1. Describe your incident:
I went through the steps to add Active Directory as an Authentication option. During each step I used the available test options in the side bar to ensure it would work. I tested the AD connection after adding the server name, and setting the security options, and after adding the lookup user and password, both worked. I then added the User Synchronization settings using our admins OU as the search DN. I then used the user login test with two users. The user within the OU specified worked, the user not in the OU did not work which was the desired outcome. I then saved everything, made certain that AD was listed under the Authentication settings page, and logged out.
When I tried to login it did not work and I received the error “Invalid credentials, please verify them and retry.” I then tried again this time with the administrator account. That gave the same error. At this point I realized an issue, the name I used for the admin account was duplicated in AD within the OU I selected previously. It is a standard username that we use for local admin accounts. I went into the server.conf file and changed the root_username to a name not seen in AD. Restarting the server I tried to login with the admin account, same error as before. I went back into the server.conf file and modified the root_password, generating the hash on a different password. Another restart and still no login.
The last attempt I made was changing the password_secret. This made no difference. At this point I am entirely locked out of the system. AD accounts do not work and neither does the local admin account.
2. Describe your environment:
-
OS Information: Debian 10.12
-
Package Version: 4.2.9 - Installed via repository
-
Service logs, configurations, and environment variables:
Login attempts from /var/log/graylog-server/server.log. The usernames have been modified.
2022-05-18T09:38:24.611-04:00 INFO [SessionCreator] Invalid credentials in session create request. Actor: “urn:graylog:user:localadmin”
2022-05-18T09:38:44.646-04:00 INFO [SessionCreator] Invalid credentials in session create request. Actor: “urn:graylog:user:adusername”
3. What steps have you already taken to try and solve the problem?
Changed the root_username, root_password, and password_secret within /etc/graylog/server/server.conf. Each change was followed by a service restart and was done one at a time.
4. How can the community help?
Looking for a way to allow the local admin account to login. Hopefully without removing all current log data and streams.
