Can´t authenticate against Active Directory

atarallo · December 3, 2019, 7:23pm

I've installed elk stack from repo packages on Centos 7.7. I´ve successfully started collecting data with metric beat and filebeat. But I can´t authenticate against active directory

I tested with openldaptools from the server I have elastic, and can authenticate and query de AD server.

On the elastic.yml file I've added

 xpack.security.enabled: true

xpack:
  security:
    authc:
      realms:
        active_directory:
          poc_ad:
            order: 0
            enabled: true
            domain_name: "poc.net"
            bind_dn: "CN=ldapdesa,CN=Users,DC=poc,DC=net"
            bind_password: "SuperSecret"
            url: ldap://srvad01:389, ldap://srvad02:389
            user_search:
              base_dn: "CN=Users,DC=poc,DC=net"
              scope: "sub_tree"
              filter: "(&(objectClass=user)(userPrincipalName={0}))"
            load_balance:
              type: "failover"

I've also tested with curl against the API, had no success.

ikakavas · December 3, 2019, 8:12pm

Can you please share some logs from elasticsearch? What are you trying to use as a username when you authenticate? Does that user exist in your Active Directory ?

atarallo · December 4, 2019, 7:25pm

Answering your questions

I use as username the same login name I use to autenticate on Workstations. The LDAP attribute is samAccount, the same value is loaded in userPrincipalName . I type username in the textbox
Yes the user exists. I use it daily for login into my workstation. I also installed in the ELK server the OpenLDAP tools. With them I've made manual logins, communications and firewall issues are descarded.
I had TCPDUMP running during the tests, when I've autenticated nothing happens. When I run command line autentication I see traffic from the server to the DC.

Which log do you need?

I use as username

ikakavas · December 5, 2019, 8:00am

elasticsearch.log located in /var/log/elasticsearch

Can you remove

              filter: "(&(objectClass=user)(userPrincipalName={0}))"

from your configuration , restart elasticsearch and try again ? The default filter value should cover your use case adequately.

system · January 2, 2020, 8:00am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to authenticate using Active directory & LDAP in ELK Elasticsearch elastic-stack-security	8	1777	August 19, 2019
Active Directory user authentication Elasticsearch elastic-stack-security	4	759	March 22, 2021
Secure Elasticsearch with LDAP or Active Directory - questions Elasticsearch elastic-stack-security	1	332	June 10, 2021
ELK Platinum : Active Directory error Elasticsearch elastic-stack-security	2	404	November 3, 2020
Troubles with active directory user authentication Elasticsearch elastic-stack-security	11	2039	November 29, 2021

Can´t authenticate against Active Directory

Related topics