Active Directory Realm Authentication Issue

Environment:
ELK Version: 6.1.3
Setup : Docker containers created with official images from elastic

Hi All,
I am trying to configure active directory realm to work with Global catalog of our companies Active directory. Following is the configuration I am using.

   xpack.security.authc.realms:
        realm0:
            type: active_directory
            order: 0
            domain_name: company.com
            url: ldap://ldap.in.company.com:3268
            bind_dn: username@company.com
            bind_password: password
            user_search.filter: (sAMAccountName={0})

I am getting following exception message during login

[2018-02-14T17:49:51,950][DEBUG][o.e.x.s.a.l.LdapRealm    ] [otMZgVg] Exception occurred during authenticate for active_directory/realm0
com.unboundid.ldap.sdk.LDAPBindException: 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580
        at com.unboundid.ldap.sdk.LDAPConnection.bind(LDAPConnection.java:2171) ~[?:?]
        at com.unboundid.ldap.sdk.LDAPConnectionPool.bindAndRevertAuthentication(LDAPConnectionPool.java:1535) ~[?:?]
        at org.elasticsearch.xpack.security.authc.ldap.support.LdapUtils$1.lambda$doRun$0(LdapUtils.java:135) ~[?:?]
        at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_161]
        at org.elasticsearch.xpack.security.authc.ldap.support.LdapUtils.privilegedConnect(LdapUtils.java:86) ~[?:?]
        at org.elasticsearch.xpack.security.authc.ldap.support.LdapUtils$1.doRun(LdapUtils.java:135) ~[?:?]
        at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37) ~[elasticsearch-6.1.3.jar:6.1.3]
        at org.elasticsearch.xpack.security.authc.ldap.support.LdapUtils.maybeForkThenBind(LdapUtils.java:160) ~[x-pack-6.1.3.jar:6.1.3]
        at org.elasticsearch.xpack.security.authc.ldap.ActiveDirectorySessionFactory$ADAuthenticator.authenticate(ActiveDirectorySessionFactory.java:315) ~[x-pack-6.1.3.jar:6.1.3]
        at org.elasticsearch.xpack.security.authc.ldap.ActiveDirectorySessionFactory.getSessionWithPool(ActiveDirectorySessionFactory.java:135) ~[x-pack-6.1.3.jar:6.1.3]
        at org.elasticsearch.xpack.security.authc.ldap.PoolingSessionFactory.session(PoolingSessionFactory.java:104) ~[x-pack-6.1.3.jar:6.1.3]
        at org.elasticsearch.xpack.security.authc.ldap.LdapRealm.lambda$doAuthenticate$1(LdapRealm.java:164) ~[x-pack-6.1.3.jar:6.1.3]
        at org.elasticsearch.xpack.security.authc.ldap.LdapRealm$CancellableLdapRunnable.doRun(LdapRealm.java:320) [x-pack-6.1.3.jar:6.1.3]
        at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingAbstractRunnable.doRun(ThreadContext.java:637) [elasticsearch-6.1.3.jar:6.1.3]
        at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37) [elasticsearch-6.1.3.jar:6.1.3]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_161]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_161]
        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]
[2018-02-14T17:49:51,954][WARN ][o.e.x.s.a.AuthenticationService] [otMZgVg] Authentication to realm realm0 failed - authenticate failed (Caused by LDAPException(resultCode=49 (invalid credentials), errorMessage='80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580', diagnosticMessage='80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580'))

I tried to connect with ldapsearch for same credentials and it worked perfectly OK.
Can any one please help me with getting AD configuration working?

Which credentials do you mean? The bind_dn, or the user logging in to Elasticsearch?
It is the latter that is failing.

What form of login are you using?

  • account name: e.g. navnith
  • user principal name: e.g. navnith@company.com
  • NetBIOS (down level) name: e.g. Company\\navnith

Do you know if you using AD DS or LDS?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.