[rabbitmq-discuss] [RUBY AMPQ] SSL LOGIN ERROR EXTERNAL login refused
Simon MacMullen
simon at rabbitmq.com
Tue Apr 29 09:43:55 BST 2014
On 29/04/2014 09:05, Loganathan Sellapa wrote:
> After restarting the rabbitmq server I tried to connect to RabbitMq via
> AMQP Gem with the below code, but I am getting authentication failure error.
>
> *_RUBY CODE:_*
> *
> *
> RMQ_CONFIGURATIONS = {:host=>"127.0.0.1", :port=>5671, :vhost=>"/",
> :auth_mechanism=>"EXTERNAL",
> :ssl=>{:cert_chain_file=>"/opt/ssl/client/cert.pem",
> :private_key_file=>"/opt/ssl/client/key.pem"}}
Do you actually want to use EXTERNAL authentication? That's the
authentication mode where you do not specify a username and password,
but the authentication is done via SSL client certs and the username
comes from the client cert DN / CN.
> =ERROR REPORT==== 29-Apr-2014::13:26:22 ===
> closing AMQP connection <0.862.0> (127.0.0.1:40657
> <http://127.0.0.1:40657> -> 127.0.0.1:5671 <http://127.0.0.1:5671>):
> {handshake_error,starting,0,
> {amqp_error,access_refused,
> * "EXTERNAL login refused: user 'ubuntu' - invalid credentials",*
> 'connection.start_ok'}}
Note that the user is 'ubuntu' here, not 'guest'. I guess that's the CN
of your client cert. RabbitMQ is complianing because although the
SSL-based auth succeeded, it then couldn't find the user in the internal
database (to find out what permissions it has).
So if you *do* want to use EXTERNAL, you need to make sure that the user
'ubuntu' exists in the user database. The user can be set to have no
password. You can also remove the
If you do *not* want to use EXTERNAL and instead wanted to log in as
'guest' secured by SSL, remove 'auth_mechanisms' and
'ssl_cert_login_from' from the config.
Cheers, Simon
More information about the rabbitmq-discuss
mailing list