Added Active Directory authentication, now cannot login

1. Describe your incident:
I went through the steps to add Active Directory as an Authentication option. During each step I used the available test options in the side bar to ensure it would work. I tested the AD connection after adding the server name, and setting the security options, and after adding the lookup user and password, both worked. I then added the User Synchronization settings using our admins OU as the search DN. I then used the user login test with two users. The user within the OU specified worked, the user not in the OU did not work which was the desired outcome. I then saved everything, made certain that AD was listed under the Authentication settings page, and logged out.
When I tried to login it did not work and I received the error “Invalid credentials, please verify them and retry.” I then tried again this time with the administrator account. That gave the same error. At this point I realized an issue, the name I used for the admin account was duplicated in AD within the OU I selected previously. It is a standard username that we use for local admin accounts. I went into the server.conf file and changed the root_username to a name not seen in AD. Restarting the server I tried to login with the admin account, same error as before. I went back into the server.conf file and modified the root_password, generating the hash on a different password. Another restart and still no login.
The last attempt I made was changing the password_secret. This made no difference. At this point I am entirely locked out of the system. AD accounts do not work and neither does the local admin account.

2. Describe your environment:

  • OS Information: Debian 10.12

  • Package Version: 4.2.9 - Installed via repository

  • Service logs, configurations, and environment variables:
    Login attempts from /var/log/graylog-server/server.log. The usernames have been modified.
    2022-05-18T09:38:24.611-04:00 INFO [SessionCreator] Invalid credentials in session create request. Actor: “urn:graylog:user:localadmin”
    2022-05-18T09:38:44.646-04:00 INFO [SessionCreator] Invalid credentials in session create request. Actor: “urn:graylog:user:adusername”

3. What steps have you already taken to try and solve the problem?
Changed the root_username, root_password, and password_secret within /etc/graylog/server/server.conf. Each change was followed by a service restart and was done one at a time.

4. How can the community help?
Looking for a way to allow the local admin account to login. Hopefully without removing all current log data and streams.

Fixed it myself. After I had reset the password_secret I did not try anything else. Until now when I changed the root_password and restarted the service. Now I can login as the local admin. Don’t know why this did not work after I changed the root_username and root_password before.
I also found out that you need to activate the Active Directory Authentication Service. Not certain why this was never mentioned, or why I didn’t notice it, but it does explain why the AD users could not login. They still cannot login but that will be another topic if I cannot figure it out.

Hello and welcome! Feel free to post your settings (obfuscated of course!) I have my setup working with AD - happy to show you settings if you need them! :smiley:

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.