Bringing together the Apache Cassandra experts from the community and DataStax.

Want to learn? Have a question? Want to share your expertise? You are in the right place!

Not sure where to begin? Getting Started



scano_183208 avatar image
scano_183208 asked Erick Ramirez commented

Getting DSEFS authentication errors after enabling SSL through LCM

Any help or ideas would be greatly appreciated: Error below

ERROR [dsefs-netty-worker-4] 2020-03-19 11:30:44,300 AbstractDigestRestServerAuthProvider.scala:103 - Could not authenticate request DefaultHttpRequest(decodeResult: success, version: HTTP/1.1)
GET /info HTTP/1.1
authorization: InCluster charset=utf-8,username="AAljYXNzYW5kcmFBSowwKPMR6r05MYczFAoe",realm="default",nonce="i29+sZeQlGHiTVwYLmRrnwDsw676RwTK9QVEedvg",nc=00000001,cnonce="F4fsEZ1q6Gq/UX8FJazpuDc8nGheEjFiV0/zW4KQ",digest-uri="http/default",maxbuf=65536,response=e427fafa069392eee907f0fd060918bb,qop=auth,authzid="AAljYXNzYW5kcmFBSowwKPMR6r05MYczFAoe" DIGEST-MD5: cannot acquire password for AAljYXNzYW5kcmFBSowwKPMR6r05MYczFAoe in realm : default
    at com.datastax.bdp.dsefs.auth.AbstractDigestRestServerAuthProvider.authenticateRequest(AbstractDigestRestServerAuthProvider.scala:76)
    at com.datastax.bdp.dsefs.auth.AbstractDigestRestServerAuthProvider.authenticate(AbstractDigestRestServerAuthProvider.scala:99)
10 |1000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

1 Answer

Erick Ramirez avatar image
Erick Ramirez answered Erick Ramirez commented

@scano_183208 When you enable either node-to-node encryption or client-to-node encryption, you will also need to configure DSEFS to use SSL encryption. Please see Enabling SSL encryption for DSEFS for the detailed steps.

If you have already done this and still require assistance, we will need additional information from you that is beyond the Q&A format of this forum so my suggestion is to log a ticket with DataStax Support so you can supply a Diagnostics Report from OpsCenter and one of our engineers will review it and be able to assist you. Cheers!

5 comments Share
10 |1000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

I've looked at the section of the code which generates the error and it appears to be an issue where the user doesn't have sufficient permissions granted to it. Could you confirm if you have enabled AlwaysOn SQL Service (AOSS)?

The most common reason for the error you're seeing is when the user for AOSS has not been granted all the necessary permissions. See Using authentication with AlwaysOn SQL for details. Cheers!

1 Like 1 ·

This was exactly my issue! I needed to configure always on sql via the lcm and all problems went away!

Thank you!

0 Likes 0 ·

Good to hear. Cheers!

0 Likes 0 ·

@Erick Ramirez

Hi Erick, Thank you for getting back to me. In the doc it doesn’t specify if I need to restart the DSE cluster after manually configuring the ssl of dsefs. If so should I do this manually or can I run a configure job on lcm?

0 Likes 0 ·

@Erick Ramirez

In the doc it states the following:

In most cases, you don't need to add any DSEFS shell settings to connect using SSL. If a ~/.dse/dsefs-shell.yaml configuration file cannot be found, DSEFS shell attempts to load server-side configuration and SSL settings from DSE configuration files.

I Do not seem to have this file within my nodes. Also, do i need a subscription in order to be able to submit a ticket?

0 Likes 0 ·