DataStax Academy FAQ

DataStax Academy migrated to a new learning management system (LMS) in July 2020. We are also moving to a new Cassandra Certification process so there are changes to exam bookings, voucher system and issuing of certificates.

Check out the Academy FAQ pages for answers to your questions:


question

scano_183208 avatar image
scano_183208 asked ·

Getting DSEFS authentication errors after enabling SSL through LCM

Any help or ideas would be greatly appreciated: Error below

ERROR [dsefs-netty-worker-4] 2020-03-19 11:30:44,300 AbstractDigestRestServerAuthProvider.scala:103 - Could not authenticate request DefaultHttpRequest(decodeResult: success, version: HTTP/1.1)
GET /info HTTP/1.1
authorization: InCluster charset=utf-8,username="AAljYXNzYW5kcmFBSowwKPMR6r05MYczFAoe",realm="default",nonce="i29+sZeQlGHiTVwYLmRrnwDsw676RwTK9QVEedvg",nc=00000001,cnonce="F4fsEZ1q6Gq/UX8FJazpuDc8nGheEjFiV0/zW4KQ",digest-uri="http/default",maxbuf=65536,response=e427fafa069392eee907f0fd060918bb,qop=auth,authzid="AAljYXNzYW5kcmFBSowwKPMR6r05MYczFAoe"
javax.security.sasl.SaslException: DIGEST-MD5: cannot acquire password for AAljYXNzYW5kcmFBSowwKPMR6r05MYczFAoe in realm : default
    at com.sun.security.sasl.digest.DigestMD5Server.validateClientResponse(DigestMD5Server.java:603)
    at com.sun.security.sasl.digest.DigestMD5Server.evaluateResponse(DigestMD5Server.java:244)
    at com.datastax.bdp.dsefs.auth.AbstractDigestRestServerAuthProvider.authenticateRequest(AbstractDigestRestServerAuthProvider.scala:76)
    at com.datastax.bdp.dsefs.auth.AbstractDigestRestServerAuthProvider.authenticate(AbstractDigestRestServerAuthProvider.scala:99)
dsesecuritydsefsssl
10 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

1 Answer

Erick Ramirez avatar image
Erick Ramirez answered ·

@scano_183208 When you enable either node-to-node encryption or client-to-node encryption, you will also need to configure DSEFS to use SSL encryption. Please see Enabling SSL encryption for DSEFS for the detailed steps.

If you have already done this and still require assistance, we will need additional information from you that is beyond the Q&A format of this forum so my suggestion is to log a ticket with DataStax Support so you can supply a Diagnostics Report from OpsCenter and one of our engineers will review it and be able to assist you. Cheers!

5 comments Share
10 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

@Erick Ramirez

Hi Erick, Thank you for getting back to me. In the doc it doesn’t specify if I need to restart the DSE cluster after manually configuring the ssl of dsefs. If so should I do this manually or can I run a configure job on lcm?

0 Likes 0 · ·

@Erick Ramirez

In the doc it states the following:


In most cases, you don't need to add any DSEFS shell settings to connect using SSL. If a ~/.dse/dsefs-shell.yaml configuration file cannot be found, DSEFS shell attempts to load server-side configuration and SSL settings from DSE configuration files.


I Do not seem to have this file within my nodes. Also, do i need a subscription in order to be able to submit a ticket?

0 Likes 0 · ·

I've looked at the section of the code which generates the error and it appears to be an issue where the user doesn't have sufficient permissions granted to it. Could you confirm if you have enabled AlwaysOn SQL Service (AOSS)?

The most common reason for the error you're seeing is when the user for AOSS has not been granted all the necessary permissions. See Using authentication with AlwaysOn SQL for details. Cheers!

1 Like 1 · ·
scano_183208 avatar image scano_183208 Erick Ramirez ♦♦ ·

This was exactly my issue! I needed to configure always on sql via the lcm and all problems went away!

Thank you!

0 Likes 0 · ·

Good to hear. Cheers!

0 Likes 0 · ·