Active Directory Realm Authentication Issue

ELK Version: 6.1.3
Setup : Docker containers created with official images from elastic

Hi All,
I am trying to configure active directory realm to work with Global catalog of our companies Active directory. Following is the configuration I am using.
            type: active_directory
            order: 0
            url: ldap://
            bind_password: password
            user_search.filter: (sAMAccountName={0})

I am getting following exception message during login

[2018-02-14T17:49:51,950][DEBUG][o.e.x.s.a.l.LdapRealm    ] [otMZgVg] Exception occurred during authenticate for active_directory/realm0
com.unboundid.ldap.sdk.LDAPBindException: 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580
        at com.unboundid.ldap.sdk.LDAPConnection.bind( ~[?:?]
        at com.unboundid.ldap.sdk.LDAPConnectionPool.bindAndRevertAuthentication( ~[?:?]
        at$1.lambda$doRun$0( ~[?:?]
        at Method) ~[?:1.8.0_161]
        at ~[?:?]
        at$1.doRun( ~[?:?]
        at ~[elasticsearch-6.1.3.jar:6.1.3]
        at ~[x-pack-6.1.3.jar:6.1.3]
        at$ADAuthenticator.authenticate( ~[x-pack-6.1.3.jar:6.1.3]
        at ~[x-pack-6.1.3.jar:6.1.3]
        at ~[x-pack-6.1.3.jar:6.1.3]
        at$doAuthenticate$1( ~[x-pack-6.1.3.jar:6.1.3]
        at$CancellableLdapRunnable.doRun( [x-pack-6.1.3.jar:6.1.3]
        at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingAbstractRunnable.doRun( [elasticsearch-6.1.3.jar:6.1.3]
        at [elasticsearch-6.1.3.jar:6.1.3]
        at java.util.concurrent.ThreadPoolExecutor.runWorker( [?:1.8.0_161]
        at java.util.concurrent.ThreadPoolExecutor$ [?:1.8.0_161]
        at [?:1.8.0_161]
[2018-02-14T17:49:51,954][WARN ][o.e.x.s.a.AuthenticationService] [otMZgVg] Authentication to realm realm0 failed - authenticate failed (Caused by LDAPException(resultCode=49 (invalid credentials), errorMessage='80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580', diagnosticMessage='80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580'))

I tried to connect with ldapsearch for same credentials and it worked perfectly OK.
Can any one please help me with getting AD configuration working?

Which credentials do you mean? The bind_dn, or the user logging in to Elasticsearch?
It is the latter that is failing.

What form of login are you using?

  • account name: e.g. navnith
  • user principal name: e.g.
  • NetBIOS (down level) name: e.g. Company\\navnith

Do you know if you using AD DS or LDS?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.