Ganesh Murthy wrote
> On Mon, Apr 16, 2018 at 10:08 AM, mlange <

> mlange@

> > wrote:
> 
>>
>> > That looks a bit as if artemis is trying to authenticate the connection
>> > via a client certificate. From the config snippet you supplied it
>> > doesn't look like it is using TLS, let alone supplying a client cert.
>> > Are you able to get a protocol trace for the interaction between the
>> > router and the broker? (A simple way to do this would be to start a
>> > router with that connector in with env var PN_TRACE_FRM=1 and capture
>> > the output)
>>
>> It shouldn't do that, trying to authenticate via client certificate
>> (well,
>> not yet at least)
>> With the same config, but then connecting directly to the broker (a
>> javax.jms.Connection(String user, String password); with the same
>> credentials) allows me to connect just fine.
>>
>> The trace gives quite some output; I think the relevant parts are these:
>> [0x7f595400bdb0]:  -> SASL
>> [0x7f595400bdb0]:  <- SASL
>> [0x7f595400bdb0]:0 <- @sasl-mechanisms(64)
>> [sasl-server-mechanisms=@PN_SYMBOL[:PLAIN, :ANONYMOUS]]
>> [0x7f595400bdb0]:0 -> @sasl-init(65) [mechanism=:ANONYMOUS,
>> initial-response=b"

> anonymous@.host

> "]
>> [0x7f595400bdb0]:0 <- @sasl-outcome(68) [code=0]
>>
>> Here it seems as if qpid chooses to use ANONYMOUS to connect with the
>> broker
>> (which will not work, the broker is configured to require authentication)
>> whereas the broker seems to offer PLAIN as well.
>>
>> a bit later I see the connection:
>> [0x7f5954027d60]:4 <- @begin(17) [next-outgoing-id=0,
>> incoming-window=2147483647, outgoing-window=2147483647]
>> [0x7f5954027d60]:4 <- @attach(18)
>> [name="qpid-jms:sender:ID:8b0bc583-315f-4f54-8f17-ecc40379c7
>> 7f:1:1:1:testqueues.testqueue",
>> handle=0, role=false, snd-settle-mode=2, rcv-settle-mode=0,
>> source=@source(40) [address="ID:8b0bc583-315f-4f5
>> 4-8f17-ecc40379c77f:1:1:1",
>> durable=0, timeout=0, dynamic=false,
>> outcomes=@PN_SYMBOL[:"amqp:accepted:list", :"amqp:rejected:list",
>> :"amqp:released:list", :"amqp:modified:list"]], target=@target(41)
>> [address="testqueues.testqueue", durable=0, timeout=0, dynamic=false,
>> capabilities=@PN_SYMBOL[:queue]], initial-delivery-count=0,
>> max-message-size=0]
>> [0x7f5954027d60]:4 -> @begin(17) [remote-channel=4, next-outgoing-id=0,
>> incoming-window=2147483647, outgoing-window=2147483647]
>> [0x7f595400bdb0]:0 -> @begin(17) [next-outgoing-id=0,
>> incoming-window=2147483647, outgoing-window=2147483647]
>> [0x7f595400bdb0]:0 -> @attach(18)
>> [name="qpid-jms:sender:ID:8b0bc583-315f-4f54-8f17-ecc40379c7
>> 7f:1:1:1:testqueues.testqueue",
>> handle=0, role=false, snd-settle-mode=2, rcv-settle-mode=0,
>> source=@source(40) [address="ID:8b0bc583-315f-4f5
>> 4-8f17-ecc40379c77f:1:1:1",
>> durable=0, timeout=0, dynamic=false,
>> outcomes=@PN_SYMBOL[:"amqp:accepted:list", :"amqp:rejected:list",
>> :"amqp:released:list", :"amqp:modified:list"]], target=@target(41)
>> [address="testqueues.testqueue", durable=0, timeout=0, dynamic=false,
>> capabilities=@PN_SYMBOL[:queue]], initial-delivery-count=0,
>> max-message-size=0]
>> [0x7f595400bdb0]:0 <- @close(24) [error=@error(29)
>> [condition=:"amqp:internal-error", description="Unrecoverable error:
>> AMQ119031: Unable to validate user from /192.168.0.1:52202. Username:
>> null;
>> SSL certificate subject DN: unavailable"]]
>> [0x7f595400bdb0]:  <- EOS
>> [0x7f595400bdb0]:0 -> @close(24) []
>> [0x7f595400bdb0]:  -> EOS
>> [0x7f5954027d60]:4 -> @attach(18)
>> [name="qpid-jms:sender:ID:8b0bc583-315f-4f54-8f17-ecc40379c7
>> 7f:1:1:1:testqueues.testqueue",
>> handle=0, role=true, snd-settle-mode=2, rcv-settle-mode=0,
>> source=@source(40) [durable=0, timeout=0, dynamic=false],
>> target=@target(41)
>> [durable=0, timeout=0, dynamic=false], initial-delivery-count=0,
>> max-message-size=0]
>> [0x7f5954027d60]:4 -> @detach(22) [handle=0, closed=false,
>> error=@error(29)
>> [condition=:"qd:routed-link-lost", description="Connectivity to the peer
>> container was lost"]]
>> [0x7f5954027d60]:4 <- @detach(22) [handle=0, closed=true]
>>
>> Username is null, as well as client-certificates not provided (which is
>> logical, since there are none yet);
>>
>> When I add saslMechanisms: PLAIN to the connection{} I see a new error in
>> the SERVER log module (server.log):
>>  proton:io:sasl_error SASL(-4): no mechanism available: No worthy mechs
>> found (Authentication failed [mech=none])
>>
> Is it possible that you don't have the relevant cyrus-sasl-plain libraries
> installed? Does the tests/system_tests_sasl_plain.py pass for you? If you
> look at that test, you will notice that one router is trying to connect to
> another router using PLAIN mech.
> 
>>
>> which is weird, as it seems that PLAIN is offered by the broker. (or I am
>> interpreting things completely wrong)
>>
>>
>>
>> --
>> Sent from: http://qpid.2158936.n2.nabble.com/Apache-Qpid-users-f2158936
>> .html
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: 

> users-unsubscribe@.apache

>> For additional commands, e-mail: 

> users-help@.apache

>>
>>

I was about to write, that is not possible at all...
And then I looked... *hides in embarrassment* And here I thought I had them
installed on all my nodes... I hadn't O.O; how simple things can be,
sometimes... thanks!



--
Sent from: http://qpid.2158936.n2.nabble.com/Apache-Qpid-users-f2158936.html

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org
For additional commands, e-mail: users-h...@qpid.apache.org

Reply via email to