Active Directory Realm Authentication Issue

(Navnith) #1

ELK Version: 6.1.3
Setup : Docker containers created with official images from elastic

Hi All,
I am trying to configure active directory realm to work with Global catalog of our companies Active directory. Following is the configuration I am using.
            type: active_directory
            order: 0
            url: ldap://
            bind_password: password
            user_search.filter: (sAMAccountName={0})

I am getting following exception message during login

[2018-02-14T17:49:51,950][DEBUG][o.e.x.s.a.l.LdapRealm    ] [otMZgVg] Exception occurred during authenticate for active_directory/realm0
com.unboundid.ldap.sdk.LDAPBindException: 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580
        at com.unboundid.ldap.sdk.LDAPConnection.bind( ~[?:?]
        at com.unboundid.ldap.sdk.LDAPConnectionPool.bindAndRevertAuthentication( ~[?:?]
        at$1.lambda$doRun$0( ~[?:?]
        at Method) ~[?:1.8.0_161]
        at ~[?:?]
        at$1.doRun( ~[?:?]
        at ~[elasticsearch-6.1.3.jar:6.1.3]
        at ~[x-pack-6.1.3.jar:6.1.3]
        at$ADAuthenticator.authenticate( ~[x-pack-6.1.3.jar:6.1.3]
        at ~[x-pack-6.1.3.jar:6.1.3]
        at ~[x-pack-6.1.3.jar:6.1.3]
        at$doAuthenticate$1( ~[x-pack-6.1.3.jar:6.1.3]
        at$CancellableLdapRunnable.doRun( [x-pack-6.1.3.jar:6.1.3]
        at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingAbstractRunnable.doRun( [elasticsearch-6.1.3.jar:6.1.3]
        at [elasticsearch-6.1.3.jar:6.1.3]
        at java.util.concurrent.ThreadPoolExecutor.runWorker( [?:1.8.0_161]
        at java.util.concurrent.ThreadPoolExecutor$ [?:1.8.0_161]
        at [?:1.8.0_161]
[2018-02-14T17:49:51,954][WARN ][o.e.x.s.a.AuthenticationService] [otMZgVg] Authentication to realm realm0 failed - authenticate failed (Caused by LDAPException(resultCode=49 (invalid credentials), errorMessage='80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580', diagnosticMessage='80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580'))

I tried to connect with ldapsearch for same credentials and it worked perfectly OK.
Can any one please help me with getting AD configuration working?

(Tim Vernum) #2

Which credentials do you mean? The bind_dn, or the user logging in to Elasticsearch?
It is the latter that is failing.

What form of login are you using?

  • account name: e.g. navnith
  • user principal name: e.g.
  • NetBIOS (down level) name: e.g. Company\\navnith

Do you know if you using AD DS or LDS?

(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.