Cannot activate Active Directory authentication service

Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!

1. Describe your incident:
I set up Graylog in a Docker environment with compose following the documentation. Everything works like a charm and I wanted to set up Active Directory authentication for my coworkers. All the steps to set it up was good, but at the end I am unable to activate the service. I try to restart the stack, but nothing change.

2. Describe your environment:

  • OS Information:
    The host is Debian Bookworm.
    Docker is on version 25.0.3, containerd.io version 1.6.28-1.
    Graylog is behind a NGinX reverse proxy.

  • Package Version:
    In my compose file I set :
    Graylog: graylog/graylog:5.2.7
    MongoDB: mongo:6.0.15
    Opensearch: opensearchproject/opensearch:2.13.0

  • Service logs, configurations, and environment variables:
    Here my compose.yml

services:
  graylog:
    container_name: graylog
    hostname: graylog
    image: graylog/graylog:5.2.7
    restart: unless-stopped
    depends_on:
      graylog-opensearch:
        condition: service_started
        required: true
      graylog-mongodb:
        condition: service_started
        required: true
    networks:
      - graylog
    ports:
      - "9000:9000/tcp"    # Server API & WebUI
    # - "5044:5044/tcp"    # Beats
      - "5140:5140/udp"    # Syslog
      - "5140:5140/tcp"    # Syslog
      - "5555:5555/tcp"    # RAW TCP
    # - "5555:5555/udp"    # RAW TCP
      - "12201:12201/tcp"  # GELF TCP
      - "12201:12201/udp"  # GELF UDP
    # - "13301:13301/tcp"  # Forwarder data
    # - "13302:13302/tcp"  # Forwarder config
    # - "10000:10000/tcp"  # Optional Custom TCP port
    # - "10000:10000/udp"  # Optional Custom UDP port
    environment:
      - 'GRAYLOG_ROOT_TIMEZONE=Europe/Paris'
      - 'GRAYLOG_HTTP_EXTERNAL_URI=http://graylog.sterimed.local/'
      - 'GRAYLOG_ROOT_USERNAME=admin'
      - 'GRAYLOG_ROOT_PASSWORD_SHA2=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
      - 'GRAYLOG_PASSWORD_SECRET=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
      - 'GRAYLOG_ELASTICSEARCH_HOSTS=http://admin:xxxxx@graylog-opensearch:9200'
      - 'GRAYLOG_MONGODB_URI=mongodb://graylog-mongodb:27017/graylog'
      - 'GRAYLOG_HTTP_BIND_ADDRESS=0.0.0.0:9000'
      - 'GRAYLOG_PUBLISH_URI=http://graylog.sterimed.local/'
      - 'GRAYLOG_NODE_ID_FILE=/usr/share/graylog/data/config/node-id'
      - 'GRAYLOG_IS_LEADER=true'
      - 'GRAYLOG_ELASTICSEARCH_SHARDS=1'
      - 'GRAYLOG_ELASTICSEARCH_REPLICAS=0'
      - 'GRAYLOG_MESSAGE_JOURNAL_MAX_SIZE=5gb'
    entrypoint: "/usr/bin/tini -- wait-for-it graylog-opensearch:9200 --  /docker-entrypoint.sh"
    volumes:
      - /mnt/docker/graylog/usr/share/data/data:/usr/share/graylog/data/data"
      - /mnt/docker/graylog/usr/share/data/journal:/usr/share/graylog/data/journal"

  graylog-mongodb:
    container_name: graylog-mongodb
    image: mongo:6.0.15
    restart: unless-stopped
    networks:
      - graylog
    volumes:
      - /mnt/docker/graylog-mongodb/data/db:/data/db

  graylog-opensearch:
    container_name: graylog-opensearch
    image: opensearchproject/opensearch:2.13.0
    restart: unless-stopped
    networks:
      - graylog
    environment:
      - 'OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m'
      - 'bootstrap.memory_lock=true'
      - 'discovery.type=single-node'
      - 'DISABLE_INSTALL_DEMO_CONFIG=true'
      - 'DISABLE_SECURITY_PLUGIN=true'
      - 'OPENSEARCH_USERNAME=admin'
      - 'OPENSEARCH_PASSWORD=xxxxxx'
      - 'cluster.name=opensearch-cluster'
      - 'node.name=opensearch-master'
      - 'node.master=true'
      - 'node.data=true'
      - 'node.ingest=true'
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    volumes:
      - /mnt/docker/graylog-opensearch/usr/share/data:/usr/share/opensearch/data

networks:
  graylog:
    name: graylog

3. What steps have you already taken to try and solve the problem?
Restart the stack and analyze logs, but nothing happened in the logs.
I also tried to recreate it.

4. How can the community help?
Help me to find the way on how to activate the authentication service. Maybe I miss something in the configuration as it’s the first time I use Graylog.

How/where are you configuring the Active Directory authentication service? And you mean access to the Graylog GUI and not Opensearch, correct?

I go to System > Authentication and use the “Create service” button.

Yes, that is correct.

Are you able to test your connection successfully?

Yes and it works.
I tried with and without TLS, both work.

image

I just can’t activate the service
The ‘Activate’ button does nothing.

Anything related in the server log?

Unfortunately, no related logs.

Did you configure the User Synchronization portion?

What response comes back from the API call POST system/authentication/services/configuration? This is issued when you hit activate. You can monitor it in the browser dev tools.

Yes, of course and it works well.
image

Are you sure it is the POST? It says it is to “Update global authentication services configuration” on /api/api-browser.

I never do that, can you explain me how to please?

Just to confirm: when you click activate, did you see the Do you really want to activate popup? Maybe that just got hidden behind another window.

2 Likes

The popup didn’t appear because I was using a web app. In my browser, Vivaldi, web app don’t show JS popup.

Inside the browser with a standard tab I had the popup and was able to activate the service.

Sorry for this silly problem.

Thank you very much for your help and your patience.

1 Like