Hello!
I’m trying to configure latest alfa build of SG for ES 2.2.
I take all scripts and config from example folder, so I think there are minimum error possibylity.
So I have install SG plugin. Then run sgadmin tool to load initial configuration from default configs. I have also add next lines in EL config:
searchguard.authcz.admin_dn:
- C=DE, L=Test, O=client, OU=client, CN=admin
After that I was restart ES and try to load same configuration again. But have an error: no permissions for cluster:monitor/health.
After that I enable DEBUG logging in AS config, restart it and run sgadmin again to check ES logs. I find that:
[com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles: [sg_public].
After that I had try to add next few lines in sg_role_mapping.yml, remove SG, restart ES, install SG again, again load config with sgadmin.
sg_admin:
users:
- ‘C=DE,L=Test,O=client,OU=client,CN=admin’
Result is the same. What i’m doing wrong?
Ok. I have find error. Hope it will help for somebody.
When you try to understand what DN have your certificate, you can use openssl, as I’m. In my case openssl show “C=DE, L=Test, O=client, OU=client, CN=admin”.
But when SG evaluates this string it converts it in “CN=admin,OU=client,O=client,L=Test,C=DE”. And DN that you write in config must completely match that string.
So I have wrote in config “CN=admin,OU=client,O=client,L=Test,C=DE” and everything works fine.
···
вторник, 1 марта 2016 г., 21:01:20 UTC+3 пользователь Daniil Svetlov написал:
Hello!
I’m trying to configure latest alfa build of SG for ES 2.2.
I take all scripts and config from example folder, so I think there are minimum error possibylity.
So I have install SG plugin. Then run sgadmin tool to load initial configuration from default configs. I have also add next lines in EL config:
searchguard.authcz.admin_dn:
- C=DE, L=Test, O=client, OU=client, CN=admin
After that I was restart ES and try to load same configuration again. But have an error: no permissions for cluster:monitor/health.
After that I enable DEBUG logging in AS config, restart it and run sgadmin again to check ES logs. I find that:
[com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles: [sg_public].
After that I had try to add next few lines in sg_role_mapping.yml, remove SG, restart ES, install SG again, again load config with sgadmin.
sg_admin:
users:
- ‘C=DE,L=Test,O=client,OU=client,CN=admin’
Result is the same. What i’m doing wrong?
Hello Daniil Svetlov!
I am interested in your error…
How do you know, or how do you get from SG the DN certificate? What command or in what log do you get the DN certificate?
Because, for example me, I have CN, OU, DC and DC…and I dont know if SG if taking it correctly
Thanks in advance!
Rocio
···
On Thursday, March 3, 2016 at 5:49:18 PM UTC+1, Daniil Svetlov wrote:
Ok. I have find error. Hope it will help for somebody.
When you try to understand what DN have your certificate, you can use openssl, as I’m. In my case openssl show “C=DE, L=Test, O=client, OU=client, CN=admin”.
But when SG evaluates this string it converts it in “CN=admin,OU=client,O=client,L=Test,C=DE”. And DN that you write in config must completely match that string.
Hello!
I’m trying to configure latest alfa build of SG for ES 2.2.
I take all scripts and config from example folder, so I think there are minimum error possibylity.
So I have install SG plugin. Then run sgadmin tool to load initial configuration from default configs. I have also add next lines in EL config:
searchguard.authcz.admin_dn:
- C=DE, L=Test, O=client, OU=client, CN=admin
After that I was restart ES and try to load same configuration again. But have an error: no permissions for cluster:monitor/health.
After that I enable DEBUG logging in AS config, restart it and run sgadmin again to check ES logs. I find that:
[com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles: [sg_public].
After that I had try to add next few lines in sg_role_mapping.yml, remove SG, restart ES, install SG again, again load config with sgadmin.
sg_admin:
users:
- ‘C=DE,L=Test,O=client,OU=client,CN=admin’
Result is the same. What i’m doing wrong?
So I have wrote in config “CN=admin,OU=client,O=client,L=Test,C=DE” and everything works fine.
вторник, 1 марта 2016 г., 21:01:20 UTC+3 пользователь Daniil Svetlov написал:
look also here https://github.com/floragunncom/search-guard/issues/108
···
Am Samstag, 12. März 2016 18:55:32 UTC+1 schrieb Rocio Rama:
Hello Daniil Svetlov!
I am interested in your error…
How do you know, or how do you get from SG the DN certificate? What command or in what log do you get the DN certificate?
Because, for example me, I have CN, OU, DC and DC…and I dont know if SG if taking it correctly
Thanks in advance!
Rocio
On Thursday, March 3, 2016 at 5:49:18 PM UTC+1, Daniil Svetlov wrote:
Ok. I have find error. Hope it will help for somebody.
When you try to understand what DN have your certificate, you can use openssl, as I’m. In my case openssl show “C=DE, L=Test, O=client, OU=client, CN=admin”.
But when SG evaluates this string it converts it in “CN=admin,OU=client,O=client,L=Test,C=DE”. And DN that you write in config must completely match that string.
Hello!
I’m trying to configure latest alfa build of SG for ES 2.2.
I take all scripts and config from example folder, so I think there are minimum error possibylity.
So I have install SG plugin. Then run sgadmin tool to load initial configuration from default configs. I have also add next lines in EL config:
searchguard.authcz.admin_dn:
- C=DE, L=Test, O=client, OU=client, CN=admin
After that I was restart ES and try to load same configuration again. But have an error: no permissions for cluster:monitor/health.
After that I enable DEBUG logging in AS config, restart it and run sgadmin again to check ES logs. I find that:
[com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles: [sg_public].
After that I had try to add next few lines in sg_role_mapping.yml, remove SG, restart ES, install SG again, again load config with sgadmin.
sg_admin:
users:
- ‘C=DE,L=Test,O=client,OU=client,CN=admin’
Result is the same. What i’m doing wrong?
So I have wrote in config “CN=admin,OU=client,O=client,L=Test,C=DE” and everything works fine.
вторник, 1 марта 2016 г., 21:01:20 UTC+3 пользователь Daniil Svetlov написал:
Hi!
Ihave just turn log verbose to debug level. Than grep the logs of elasticsearch.