27 schrieb Phani.Nadiminti@goktree.com:

When asking questions, please provide the following information:

Search Guard and Elasticsearch version

ES- 6.5.2 ,search guard version - search-guard-6

Installed and used enterprise modules, if any

No. disabled x-pack on the installation

JVM version and operating system version

java version “1.8.0_191” , Ubuntu - 16

Search Guard configuration files

sg_internal_users.yml

phanis:

hash: $2y$12$S508kJSlMWygf4FQU92WB.ZVr5NCYKWTrIy77MeCOAMkKkFO1lQoK

roles:
- skbrole
roles.yml

sg_roles.yml:

indices:
'<indexname>*':
  '*':
    - READ
sg_roles_mapping.yml

sg_skbm:

backendroles:
- skbrole
Elasticsearch log messages on debug level

[2018-12-28T12:20:49,223][INFO ][o.e.p.PluginsService ] [tK858lY] loaded module [x-pack-logstash]

[2018-12-28T12:20:49,223][INFO ][o.e.p.PluginsService ] [tK858lY] loaded module [x-pack-ml]

[2018-12-28T12:20:49,223][INFO ][o.e.p.PluginsService ] [tK858lY] loaded module [x-pack-monitoring]

[2018-12-28T12:20:49,223][INFO ][o.e.p.PluginsService ] [tK858lY] loaded module [x-pack-rollup]

[2018-12-28T12:20:49,224][INFO ][o.e.p.PluginsService ] [tK858lY] loaded module [x-pack-security]

[2018-12-28T12:20:49,224][INFO ][o.e.p.PluginsService ] [tK858lY] loaded module [x-pack-sql]

[2018-12-28T12:20:49,224][INFO ][o.e.p.PluginsService ] [tK858lY] loaded module [x-pack-upgrade]

[2018-12-28T12:20:49,224][INFO ][o.e.p.PluginsService ] [tK858lY] loaded module [x-pack-watcher]

[2018-12-28T12:20:49,224][INFO ][o.e.p.PluginsService ] [tK858lY] loaded plugin [search-guard-6]

[2018-12-28T12:20:49,248][INFO ][c.f.s.SearchGuardPlugin ] [tK858lY] Disabled https compression by default to mitigate BREACH attacks. You can enable it by setting ‘http.compression: true’ in elasticsearch.yml

[2018-12-28T12:20:53,203][INFO ][o.e.x.m.j.p.l.CppLogMessageHandler] [tK858lY] [controller/22196] [Main.cc@109] controller (64 bit): Version 6.5.2 (Build 767566e25172d6) Copyright (c) 2018 Elasticsearch BV

[2018-12-28T12:20:53,422][INFO ][c.f.s.a.i.AuditLogImpl ] [tK858lY] Configured categories on rest layer to ignore: [AUTHENTICATED, GRANTED_PRIVILEGES]

[2018-12-28T12:20:53,423][INFO ][c.f.s.a.i.AuditLogImpl ] [tK858lY] Configured categories on transport layer to ignore: [AUTHENTICATED, GRANTED_PRIVILEGES]

[2018-12-28T12:20:53,423][INFO ][c.f.s.a.i.AuditLogImpl ] [tK858lY] Configured Users to ignore: [kibanaserver]

[2018-12-28T12:20:53,423][INFO ][c.f.s.a.i.AuditLogImpl ] [tK858lY] Configured Users to ignore for read compliance events: [kibanaserver]

[2018-12-28T12:20:53,423][INFO ][c.f.s.a.i.AuditLogImpl ] [tK858lY] Configured Users to ignore for write compliance events: [kibanaserver]

[2018-12-28T12:20:53,429][INFO ][c.f.s.a.i.AuditLogImpl ] [tK858lY] Message routing enabled: true

[2018-12-28T12:20:53,432][WARN ][c.f.s.c.ComplianceConfig ] [tK858lY] If you plan to use field masking pls configure searchguard.compliance.salt to be a random string of 16 chars length identical on all nodes

[2018-12-28T12:20:53,432][INFO ][c.f.s.c.ComplianceConfig ] [tK858lY] PII configuration [auditLogPattern=org.joda.time.format.DateTimeFormatter@508f4bb5, auditLogIndex=null]: {}

[2018-12-28T12:20:53,673][DEBUG][o.e.a.ActionModule ] [tK858lY] Using REST wrapper from plugin com.floragunn.searchguard.SearchGuardPlugin

[2018-12-28T12:20:53,937][INFO ][o.e.d.DiscoveryModule ] [tK858lY] using discovery type [zen] and host providers [settings]

[2018-12-28T12:20:54,789][INFO ][o.e.n.Node ] [tK858lY] initialized

[2018-12-28T12:20:54,790][INFO ][o.e.n.Node ] [tK858lY] starting …

[2018-12-28T12:20:54,899][INFO ][o.e.t.TransportService ] [tK858lY] publish_address {68.183.51.152:9300}, bound_addresses {68.183.51.152:9300}

[2018-12-28T12:20:54,967][INFO ][o.e.b.BootstrapChecks ] [tK858lY] bound or publishing to a non-loopback address, enforcing bootstrap checks

[2018-12-28T12:20:54,979][INFO ][c.f.s.c.IndexBaseConfigurationRepository] [tK858lY] Check if searchguard index exists …

[2018-12-28T12:20:54,985][DEBUG][o.e.a.a.i.e.i.TransportIndicesExistsAction] [tK858lY] no known master node, scheduling a retry

[2018-12-28T12:21:01,634][INFO ][c.f.s.c.IndexBaseConfigurationRepository] [tK858lY] Search Guard License Info: SearchGuardLicense [uid=00000000-0000-0000-0000-000000000000, type=TRIAL, features=[COMPLIANCE], issueDate=2018-12-18, expiryDate=2019-02-16, issuedTo=The world, issuer=floragunn GmbH, startDate=2018-12-18, majorVersion=6, clusterName=*, allowedNodeCount=2147483647, msgs=, expiresInDays=50, isExpired=false, valid=true, action=, prodUsage=Yes, one cluster with all commercial features and unlimited nodes per cluster., clusterService=org.elasticsearch.cluster.service.ClusterService@34e5839b, getMsgs()=, getExpiresInDays()=50, isExpired()=false, isValid()=true, getAction()=, getProdUsage()=Yes, one cluster with all commercial features and unlimited nodes per cluster.]

[2018-12-28T12:21:01,635][INFO ][c.f.s.c.IndexBaseConfigurationRepository] [tK858lY] Search Guard License Type: TRIAL, valid

[2018-12-28T12:21:01,635][INFO ][c.f.s.c.IndexBaseConfigurationRepository] [tK858lY] Node ‘tK858lY’ initialized

Other installed Elasticsearch or Kibana plugins, if any

disabled some plugins

xpack.security.enabled: false

console.enabled: true

timelion.enabled: false

elasticsearch.ssl.verificationMode: none

when creating new user with above configuration i have restarted ES as well but i am unable to login with new users please advice me.

Thanks

Phani

–

You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/2960169e-b8e3-491e-9264-885901590da3%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

–

You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/9BBB7F4F-2ED8-472E-82FD-6B19415DF6EE%40search-guard.com.

For more options, visit https://groups.google.com/d/optout.

Topic		Replies	Views
cannot update password or create user in sg_internal_users Search Guard	4	518	December 6, 2017
6.8.4 cluster running, but locked out of Search Guard Search Guard	3	1016	December 26, 2019
Unknown setting [searchguard.enterprise_modules_enabled] Search Guard	3	1725	November 17, 2021
Updating Internal Users Database without cluster Search Guard	7	844	November 20, 2019
Upgrade 6.7 - 7.4 failure Search Guard	5	1122	November 3, 2019

internal users not working

Related Topics