Could you also send the output of "select * from system_auth.roles"?
(you will need to change authenticator to AllowAllAuthenticator and
authorizer to AllowAllAuthorizer)
On tis, 2018-07-17 at 15:43 +0200, Thomas Lété wrote:
> Ok I tried that, nothing better (I already tried dropping the entire
> system_auth folder that way, same result)
>
> When I open the log, I found nothing about « Password » and when I
> search for « roles », I only find that :
>
> DEBUG [main] 2018-07-17 15:37:39,420
> CompactionStrategyManager.java:380 - Recreating compaction strategy -
> disk boundaries are out of date for system_auth.roles.
> DEBUG [main] 2018-07-17 15:37:39,420 DiskBoundaryManager.java:53 -
> Refreshing disk boundary cache for system_auth.roles
> DEBUG [main] 2018-07-17 15:37:39,422 DiskBoundaryManager.java:56 -
> Updating boundaries from
> DiskBoundaries{directories=[DataDirectory{location=/home/cassandra/da
> ta}], positions=[max(9223372036854775807)], ringVersion=3,
> directoriesVersion=0} to
> DiskBoundaries{directories=[DataDirectory{location=/home/cassandra/da
> ta}], positions=[max(9223372036854775807)], ringVersion=16,
> directoriesVersion=0} for system_auth.roles
>
> The configuration I use for Auth is the following :
>
> authorizer: CassandraAuthorizer
> permissions_validity_in_ms: 2000
> permissions_update_interval_in_ms: 2000
> authenticator: PasswordAuthenticator
> credentials_validity_in_ms: 2000
> credentials_update_interval_in_ms: 2000
>
> > Le 17 juil. 2018 à 15:26, Simon Fontana Oscarsson <simon.fontana.os
> > cars...@ericsson.com> a écrit :
> >
> > Could you try the following steps?
> >
> > Stop Cassandra.
> > Change authenticator in yaml to PasswordAuthenticator if not
> > already done.
> > Remove data directory with `rm -rf data/system_auth/roles-*`
> > Start Cassandra.
> > Login with `cqlsh -u cassandra -p cassandra`
> >
> > Works for me.
> >
> > --
> > SIMON FONTANA OSCARSSON
> > Software Developer
> >
> > Ericsson
> > Ölandsgatan 1
> > 37133 Karlskrona, Sweden
> > simon.fontana.oscars...@ericsson.com
> > www.ericsson.com
> >
> > On tis, 2018-07-17 at 14:37 +0200, Thomas Lété wrote:
> > > The latest : 3.11.2, the same as yours :(
> > >
> > > >
> > > > Le 17 juil. 2018 à 14:36, Horia Mocioi <horia.mocioi@ericsson.c
> > > > om> a écrit :
> > > >
> > > > What Cassandra version do you use?
> > > >
> > > > On tis, 2018-07-17 at 14:23 +0200, Thomas Lété wrote:
> > > > >
> > > > > Hi,
> > > > >
> > > > > Thanks I tried that, made a node tool repair system_auth and
> > > > > I get a
> > > > > new error now :
> > > > >
> > > > > Connection error: ('Unable to connect to any servers',
> > > > > {'127.0.0.1':
> > > > > AuthenticationFailed('Failed to authenticate to 127.0.0.1:
> > > > > Error from
> > > > > server: code=0100 [Bad credentials] message="Provided
> > > > > username
> > > > > cassandra and/or password are incorrect"',)})
> > > > >
> > > > > Maybe it requires other records in the other tables ?
> > > > >
> > > > > Thanks...
> > > > >
> > > > > >
> > > > > > Le 17 juil. 2018 à 12:00, Horia Mocioi <horia.mocioi@ericss
> > > > > > on.com>
> > > > > > a écrit :
> > > > > >
> > > > > > Try executing in cqlsh:
> > > > > >
> > > > > > insert into system_auth.roles (role , can_login ,
> > > > > > is_superuser ,
> > > > > > salted_hash ) VALUES ( 'cassandra', True, True,
> > > > > > '$2a$10$qQIh9pXDu0JNA7vQd7KRcO7VXryjbTu8XBQTC.tXcTpJHliH6S1
> > > > > > aW');
> > > > > >
> > > > > > The above hash encrypted value is for the default password
> > > > > > cassandra
> > > > > >
> > > > > > After doing this you should enable PasswordAuthenticator
> > > > > > and
> > > > > > restart
> > > > > > your node. Then try to authenticate in cqlsh.
> > > > > >
> > > > > > I tested this on ccm with cassandra 3.11.2. You should try
> > > > > > it also
> > > > > > on
> > > > > > your test systems and not trust a random guy on the web.
> > > > > >
> > > > > > Horia
> > > > > >
> > > > > > On tis, 2018-07-17 at 11:40 +0200, Thomas Lété wrote:
> > > > > > >
> > > > > > > Hi Horia,
> > > > > > >
> > > > > > > Thanks for your reply :-)
> > > > > > > As the keyspace was corrupt, Cassandra didn’t boot… So as
> > > > > > > we were
> > > > > > > in
> > > > > > > a hurry and not needed that keyspace, we dropped the
> > > > > > > files and
> > > > > > > put
> > > > > > > AllowAllAuthorizer.
> > > > > > >
> > > > > > > Now even the roles table is empty.
> > > > > > >
> > > > > > > When I enable PasswordAuthenticator, I’m not able to
> > > > > > > authenticate,
> > > > > > > cassandra user doesn’t exist…
> > > > > > >
> > > > > > > Is there a way to insert the default user in the roles
> > > > > > > table ?
> > > > > > >
> > > > > > > Yes the folder were recreated but without any data in the
> > > > > > > tables.
> > > > > > > I didn’t see any error in the logs.
> > > > > > >
> > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > Le 17 juil. 2018 à 11:26, Horia Mocioi <horia.mocioi@er
> > > > > > > > icsson.c
> > > > > > > > om>
> > > > > > > > a écrit :
> > > > > > > >
> > > > > > > > Hello,
> > > > > > > >
> > > > > > > > Those tables are empty by default, except
> > > > > > > > system_auth.roles
> > > > > > > > table
> > > > > > > > which
> > > > > > > > contains one entry(by default): the cassandra
> > > > > > > > user/role.
> > > > > > > > CassandraRoleManager creates it on startup if it does
> > > > > > > > not
> > > > > > > > exist.
> > > > > > > >
> > > > > > > > Those tables will be populated once you start adding
> > > > > > > > new
> > > > > > > > users/roles
> > > > > > > > and use authorization.
> > > > > > > >
> > > > > > > > What do you mean by "I tried removing the system_auth
> > > > > > > > folder
> > > > > > > > from
> > > > > > > > data
> > > > > > > > but the keyspace isn’t removed. "? Is the folder
> > > > > > > > deleted? Did
> > > > > > > > you
> > > > > > > > restart and the folder was recreated or not? Did you
> > > > > > > > get errors
> > > > > > > > when it
> > > > > > > > restarted and Cassandra tried to recreate the
> > > > > > > > system_auth
> > > > > > > > keyspace?
> > > > > > > >
> > > > > > > > Regards,
> > > > > > > > Horia
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > On tis, 2018-07-17 at 10:02 +0200, Thomas Lété wrote:
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > Hi everyone,
> > > > > > > > >
> > > > > > > > > Due to a crash, we lost the system_auth keyspace. It
> > > > > > > > > was not
> > > > > > > > > important at that time because this was a closed
> > > > > > > > > system, not
> > > > > > > > > communicating outside the structure so we used
> > > > > > > > > AllowAllAuthorizer.
> > > > > > > > > Now it is changing and we would like to recover that
> > > > > > > > > keyspace
> > > > > > > > > (re-
> > > > > > > > > create it from scratch).
> > > > > > > > >
> > > > > > > > > Unfortunately, Cassandra isn’t able to populate the
> > > > > > > > > tables,
> > > > > > > > > they
> > > > > > > > > just
> > > > > > > > > stay empty…
> > > > > > > > > I tried removing the system_auth folder from data but
> > > > > > > > > the
> > > > > > > > > keyspace
> > > > > > > > > isn’t removed.
> > > > > > > > >
> > > > > > > > > Do you know a procedure that can be used to re-
> > > > > > > > > generate that
> > > > > > > > > keyspace
> > > > > > > > > without reinstalling Cassandra from scratch ?
> > > > > > > > >
> > > > > > > > > Thanks for your help :-)
> > > > > > > > >
> > > > > > > > > Thomas
> > > > > > > > > ---------------------------------------------------
> > > > > > > > > --------
> > > > > > > > > ----
> > > > > > > > > ------
> > > > > > > > > To unsubscribe, e-mail: user-unsubscr...@cassandra.ap
> > > > > > > > > ache.org
> > > > > > > > > For additional commands, e-mail: user-help@cassandra.
> > > > > > > > > apache.o
> > > > > > > > > rg
> > > > > > > > >
> > > > > > > > -----------------------------------------------------
> > > > > > > > --------
> > > > > > > > ----
> > > > > > > > ----
> > > > > > > > To unsubscribe, e-mail: user-unsubscr...@cassandra.apac
> > > > > > > > he.org
> > > > > > > > For additional commands, e-mail: user-h...@cassandra.ap
> > > > > > > > ache.org
> > > > > > > -------------------------------------------------------
> > > > > > > --------
> > > > > > > ------
> > > > > > > To unsubscribe, e-mail: user-unsubscribe@cassandra.apache
> > > > > > > .org
> > > > > > > For additional commands, e-mail: user-h...@cassandra.apac
> > > > > > > he.org
> > > > > > >
> > > > > > ---------------------------------------------------------
> > > > > > --------
> > > > > > ----
> > > > > > To unsubscribe, e-mail: user-unsubscribe@cassandra.apache.o
> > > > > > rg
> > > > > > For additional commands, e-mail: user-help@cassandra.apache
> > > > > > .org
> > > > -------------------------------------------------------------
> > > > --------
> > > > To unsubscribe, e-mail: user-unsubscr...@cassandra.apache.org
> > > > For additional commands, e-mail: user-h...@cassandra.apache.org
> > > ---------------------------------------------------------------
> > > ------
> > > To unsubscribe, e-mail: user-unsubscr...@cassandra.apache.org
> > > For additional commands, e-mail: user-h...@cassandra.apache.org
