Problems setting up user authentication with Shield

Hi everybody,

I just tried setting up Shield on my three node testcluster. I downloaded
the license and shield plugins, ran syskeygen and distributed that to all
cluster nodes.
I then ran the following command on all nodes as the es user:
./esusers useradd es_admin -r admin -p foobar1234

After a cluster restart I was asked to enter username and password when
accessing 10.10.0.72:9200 in my browser (or via curl from localhost, same
result). So far so good, but when I enter the user credentials created
above I just get returned to the login prompt.

In the cluster.log file I see the following lines:

[2015-03-15 18:26:00,197][DEBUG][shield.authc.esusers ] [elastic_node_3]
user not found in cache, proceeding with normal authentication
[2015-03-15 18:26:00,197][DEBUG][shield.authc.esusers ] [elastic_node_3]
realm [esusers] could not authenticate [es_admin]

I did not add anything to the elasticsearch.yml configuration, as the
documentation stated that this is not strictly speaking necessarry, if I am
happy to use the default esusers realm.

I am probably omitting a very simple but crucial step here, but I cannot
figure out what is wrong and am thankful for any hints as to where I might
look for the cause.

Kind regards,
Sönke

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/bc9c8044-e7d7-4435-8f9b-b120861fa921%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

There is a step in the longer version of getting started about
setting ES_JAVA_OPTS="-Des.path.conf=/etc/elasticsearch" -
Getting Started with Shield | Shield [2.4] | Elastic - did
you set that?

On 15 March 2015 at 11:30, Sönke Liebau soenke@liebau.biz wrote:

Hi everybody,

I just tried setting up Shield on my three node testcluster. I downloaded
the license and shield plugins, ran syskeygen and distributed that to all
cluster nodes.
I then ran the following command on all nodes as the es user:
./esusers useradd es_admin -r admin -p foobar1234

After a cluster restart I was asked to enter username and password when
accessing 10.10.0.72:9200 in my browser (or via curl from localhost, same
result). So far so good, but when I enter the user credentials created
above I just get returned to the login prompt.

In the cluster.log file I see the following lines:

[2015-03-15 18:26:00,197][DEBUG][shield.authc.esusers ] [
elastic_node_3] user not found in cache, proceeding with normal
authentication
[2015-03-15 18:26:00,197][DEBUG][shield.authc.esusers ] [
elastic_node_3] realm [esusers] could not authenticate [es_admin]

I did not add anything to the elasticsearch.yml configuration, as the
documentation stated that this is not strictly speaking necessarry, if I am
happy to use the default esusers realm.

I am probably omitting a very simple but crucial step here, but I cannot
figure out what is wrong and am thankful for any hints as to where I might
look for the cause.

Kind regards,
Sönke

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/bc9c8044-e7d7-4435-8f9b-b120861fa921%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/bc9c8044-e7d7-4435-8f9b-b120861fa921%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAEYi1X-w_b83jL6iFn1QRQc%3DU4e-5dMOWefRka178MVT5JK9kg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Hi Mark,

thanks a lot, that did the trick!

Kind regards,
Sönke

On Sunday, March 15, 2015 at 9:14:47 PM UTC+1, Mark Walkom wrote:

There is a step in the longer version of getting started about
setting ES_JAVA_OPTS="-Des.path.conf=/etc/elasticsearch" -
Getting Started with Shield | Shield [2.4] | Elastic - did
you set that?

On 15 March 2015 at 11:30, Sönke Liebau <soe...@liebau.biz <javascript:>>
wrote:

Hi everybody,

I just tried setting up Shield on my three node testcluster. I downloaded
the license and shield plugins, ran syskeygen and distributed that to all
cluster nodes.
I then ran the following command on all nodes as the es user:
./esusers useradd es_admin -r admin -p foobar1234

After a cluster restart I was asked to enter username and password when
accessing 10.10.0.72:9200 in my browser (or via curl from localhost,
same result). So far so good, but when I enter the user credentials created
above I just get returned to the login prompt.

In the cluster.log file I see the following lines:

[2015-03-15 18:26:00,197][DEBUG][shield.authc.esusers ] [
elastic_node_3] user not found in cache, proceeding with normal
authentication
[2015-03-15 18:26:00,197][DEBUG][shield.authc.esusers ] [
elastic_node_3] realm [esusers] could not authenticate [es_admin]

I did not add anything to the elasticsearch.yml configuration, as the
documentation stated that this is not strictly speaking necessarry, if I am
happy to use the default esusers realm.

I am probably omitting a very simple but crucial step here, but I cannot
figure out what is wrong and am thankful for any hints as to where I might
look for the cause.

Kind regards,
Sönke

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearc...@googlegroups.com <javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/bc9c8044-e7d7-4435-8f9b-b120861fa921%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/bc9c8044-e7d7-4435-8f9b-b120861fa921%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/a163c80d-7ce2-4057-8439-94ac4501700b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.