[rabbitmq-discuss] [RUBY AMPQ] SSL LOGIN ERROR EXTERNAL login refused

Simon MacMullen simon at rabbitmq.com
Tue Apr 29 09:43:55 BST 2014


On 29/04/2014 09:05, Loganathan Sellapa wrote:
> After restarting the rabbitmq server I tried to connect to RabbitMq via
> AMQP Gem with the below code, but I am getting authentication failure error.
>
> *_RUBY CODE:_*
> *
> *
> RMQ_CONFIGURATIONS = {:host=>"127.0.0.1", :port=>5671, :vhost=>"/",
> :auth_mechanism=>"EXTERNAL",
> :ssl=>{:cert_chain_file=>"/opt/ssl/client/cert.pem",
> :private_key_file=>"/opt/ssl/client/key.pem"}}

Do you actually want to use EXTERNAL authentication? That's the 
authentication mode where you do not specify a username and password, 
but the authentication is done via SSL client certs and the username 
comes from the client cert DN / CN.

> =ERROR REPORT==== 29-Apr-2014::13:26:22 ===
> closing AMQP connection <0.862.0> (127.0.0.1:40657
> <http://127.0.0.1:40657> -> 127.0.0.1:5671 <http://127.0.0.1:5671>):
> {handshake_error,starting,0,
>                   {amqp_error,access_refused,
> *         "EXTERNAL login refused: user 'ubuntu' - invalid credentials",*
>                               'connection.start_ok'}}

Note that the user is 'ubuntu' here, not 'guest'. I guess that's the CN 
of your client cert. RabbitMQ is complianing because although the 
SSL-based auth succeeded, it then couldn't find the user in the internal 
database (to find out what permissions it has).

So if you *do* want to use EXTERNAL, you need to make sure that the user 
'ubuntu' exists in the user database. The user can be set to have no 
password. You can also remove the

If you do *not* want to use EXTERNAL and instead wanted to log in as 
'guest' secured by SSL, remove 'auth_mechanisms' and 
'ssl_cert_login_from' from the config.

Cheers, Simon


More information about the rabbitmq-discuss mailing list