Switch from GUID to internal user DB (trial version is ending)

If you think it is a bug report or you have a technical issue, please answer the following questions. For general questions, you can delete these questions.

Elasticsearch version: [ 7.8.1 ]

**Server OS version:Windows server 2019

**Kibana version (if relevant):7.8.1

**Browser version (if relevant):Chrome

Browser OS version (if relevant):

Describe the issue: My trial version is ending, I did not know that GUI is only for enterprise. Now I need to re-create access for already created users.
Please, help me find the way to switch to internal user database sg_internal_users.yml or how much will it cost to buy a license for 5 users?
Thank you.

Steps to reproduce:

  1. Tried to find how to do this

Part of config
authc:
kerberos_auth_domain:
http_enabled: false
transport_enabled: false
order: 6
http_authenticator:
type: kerberos # NOT FREE FOR COMMERCIAL USE
challenge: true
config:
# If true a lot of kerberos/security related debugging output will be logged to standard out
krb_debug: false
# If true then the realm will be stripped from the user name
strip_realm_from_principal: true
authentication_backend:
type: noop
basic_internal_auth_domain:
description: “Authenticate via HTTP Basic against internal users database”
http_enabled: true
enabled: true
transport_enabled: true
order: 1
http_authenticator:
type: basic
challenge: true
authentication_backend:
type: internal
proxy_auth_domain:
description: “Authenticate via proxy”
http_enabled: false
transport_enabled: false
order: 3
http_authenticator:
type: proxy
challenge: false
config:
user_header: “x-proxy-user”
roles_header: “x-proxy-roles”
authentication_backend:
type: noop
jwt_auth_domain:
description: “Authenticate via Json Web Token”
http_enabled: false
transport_enabled: false
order: 0
http_authenticator:
type: jwt
challenge: false
config:
signing_key: “base64 encoded HMAC key or public RSA/ECDSA pem key”
jwt_header: “Authorization”
jwt_url_parameter: null
roles_key: null
subject_key: null
authentication_backend:
type: noop
clientcert_auth_domain:
description: “Authenticate via SSL client certificates”
http_enabled: false
transport_enabled: false
order: 2
http_authenticator:
type: clientcert
config:
username_attribute: cn #optional, if omitted DN becomes username
challenge: false
authentication_backend:
type: noop
ldap:
description: “Authenticate via LDAP or Active Directory”
http_enabled: false
transport_enabled: false
order: 5
http_authenticator:
type: basic
challenge: false
authentication_backend:
# LDAP authentication backend (authenticate users against a LDAP or Active Directory)
type: ldap # NOT FREE FOR COMMERCIAL USE
config:
# enable ldaps
enable_ssl: false
# enable start tls, enable_ssl should be false
enable_start_tls: false
# send client certificate
enable_ssl_client_auth: false
# verify ldap hostname
verify_hostnames: true
hosts:
- localhost:8389
bind_dn: null
password: null
userbase: ‘ou=people,dc=example,dc=com’
# Filter to search for users (currently in the whole subtree beneath userbase)
# {0} is substituted with the username
usersearch: ‘(sAMAccountName={0})’
# Use this attribute from the user as username (if not set then DN is used)
username_attribute: null

Hi. Please ask for a license here https://search-guard.com/contacts/

Current permission will be lost?
I contacted with distributors
https://www.fgts.ru/collection/search-guard
but they did not answer me.

I did request https://search-guard.com/contacts/ thank you.

No, nothing will be lost and your cluster will operate as normal. Just the UI is disabled.

Instead of the UI, please use the sgadmin command line tool:

If you already configured Search Guard (users, roles, etc.) I recommend to backup the configuration first.

https://docs.search-guard.com/latest/sgadmin#command-line-options#backup-and-restore

This will fetch the current configuration from the running cluster and create the yml configuration files in the specified directory.

You can then modify those files (adding users, changing roles, etc.) and upload the complete set of configuration files or only single files:

https://docs.search-guard.com/latest/sgadmin#command-line-options#configuration-files-settings

This will upload the changes and they will take effect immediately.

Thank you.

How I can switch to internal user database instead GUI version?

How I can switch to internal user database instead GUI version?

I’m not sure I understand the question. If you don’t want to use UI, to add users to the internal database you should update sg_internal_users.yml file https://docs.search-guard.com/latest/internal-users-database

Thank you.

Guys from distribution department contacted with me.
I confess that the solution is too expensive for me :slight_smile: I`ll try to use free edition.

This is not production service, I`am using ELK only for scripts reports/logs.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.