Bringing together the Apache Cassandra experts from the community and DataStax.

Want to learn? Have a question? Want to share your expertise? You are in the right place!

Not sure where to begin? Getting Started

 

question

ranjeet_ranjee avatar image
ranjeet_ranjee asked ·

Why am I getting failed authentications on one of 3 nodes?

Hi,

Sometimes I am getting an authentication error. I am not able to understand why its coming.

Nodetool status

  
                 
    
                  
  1. [root@cassandra-11 commitlog]# nodetool status
    2. 
                  
  2. Datacenter: Cassandra
    3. 
                  
  3. =====================
    4. 
                  
  4. Status=Up/Down
    5. 
                  
  5. |/ State=Normal/Leaving/Joining/Moving/Stopped
    6. 
                  
  6. --  Address        Load       Tokens       Owns (effective)  Host ID                               Rack
    7. 
                  
  7. UN  10.131.3.66  275.78 GiB  1            66.4%             81153fda-3bd4-4272-95ac-3a4a196bcaf2  rack1
    8. 
                  
  8. UN  10.131.3.07  260.22 GiB  1            79.9%             083f050d-2c4b-41e3-b2f6-3c8b16234274  rack1
    9. 
                  
  9. UN  10.131.3.48  510.69 GiB  1            53.7%             fb9f7d50-2e86-4ba7-9798-9316d1023bde  rack1
    10.

Here you go key information

  
                 
    
                  
  1. 1) 3 Node Cluster
    2. 
                  
  2. 2) RF -2
    3. 
                  
  3. 3) DSE Version - 6.8.4
    4.

I am getting authentication issue on Cassandra 9 and 10 but I am able to log in on Cassandra 11

Main issue-

[root@cassandra-10 ~]# cqlsh 10.131.3.48 -u user -p pass

Connection error: ('Unable to connect to any servers', {'10.131.3.48:9042': AuthenticationFailed('Failed to authenticate to 10.131.3.48:9042: Error from server: code=0100 [Bad credentials] message="Failed to login. Please re-try."',)})

Long File

WARN  [mainIOThread-0] 2021-03-12 15:48:58,912  DseAuthenticator.java:717 - Plain text authentication without client / server encryption is strongly discouraged
WARN  [mainIOThread-0] 2021-03-12 15:48:58,916  DseAuthenticator.java:717 - Plain text authentication without client / server encryption is strongly discouraged
WARN  [mainIOThread-2] 2021-03-12 15:48:58,923  DseAuthenticator.java:717 - Plain text authentication without client / server encryption is strongly discouraged
authentication
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

1 Answer

Erick Ramirez avatar image
Erick Ramirez answered ·

The warning messages you posted doesn't have anything to do with the failed logins.

The symptoms you described indicate that the authentication keyspace is out-of-sync between replicas and you need to repair it.

For details of how to configure the security keyspaces, see Configuring the security keyspaces replication factors. Cheers!

7 comments Share
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

ranjeet_ranjee avatar image ranjeet_ranjee ·

Erick what I am observing if node-9 get down of the 3 node cluster name Node-9, Node-10, and Node-11 then Node-10 unable to log in but I am able to login into node-11.

adsizz@cqlsh> describe system_auth;

CREATE KEYSPACE system_auth WITH replication = {'class': 'NetworkTopologyStrategy', 'Cassandra': '3'}  AND durable_writes = true;


Can u suggest why I am not able to log in when node-9 gets down?

0 Likes 0 ·
Erick Ramirez avatar image Erick Ramirez ♦♦ ranjeet_ranjee ·

You can't login because the replicas are out-of-sync. Cheers!

0 Likes 0 ·
ranjeet_ranjee avatar image ranjeet_ranjee Erick Ramirez ♦♦ ·

If I check on all three nodes I can see RF updated to 3. 

adsizz@cqlsh> describe system_aut
CREATE KEYSPACE system_auth WITH replication = {'class': 'NetworkTopologyStrategy', 'Cassandra': '3'}  AND durable_writes = true;

When I alter I saw a massage Nodesync is enabled. So I don't think I should run nodetool repair. 

Warnings :
After a replication factor increase, data will need to be replicated to achieve the new factor. This will be done automatically by NodeSync, but can be prioritized on specific tables by triggering user validations ('nodesync help validation submit').


Do you mean to say all three node must be up to login? Just for your acknowledgement my other 2 node is UP and working fine so why still I am not able to login?

0 Likes 0 ·
Show more comments