Mulitple loopback_users no longer working in 3.7.5

Blake Borup

unread,

Aug 13, 2018, 6:14:08 PM8/13/18

to rabbitmq-users

We are upgrading from 3.6.6 to 3.7.5 and seem to be having a problem with multiple loopback users:

{loopback_users, [<<"guest">>, <<"localuser">>]},

"guest" still works, but "localuser" no longer does. Is this a known restriction? If we pick a later release will the problem go away?

Thanks.

Michael Klishin

unread,

Aug 13, 2018, 6:16:49 PM8/13/18

to rabbitm...@googlegroups.com

Nothing has changed in that area in 3.7.x.

Start with looking at server logs and checking your effective configuration [1].

1. http://www.rabbitmq.com/configure.html#verify-configuration-effective-configuration

--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-users+unsubscribe@googlegroups.com.
To post to this group, send email to rabbitmq-users@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

MK

Staff Software Engineer, Pivotal/RabbitMQ

Michael Klishin

unread,

Aug 13, 2018, 6:38:25 PM8/13/18

to rabbitm...@googlegroups.com

I tried the following config file with 3.7.7:

https://gist.github.com/michaelklishin/4a6c2d96b3a668b865aa7db1b4005e03

Then verified that the loopback_users value was what I expected it to be:

rabbitmqctl environment | grep loopback 130 ↵
> {loopback_users,[<<"alt_loopback_user">>,<<"guest">>]}

Then added a new user:

rabbitmqctl add_user alt_loopback_user alt_loopback_user

rabbitmqctl set_permissions -p / alt_loopback_user ".*" ".*" ".*"

and tried to connect from a remote host using a REPL using both users.

Both connections were rejected with the following in the logs:

2018-08-14 01:34:53.599 [info] <0.619.0> accepting AMQP connection <0.619.0> (192.168.1.142:52622 -> 192.168.1.89:5672)
2018-08-14 01:34:53.604 [error] <0.619.0> Error on AMQP connection <0.619.0> (192.168.1.142:52622 -> 192.168.1.89:5672, state: starting):
PLAIN login refused: user 'guest' can only connect via localhost
2018-08-14 01:34:56.605 [info] <0.619.0> closing AMQP connection <0.619.0> (192.168.1.142:52622 -> 192.168.1.89:5672)
2018-08-14 01:35:18.604 [info] <0.624.0> accepting AMQP connection <0.624.0> (192.168.1.142:52623 -> 192.168.1.89:5672)
2018-08-14 01:35:18.609 [error] <0.624.0> Error on AMQP connection <0.624.0> (192.168.1.142:52623 -> 192.168.1.89:5672, state: starting):
PLAIN login refused: user 'alt_loopback_user' can only connect via localhost
2018-08-14 01:35:21.610 [info] <0.624.0> closing AMQP connection <0.624.0> (192.168.1.142:52623 -> 192.168.1.89:5672)

In other words, I cannot reproduce. I suspect that your classic config file has incorrect nesting, so the default is used instead (which is: user "guest" is the only loopback user).

On Tue, Aug 14, 2018 at 1:16 AM, Michael Klishin <mkli...@pivotal.io> wrote:

Nothing has changed in that area in 3.7.x.

Start with looking at server logs and checking your effective configuration [1].

1. http://www.rabbitmq.com/configure.html#verify-configuration-effective-configuration

On Tue, Aug 14, 2018 at 1:14 AM, Blake Borup <blake...@gmail.com> wrote:

We are upgrading from 3.6.6 to 3.7.5 and seem to be having a problem with multiple loopback users:

{loopback_users, [<<"guest">>, <<"localuser">>]},

"guest" still works, but "localuser" no longer does. Is this a known restriction? If we pick a later release will the problem go away?

Thanks.

--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-users+unsubscribe@googlegroups.com.

To post to this group, send email to rabbitm...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--
MK

Staff Software Engineer, Pivotal/RabbitMQ

Blake Borup

unread,

Aug 14, 2018, 11:56:15 AM8/14/18

to rabbitmq-users

Michael,

Thank you for your quick response.

I'm an idiot. I just reset the password for "localuser" and it works fine. My fat fingers must have put in an invalid password (and confirmed it) when I setup the new RabbitMQ. I'm so sorry for having wasted your time.

Just for your edification here is our whole config file. We use "localuser" for services that connect to RabbitMQ on the localhost, but are tied to different vhosts from "guest".

[

{rabbit,

[

{reverse_dns_lookups, true},

{loopback_users, [<<"guest">>, <<"localuser">>]},

{auth_backends, [{rabbit_auth_backend_ldap, rabbit_auth_backend_internal},

rabbit_auth_backend_internal]},

{vm_memory_high_watermark_paging_ratio, 0.75},

{vm_memory_high_watermark, 0.65}

]

},

{rabbitmq_auth_backend_ldap,

[ {servers, ["xxxx.local"]},

{dn_lookup_base, "DC=xxxx,DC=local"},

{user_dn_pattern, "${username}@xxxx.local"},

{use_ssl, false},

{port, 389},

{log, true}

]

}

].

Thanks again. And apologies.

Blake

To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.

To post to this group, send email to rabbitm...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
MK

Staff Software Engineer, Pivotal/RabbitMQ

Michael Klishin

unread,

Aug 14, 2018, 2:08:41 PM8/14/18

to rabbitm...@googlegroups.com

No worries. Thank you for reporting back to the list.

To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-users+unsubscribe@googlegroups.com.
To post to this group, send email to rabbitmq-users@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Reply all

Reply to author

Forward