Active directory Authentication Problem

Mahmoud_Shash · July 12, 2020, 12:45pm

Hello Gents,
I'm a newbie in the elastic World, actually, I'm counting on you to solve my problem.
I've elastic search cluster and I need to do the Active directory integration
I followed the https://www.elastic.co/guide/en/elasticsearch/reference/current/active-directory-realm.html after enabling the trial license.
the cluster has 3 (master and data ) nodes with 3 client nodes in total 6 nodes.
the master nodes have the following Elasticsearch.yml
I enabled the encryption between the Elastic cluster inter-node communication but I didn't enable the HTTP encryption.

I did the enter as well the binding user credential via bin/elasticsearch-keystore add
xpack.security.authc.realms.active_directory.my_ad.secure_bind_password

xpack:
 security:
  authc:
   realms:
    active_directory:
      nic_ad:
        order: 1
        domain_name:  elastic.example.com
        url: ldap://server01.elastic.example.com:389, ldap://server02.elastic.example.com:389
        bind_dn: CN=NDB,OU=Service Account,DC=elastic,DC=example,DC=com
        user_search:
          base_dn: "OU=sharaf,DC=elastic,DC=example,DC=com"
        group_search:
          base_dn: "CN=elastic_admin,DC=elastic,DC=example,DC=com"
        files:
          role_mapping: "/etc/elasticsearch/role_mapping.yml"

Christian_Dahlqvist · July 12, 2020, 1:02pm

AD integration is a commercial feature. Do you have the appropriate license?

Mahmoud_Shash · July 12, 2020, 1:25pm

Thanks for your response I enabled the trial license.

Mahmoud_Shash · July 12, 2020, 8:16pm

more over the log file is not sating anything regarding the authentication process although with the following configuration, more over the log file is not saying anything regarding the authentication process although with the following configuration :

  PUT /_cluster/settings 
        { 
          "transient": { 
             "logger.org.elasticsearch.xpack.security.authc.ldap":"TRACE", 
             "logger.org.elasticsearch.xpack.security.authz":"TRACE" 
           } 
        }

please guys anyone can help me here ?

Mahmoud_Shash · July 14, 2020, 4:16pm

I managed to solve it.
this are other important points :
1- check if the AD is multi Domain so you have to talk with Global catalog node with the port (3268) if not SSL
2- you have to make sure that the Elasticsearch node you are connected with has both the configuration of the AD configuration in elasticsearch.yml and the bind user password in the node keystore even if this node is a client Elastic node.

system · August 11, 2020, 4:16pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.