Graylog AESTools

dio99 · March 29, 2021, 7:38am

get issues on ldap … running 3.3.11

java version
openjdk version “1.8.0_282”
OpenJDK Runtime Environment (build 1.8.0_282-b08)
OpenJDK 64-Bit Server VM (build 25.282-b08, mixed mode)

also imported the ldap servers cert to keytool

2021-03-29 07:00:02,552 ERROR: org.graylog2.security.AESTools - Could not decrypt value.
javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
at com.sun.crypto.provider.CipherCore.unpad(CipherCore.java:975) ~[sunjce_provider.jar:1.8.0_282]
at com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:1056) ~[sunjce_provider.jar:1.8.0_282]
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:853) ~[sunjce_provider.jar:1.8.0_282]
at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:446) ~[sunjce_provider.jar:1.8.0_282]
at javax.crypto.Cipher.doFinal(Cipher.java:2168) ~[?:1.8.0_282]
at org.graylog2.security.AESTools.decrypt(AESTools.java:88) [graylog.jar:?]
at org.graylog2.security.ldap.LdapSettingsImpl.getSystemPassword(LdapSettingsImpl.java:135) [graylog.jar:?]
at org.graylog2.security.ldap.LdapSettingsServiceImpl.load(LdapSettingsServiceImpl.java:57) [graylog.jar:?]
at org.graylog2.security.realm.LdapUserAuthenticator.isEnabled(LdapUserAuthenticator.java:162) [graylog.jar:?]
at org.graylog2.security.realm.LdapUserAuthenticator.doGetAuthenticationInfo(LdapUserAuthenticator.java:90) [graylog.jar:?]
at org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:571) [graylog.jar:?]
at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doMultiRealmAuthentication(ModularRealmAuthenticator.java:225) [graylog.jar:?]
at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:275) [graylog.jar:?]
at org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198) [graylog.jar:?]
at org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106) [graylog.jar:?]
at org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:275) [graylog.jar:?]
at org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:260) [graylog.jar:?]
at org.graylog2.shared.security.ShiroSecurityContext.loginSubject(ShiroSecurityContext.java:107) [graylog.jar:?]
at org.graylog2.shared.security.ShiroAuthenticationFilter.filter(ShiroAuthenticationFilter.java:48) [graylog.jar:?]
at org.glassfish.jersey.server.ContainerFilteringStage.apply(ContainerFilteringStage.java:132) [graylog.jar:?]
at org.glassfish.jersey.server.ContainerFilteringStage.apply(ContainerFilteringStage.java:68) [graylog.jar:?]
at org.glassfish.jersey.process.internal.Stages.process(Stages.java:197) [graylog.jar:?]
at org.glassfish.jersey.server.ServerRuntime$2.run(ServerRuntime.java:318) [graylog.jar:?]
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271) [graylog.jar:?]
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267) [graylog.jar:?]
at org.glassfish.jersey.internal.Errors.process(Errors.java:315) [graylog.jar:?]
at org.glassfish.jersey.internal.Errors.process(Errors.java:297) [graylog.jar:?]
at org.glassfish.jersey.internal.Errors.process(Errors.java:267) [graylog.jar:?]
at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:317) [graylog.jar:?]
at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:305) [graylog.jar:?]
at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:1154) [graylog.jar:?]
at org.glassfish.jersey.grizzly2.httpserver.GrizzlyHttpContainer.service(GrizzlyHttpContainer.java:384) [graylog.jar:?]
at org.glassfish.grizzly.http.server.HttpHandler$1.run(HttpHandler.java:224) [graylog.jar:?]
at com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:181) [graylog.jar:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_282]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_282]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_282]

gsmith · March 29, 2021, 10:11pm

@dio99
Hello,

Was this an upgrade to GL 3.3? Seams like it complaining about your key.

I did a quick search maybe this might help.

github.com/Graylog2/graylog2-server

LDAP Authentication failed

opened 01:35PM - 15 Sep 16 UTC

closed 01:53PM - 15 Sep 16 UTC

neophilipp

ldap

After Upgrade to 2.1,1 on 2 of my 3 Cluster Server i have a LDAP Authentication …failure. I got an "Invalid credentials, please verify them and retry" on the login screen. The only server where i can log in with AD Credentials is the one where the LDAP Settings were made. It works with all my settings in <2.1. The Error occurs since updating to 2.1 and i did not change anything in my config. ## Current Behavior **Here is the Error log:** I have a new password_secret, still buggy. ``` 2016-09-15T15:19:07.096+02:00 ERROR [AESTools] Could not decrypt value. javax.crypto.BadPaddingException: Given final block not properly padded at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:975) ~[sunjce_provider.jar:1.8.0_101] at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:833) ~[sunjce_provider.jar:1.8.0_101] at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:446) ~[sunjce_provider.jar:1.8.0_101] at javax.crypto.Cipher.doFinal(Cipher.java:2165) ~[?:1.8.0_71] at org.graylog2.security.AESTools.decrypt(AESTools.java:50) [graylog.jar:?] at org.graylog2.security.ldap.LdapSettingsImpl.getSystemPassword(LdapSettingsImpl.java:137) [graylog.jar:?] at org.graylog2.security.ldap.LdapSettingsServiceImpl.load(LdapSettingsServiceImpl.java:57) [graylog.jar:?] at org.graylog2.security.realm.LdapUserAuthenticator.doGetAuthenticationInfo(LdapUserAuthenticator.java:91) [graylog.jar:?] at org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:568) [graylog.jar:?] at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doMultiRealmAuthentication(ModularRealmAuthenticator.java:219) [graylog.jar:?] at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:269) [graylog.jar:?] at org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198) [graylog.jar:?] at org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106) [graylog.jar:?] at org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:270) [graylog.jar:?] at org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256) [graylog.jar:?] at org.graylog2.rest.resources.system.SessionsResource.newSession(SessionsResource.java:134) [graylog.jar:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_101] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_101] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_101] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_101] at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory$1.invoke(ResourceMethodInvocationHandlerFactory.java:81) [graylog.jar:?] at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:144) [graylog.jar:?] at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:161) [graylog.jar:?] at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$TypeOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:205) [graylog.jar:?] at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:99) [graylog.jar:?] at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:389) [graylog.jar:?] at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:347) [graylog.jar:?] at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:102) [graylog.jar:?] at org.glassfish.jersey.server.ServerRuntime$2.run(ServerRuntime.java:326) [graylog.jar:?] at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271) [graylog.jar:?] at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267) [graylog.jar:?] at org.glassfish.jersey.internal.Errors.process(Errors.java:315) [graylog.jar:?] at org.glassfish.jersey.internal.Errors.process(Errors.java:297) [graylog.jar:?] at org.glassfish.jersey.internal.Errors.process(Errors.java:267) [graylog.jar:?] at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:317) [graylog.jar:?] at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:305) [graylog.jar:?] at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:1154) [graylog.jar:?] at org.glassfish.jersey.grizzly2.httpserver.GrizzlyHttpContainer.service(GrizzlyHttpContainer.java:384) [graylog.jar:?] at org.glassfish.grizzly.http.server.HttpHandler$1.run(HttpHandler.java:224) [graylog.jar:?] at com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:176) [graylog.jar:?] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [?:1.8.0_101] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [?:1.8.0_101] at java.lang.Thread.run(Thread.java:745) [?:1.8.0_101] 2016-09-15T15:19:07.100+02:00 INFO [SessionsResource] Invalid username or password for user "xxx" ``` If i change the LDAP settings on one of my other cluster server i got this error in log: ``` 2016-09-15T15:31:18.911+02:00 ERROR [LdapSettingsServiceImpl] Graylog does not yet support multiple LDAP backends, but 2 configurations were found. This is a bug, ignoring LDAP config. ``` ## Your Environment - Graylog Version: 2.11 - Elasticsearch Version: 2.3.5 - MongoDB Version: latest - Operating System: Debian8

github.com/Graylog2/graylog2-server

Upgrade Graylog 1.3 to 2.0 breaks LDAP authentication

opened 08:04AM - 03 May 16 UTC

closed 12:52PM - 04 May 16 UTC

VincentGijsen

bug ldap

### Problem description Ldap authentication no longer works, when trying to cha…nge/ the server settings, the webinterface keeps loading indefinitely ### Steps to reproduce the problem 1. Install Graylog 1.3 2. Configure LDAP to connect to DC 3. Upgrade Graylog to 2.0 4. Upgrade Elasticsearch 5. Try to log via SAM account (will not work, only hardcoded systemaccount or local accounts) 6. Try to change settings in webinterface (Users -> Configure LDAP), the resulting page well keep loading forever ### Environment - Graylog Version: Graylog 2.0.0 (2dc6c03) on AGRLOG01.alewijnse.local (Oracle Corporation 1.8.0_77 on Linux 3.13.0-85-generic) - Elasticsearch Version: 2.1.2 - MongoDB Version: 2.4.9 - Operating System: Ubuntu 14.04 - Browser version: Chrome

Hope that helps.

dio99 · March 31, 2021, 8:19am

i did remove the ldap_settings in mongo db but still we get the issues after readd the ldap settings in GUI

gsmith · April 1, 2021, 1:30am

Can I ask how you removed

I believe you can remove those settings right from the GUI, not sure why you had to go into MongDB to do that.

dio99 · April 1, 2021, 5:30am

because if i remeber it right there are mapping with password_secret with the settings for ldapsettings and that can be issues when u change pwd. sot thats why i removed it in mongob

system · April 15, 2021, 5:31am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Cannot connect to LDAPS Graylog Central (peer support)	10	1759	March 4, 2022
LDAP Authentication SSLHandshakeException Graylog Central (peer support)	4	148	January 30, 2024
LDAP External Authentication using Client Certificates Graylog Central (peer support)	1	989	October 15, 2020
Graylog unable to start after the setup of SSL/TLS Graylog Central (peer support)	25	12237	November 21, 2017
Import internal certificate to java keystore in graylog container Graylog Central (peer support) docker	5	1620	April 18, 2022

Graylog AESTools

Related Topics