"Error getting the authorization token: Wazuh Internal Error" When I do login LDAP user
135 views
Skip to first unread message
Claudio Lopes
Jan 2, 2025, 10:00:55 AMJan 2
to Wazuh | Mailing List
Hello,
I have problem when i use ldap user.
I can do login, but i have many permission error.
Jan 02 14:49:25 wazuhcluster opensearch-dashboards[1248]: {"type":"log","@timestamp":"2025-01-02T14:49:25Z","tags":["error","plugins","wazuh","POST /api/login"],"pid":1248,"message":"Error getting the authorization token: Waz
uh Internal Error"}
Jan 02 14:49:25 wazuhcluster opensearch-dashboards[1248]: {"type":"error","@timestamp":"2025-01-02T14:49:25Z","tags":[],"pid":1248,"level":"error","error":{"message":"Internal Server Error","name":"Error","stack":"Error: Inte
rnal Server Error\n at HapiResponseAdapter.toError (/usr/share/wazuh-dashboard/src/core/server/http/router/response_adapter.js:127:19)\n at HapiResponseAdapter.toHapiResponse (/usr/share/wazuh-dashboard/src/core/server/http/route
r/response_adapter.js:83:19)\n at HapiResponseAdapter.handle (/usr/share/wazuh-dashboard/src/core/server/http/router/response_adapter.js:79:17)\n at Router.handle (/usr/share/wazuh-dashboard/src/core/server/http/router/router.js:
175:34)\n at processTicksAndRejections (node:internal/process/task_queues:95:5)\n at handler (/usr/share/wazuh-dashboard/src/core/server/http/router/router.js:140:50)\n at exports.Manager.execute (/usr/share/wazuh-dashboard/no
de_modules/@hapi/hapi/lib/toolkit.js:60:28)\n at Object.internals.handler (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/handler.js:46:20)\n at exports.execute (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/hand
ler.js:31:20)\n at Request._lifecycle (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/request.js:371:32)\n at Request._execute (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/request.js:281:9)"},"url":"https://wazuhcluster/api/login","message":"Internal Server Error"}
Jan 02 14:49:27 wazuhcluster opensearch-dashboards[1248]: {"type":"log","@timestamp":"2025-01-02T14:49:27Z","tags":["error","plugins","wazuh","POST /api/login"],"pid":1248,"message":"Error getting the authorization token: Waz
uh Internal Error"}
Jan 02 14:49:27 wazuhcluster opensearch-dashboards[1248]: {"type":"error","@timestamp":"2025-01-02T14:49:27Z","tags":[],"pid":1248,"level":"error","error":{"message":"Internal Server Error","name":"Error","stack":"Error: Inte
rnal Server Error\n at HapiResponseAdapter.toError (/usr/share/wazuh-dashboard/src/core/server/http/router/response_adapter.js:127:19)\n at HapiResponseAdapter.toHapiResponse (/usr/share/wazuh-dashboard/src/core/server/http/route
r/response_adapter.js:83:19)\n at HapiResponseAdapter.handle (/usr/share/wazuh-dashboard/src/core/server/http/router/response_adapter.js:79:17)\n at Router.handle (/usr/share/wazuh-dashboard/src/core/server/http/router/router.js:
175:34)\n at processTicksAndRejections (node:internal/process/task_queues:95:5)\n at handler (/usr/share/wazuh-dashboard/src/core/server/http/router/router.js:140:50)\n at exports.Manager.execute (/usr/share/wazuh-dashboard/no
de_modules/@hapi/hapi/lib/toolkit.js:60:28)\n at Object.internals.handler (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/handler.js:46:20)\n at exports.execute (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/hand
ler.js:31:20)\n at Request._lifecycle (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/request.js:371:32)\n at Request._execute (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/request.js:281:9)"},"url":"https://wazuhcluster/api/login","message":"Internal Server Error"}
uh Internal Error"}
Jan 02 14:49:25 wazuhcluster opensearch-dashboards[1248]: {"type":"error","@timestamp":"2025-01-02T14:49:25Z","tags":[],"pid":1248,"level":"error","error":{"message":"Internal Server Error","name":"Error","stack":"Error: Inte
rnal Server Error\n at HapiResponseAdapter.toError (/usr/share/wazuh-dashboard/src/core/server/http/router/response_adapter.js:127:19)\n at HapiResponseAdapter.toHapiResponse (/usr/share/wazuh-dashboard/src/core/server/http/route
r/response_adapter.js:83:19)\n at HapiResponseAdapter.handle (/usr/share/wazuh-dashboard/src/core/server/http/router/response_adapter.js:79:17)\n at Router.handle (/usr/share/wazuh-dashboard/src/core/server/http/router/router.js:
175:34)\n at processTicksAndRejections (node:internal/process/task_queues:95:5)\n at handler (/usr/share/wazuh-dashboard/src/core/server/http/router/router.js:140:50)\n at exports.Manager.execute (/usr/share/wazuh-dashboard/no
de_modules/@hapi/hapi/lib/toolkit.js:60:28)\n at Object.internals.handler (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/handler.js:46:20)\n at exports.execute (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/hand
ler.js:31:20)\n at Request._lifecycle (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/request.js:371:32)\n at Request._execute (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/request.js:281:9)"},"url":"https://wazuhcluster/api/login","message":"Internal Server Error"}
Jan 02 14:49:27 wazuhcluster opensearch-dashboards[1248]: {"type":"log","@timestamp":"2025-01-02T14:49:27Z","tags":["error","plugins","wazuh","POST /api/login"],"pid":1248,"message":"Error getting the authorization token: Waz
uh Internal Error"}
Jan 02 14:49:27 wazuhcluster opensearch-dashboards[1248]: {"type":"error","@timestamp":"2025-01-02T14:49:27Z","tags":[],"pid":1248,"level":"error","error":{"message":"Internal Server Error","name":"Error","stack":"Error: Inte
rnal Server Error\n at HapiResponseAdapter.toError (/usr/share/wazuh-dashboard/src/core/server/http/router/response_adapter.js:127:19)\n at HapiResponseAdapter.toHapiResponse (/usr/share/wazuh-dashboard/src/core/server/http/route
r/response_adapter.js:83:19)\n at HapiResponseAdapter.handle (/usr/share/wazuh-dashboard/src/core/server/http/router/response_adapter.js:79:17)\n at Router.handle (/usr/share/wazuh-dashboard/src/core/server/http/router/router.js:
175:34)\n at processTicksAndRejections (node:internal/process/task_queues:95:5)\n at handler (/usr/share/wazuh-dashboard/src/core/server/http/router/router.js:140:50)\n at exports.Manager.execute (/usr/share/wazuh-dashboard/no
de_modules/@hapi/hapi/lib/toolkit.js:60:28)\n at Object.internals.handler (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/handler.js:46:20)\n at exports.execute (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/hand
ler.js:31:20)\n at Request._lifecycle (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/request.js:371:32)\n at Request._execute (/usr/share/wazuh-dashboard/node_modules/@hapi/hapi/lib/request.js:281:9)"},"url":"https://wazuhcluster/api/login","message":"Internal Server Error"}
that problem can be kind if there something wrong with config.yml file from wazuh-indexer?
Fabian Ruiz
Jan 2, 2025, 11:38:51 AMJan 2
to Wazuh | Mailing List
Hi
Claudio,
The errors indicate that wazuh dashboards is unable to authenticate and retrieve an authorisation token, which often points to connectivity issues or configuration mismatches, I recommend you use this documentation to check if your LDAP configuration is correct: https://documentation.wazuh.com/current/user-manual/user-administration/ldap.html
Regards.
Claudio Lopes
Jan 8, 2025, 5:08:50 AMJan 8
to Wazuh | Mailing List
Hello,
I analyzed, but i cant found where stay my problem.
I will let my configuration and error logs bellow.
I can do login, but i am just there permission in Index Management
api.log:
2025/01/08 09:37:07 ERROR: Error executing API request locally: '<' not supported between instances of 'str' and 'NoneType'
concurrent.futures.process._RemoteTraceback:
"""
Traceback (most recent call last):
File "/var/ossec/framework/python/lib/python3.10/concurrent/futures/process.py", line 246, in _process_worker
r = call_item.fn(*call_item.args, **call_item.kwargs)
File "/var/ossec/framework/python/lib/python3.10/site-packages/wazuh/core/cluster/dapi/dapi.py", line 239, in run_local
data = f(**f_kwargs)
File "/var/ossec/framework/python/lib/python3.10/site-packages/wazuh/rbac/preprocessor.py", line 177, in get_permissions
roles = get_roles(auth_context=auth_context, user_id=user_id)
File "/var/ossec/framework/python/lib/python3.10/site-packages/wazuh/rbac/preprocessor.py", line 145, in get_roles
roles = rbac.run_auth_context_roles()
File "/var/ossec/framework/python/lib/python3.10/site-packages/wazuh/rbac/auth_context.py", line 408, in run_auth_context_roles
user_roles = self.get_user_roles()
File "/var/ossec/framework/python/lib/python3.10/site-packages/wazuh/rbac/auth_context.py", line 375, in get_user_roles
if (rule['id'] > orm.MAX_ID_RESERVED or self.user_id == 2) and self.check_rule(rule['rule']):
File "/var/ossec/framework/python/lib/python3.10/site-packages/wazuh/rbac/auth_context.py", line 358, in check_rule
if self.find_item(role_chunk=rule[rule_key], mode=rule_key, role_id=role_id):
File "/var/ossec/framework/python/lib/python3.10/site-packages/wazuh/rbac/auth_context.py", line 313, in find_item
if self.match_item(role_chunk, value, mode):
File "/var/ossec/framework/python/lib/python3.10/site-packages/wazuh/rbac/auth_context.py", line 264, in match_item
role_chunk, auth_context = self.preprocess_to_list(role_chunk, auth_context)
File "/var/ossec/framework/python/lib/python3.10/site-packages/wazuh/rbac/auth_context.py", line 115, in preprocess_to_list
auth_chunk = sorted(auth_chunk) if isinstance(auth_chunk, list) else auth_chunk
TypeError: '<' not supported between instances of 'str' and 'NoneType'
"""
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/var/ossec/framework/python/lib/python3.10/site-packages/wazuh/core/cluster/dapi/dapi.py", line 285, in execute_local_request
data = await asyncio.wait_for(task, timeout=timeout)
File "/var/ossec/framework/python/lib/python3.10/asyncio/tasks.py", line 445, in wait_for
return fut.result()
TypeError: '<' not supported between instances of 'str' and 'NoneType'
2025/01/08 09:37:07 INFO: wazuh-wui (7de0d240cf007f7d657f5dc4fbafcb66) 127.0.0.1 "POST /security/user/authenticate/run_as" with parameters {} and body {"user_name": "wazuh-user-tst2", "is_reserved": false, "is_hidden": false, "is_internal_user": false, "user_requested_tenant": "__user__", "backend_roles": [null, "administrator", "acesso-wazuh", "ipausers"], "custom_attribute_names": ["ldap.dn", "attr.ldap.cn", "attr.ldap.gidNumber", "attr.ldap.krbCanonicalName", "attr.ldap.initials", "attr.ldap.createTimestamp", "attr.ldap.modifyTimestamp", "ldap.original.username", "attr.ldap.uidNumber", "attr.ldap.gecos", "attr.ldap.displayName", "attr.ldap.ipaUniqueID", "attr.ldap.sn", "attr.ldap.krbPrincipalName", "attr.ldap.entryusn", "attr.ldap.homeDirectory", "attr.ldap.krbLastPwdChange", "attr.ldap.loginShell", "attr.ldap.objectClass", "attr.ldap.parentid", "attr.ldap.uid", "attr.ldap.mail", "attr.ldap.givenName"], "tenants": {"wazuh-user-tst2": true}, "roles": [null, "administrator", "own_index", "acesso-wazuh", "readall", "ipausers"]} done in 0.198s: 500
concurrent.futures.process._RemoteTraceback:
"""
Traceback (most recent call last):
File "/var/ossec/framework/python/lib/python3.10/concurrent/futures/process.py", line 246, in _process_worker
r = call_item.fn(*call_item.args, **call_item.kwargs)
File "/var/ossec/framework/python/lib/python3.10/site-packages/wazuh/core/cluster/dapi/dapi.py", line 239, in run_local
data = f(**f_kwargs)
File "/var/ossec/framework/python/lib/python3.10/site-packages/wazuh/rbac/preprocessor.py", line 177, in get_permissions
roles = get_roles(auth_context=auth_context, user_id=user_id)
File "/var/ossec/framework/python/lib/python3.10/site-packages/wazuh/rbac/preprocessor.py", line 145, in get_roles
roles = rbac.run_auth_context_roles()
File "/var/ossec/framework/python/lib/python3.10/site-packages/wazuh/rbac/auth_context.py", line 408, in run_auth_context_roles
user_roles = self.get_user_roles()
File "/var/ossec/framework/python/lib/python3.10/site-packages/wazuh/rbac/auth_context.py", line 375, in get_user_roles
if (rule['id'] > orm.MAX_ID_RESERVED or self.user_id == 2) and self.check_rule(rule['rule']):
File "/var/ossec/framework/python/lib/python3.10/site-packages/wazuh/rbac/auth_context.py", line 358, in check_rule
if self.find_item(role_chunk=rule[rule_key], mode=rule_key, role_id=role_id):
File "/var/ossec/framework/python/lib/python3.10/site-packages/wazuh/rbac/auth_context.py", line 313, in find_item
if self.match_item(role_chunk, value, mode):
File "/var/ossec/framework/python/lib/python3.10/site-packages/wazuh/rbac/auth_context.py", line 264, in match_item
role_chunk, auth_context = self.preprocess_to_list(role_chunk, auth_context)
File "/var/ossec/framework/python/lib/python3.10/site-packages/wazuh/rbac/auth_context.py", line 115, in preprocess_to_list
auth_chunk = sorted(auth_chunk) if isinstance(auth_chunk, list) else auth_chunk
TypeError: '<' not supported between instances of 'str' and 'NoneType'
"""
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/var/ossec/framework/python/lib/python3.10/site-packages/wazuh/core/cluster/dapi/dapi.py", line 285, in execute_local_request
data = await asyncio.wait_for(task, timeout=timeout)
File "/var/ossec/framework/python/lib/python3.10/asyncio/tasks.py", line 445, in wait_for
return fut.result()
TypeError: '<' not supported between instances of 'str' and 'NoneType'
2025/01/08 09:37:07 INFO: wazuh-wui (7de0d240cf007f7d657f5dc4fbafcb66) 127.0.0.1 "POST /security/user/authenticate/run_as" with parameters {} and body {"user_name": "wazuh-user-tst2", "is_reserved": false, "is_hidden": false, "is_internal_user": false, "user_requested_tenant": "__user__", "backend_roles": [null, "administrator", "acesso-wazuh", "ipausers"], "custom_attribute_names": ["ldap.dn", "attr.ldap.cn", "attr.ldap.gidNumber", "attr.ldap.krbCanonicalName", "attr.ldap.initials", "attr.ldap.createTimestamp", "attr.ldap.modifyTimestamp", "ldap.original.username", "attr.ldap.uidNumber", "attr.ldap.gecos", "attr.ldap.displayName", "attr.ldap.ipaUniqueID", "attr.ldap.sn", "attr.ldap.krbPrincipalName", "attr.ldap.entryusn", "attr.ldap.homeDirectory", "attr.ldap.krbLastPwdChange", "attr.ldap.loginShell", "attr.ldap.objectClass", "attr.ldap.parentid", "attr.ldap.uid", "attr.ldap.mail", "attr.ldap.givenName"], "tenants": {"wazuh-user-tst2": true}, "roles": [null, "administrator", "own_index", "acesso-wazuh", "readall", "ipausers"]} done in 0.198s: 500
I send my configuration in config.yml and roles_mapping, i already many way, but result is the same.
I tried with rolebase and rolesearch configured, but result is the same. When i configure resolve_nested_roles, no import my filther in rolesearch. The wazuh dont get my groups in LDAP.
Can you try help me? :D
I tried with rolebase and rolesearch configured, but result is the same. When i configure resolve_nested_roles, no import my filther in rolesearch. The wazuh dont get my groups in LDAP.
Can you try help me? :D
Claudio Lopes
Jan 8, 2025, 11:48:38 AMJan 8
to Wazuh | Mailing List
In additional i am using IDM/FreeIPA for LDAP.
Reply all
Reply to author
Forward
0 new messages