search

neo4j / neo4j

Graphs for Everyone
http://neo4j.com
GNU General Public License v3.0
12.94k stars 2.35k forks source link

Neo.ClientError.Security.AuthenticationRateLimit: The client has provided incorrect authentication details too many times in a row. #13456

Open marohamamjyan opened 2 months ago

marohamamjyan commented 2 months ago

Hello, I am a new user for neo4j, I've installed it from scratch, I have set username and password in values.yaml file and when I try to enter I get this error: Neo.ClientError.Security.AuthenticationRateLimit: The client has provided incorrect authentication details too many times in a row.

Later I also added this lines in neo4j-community.conf

dbms.security.auth_enabled=true dbms.security.auth_provider=ldap dbms.security.ldap.auth_provider.type=unsecured dbms.security.auth_provider.username=neo4j dbms.security.auth_provider.password=mypassword

Nut it didn't help as well Please help to solve the problem, I've tried helm delete and then helm install, it didn't help.

LinneaAndersson commented 2 months ago

Hi @marohamamjyan, thanks for the report. LDAP authentication and authorization is an enterprise only feature, could it be that you are trying this in community? If you are in enterprise I would suggest in the first instance, the best way to get assistance with it is to open a support ticket with Neo4j support if you are able to do that.

phil198 commented 1 month ago

Hi @marohamamjyan , did the above suggestion help your issue? Can we close this issue? Thanks!

marohamamjyan commented 1 month ago

Hello @LinneaAndersson , I am on community version. I've noticed in neo4j-comminity.conf this part `dbms.security.auth_enabled=true

My added

dbms.security.auth_provider=ldap dbms.security.ldap.auth_provider.type=unsecured dbms.security.auth_provider.username=neo4j dbms.security.auth_provider.password=mypassword`

If this part should not be used, can you please advice how should I use authorization part? Or did I understand you right that as I use community version I shouldn't use any authorization?

Thank you

phil198 commented 1 month ago

hi @marohamamjyan,

For Community Edition you should just set:

dbms.security.auth_enabled=true if you want authentication enabled.

Community edition supports "native" (i.e. username and password) authentication only. It does not support other types of authentication like LDAP, so you should remove all config settings containing ldap. Nor does it support fine-grained authorization.

Here is a useful configuration reference. Any settings with the Enterprise Edition label are not supported in the Community Edition.

Thanks

marohamamjyan commented 1 month ago

@LinneaAndersson In neo4j-comminity.conf I have chnaged settings like so dbms.security.auth_enabled=false and commented all the other settings I described above

dbms.security.auth_provider=ldap

dbms.security.ldap.auth_provider.type=unsecured

dbms.security.auth_provider.username=neo4j

dbms.security.auth_provider.password=mypassword

deployed neo4j one more time, now in browser I've tried to login without authentication and get this error:

image In pod logs I have this: Changed password for user 'neo4j'. IMPORTANT: this change will only take effect if performed before the database is started for the first time. 2024-06-13 12:08:48.267+0000 INFO Logging config in use: File '/config/user-logs.xml/user-logs.xml' 2024-06-13 12:08:48.275+0000 INFO Command expansion is explicitly enabled for configuration 2024-06-13 12:08:48.336+0000 INFO Starting... 2024-06-13 12:08:50.460+0000 INFO This instance is ServerId{1f178455} (1f178455-8ac3-48f7-859c-af3584938834) 2024-06-13 12:08:52.460+0000 INFO ======== Neo4j 5.19.0 ======== 2024-06-13 12:08:55.973+0000 INFO Bolt enabled on 0.0.0.0:7687. 2024-06-13 12:08:57.437+0000 INFO HTTP enabled on 0.0.0.0:7474. 2024-06-13 12:08:57.438+0000 INFO Remote interface available at http://localhost:7474/ 2024-06-13 12:08:57.440+0000 INFO id: B0613C840A939C96DE3FF8B347864DE10F907E564F00C8DBC572A9A044D209E5 2024-06-13 12:08:57.441+0000 INFO name: system 2024-06-13 12:08:57.441+0000 INFO creationDate: 2024-04-09T08:33:32.535Z 2024-06-13 12:08:57.441+0000 INFO Started. 2024-06-13 12:09:20.974+0000 WARN [bolt-12] The client is unauthorized due to authentication failure. 2024-06-13 12:09:20.997+0000 WARN [bolt-13] The client is unauthorized due to authentication failure. 2024-06-13 12:09:21.016+0000 WARN [bolt-14] The client is unauthorized due to authentication failure.

marohamamjyan commented 1 month ago

Hello @phil198 thanks for information. I changed the neo4j-comminity.conf like so now dbms.security.auth_enabled=true

dbms.security.auth_provider=ldap

dbms.security.ldap.auth_provider.type=unsecured

dbms.security.auth_provider.username=neo4j dbms.security.auth_provider.password=mypassword

after deployment when I try to sign in browser with authentication I get this error: Neo.ClientError.Security.AuthenticationRateLimit: The client has provided incorrect authentication details too many times in a row. image

In pod I have this logs:

Changed password for user 'neo4j'. IMPORTANT: this change will only take effect if performed before the database is started for the first time. 2024-06-13 12:22:41.460+0000 INFO Logging config in use: File '/config/user-logs.xml/user-logs.xml' 2024-06-13 12:22:41.468+0000 INFO Command expansion is explicitly enabled for configuration 2024-06-13 12:22:41.535+0000 INFO Starting... 2024-06-13 12:22:43.957+0000 INFO This instance is ServerId{1f178455} (1f178455-8ac3-48f7-859c-af3584938834) 2024-06-13 12:22:45.974+0000 INFO ======== Neo4j 5.19.0 ======== 2024-06-13 12:22:49.491+0000 INFO Bolt enabled on 0.0.0.0:7687. 2024-06-13 12:22:51.038+0000 INFO HTTP enabled on 0.0.0.0:7474. 2024-06-13 12:22:51.039+0000 INFO Remote interface available at http://localhost:7474/ 2024-06-13 12:22:51.042+0000 INFO id: B0613C840A939C96DE3FF8B347864DE10F907E564F00C8DBC572A9A044D209E5 2024-06-13 12:22:51.042+0000 INFO name: system 2024-06-13 12:22:51.042+0000 INFO creationDate: 2024-04-09T08:33:32.535Z 2024-06-13 12:22:51.043+0000 INFO Started. 2024-06-13 12:23:35.071+0000 WARN [bolt-20] The client is unauthorized due to authentication failure. 2024-06-13 12:23:35.892+0000 WARN [bolt-23] The client is unauthorized due to authentication failure. 2024-06-13 12:23:37.442+0000 WARN [bolt-24] The client is unauthorized due to authentication failure. 2024-06-13 12:25:27.603+0000 WARN [bolt-69] The client is unauthorized due to authentication failure. 2024-06-13 12:25:27.634+0000 WARN [bolt-70] The client has provided incorrect authentication details too many times in a row. 2024-06-13 12:25:27.670+0000 WARN [bolt-71] The client has provided incorrect authentication details too many times in a row. m.hamamjyan@srv-kma-1-t:~$

phil198 commented 2 weeks ago

Hi @marohamamjyan, the following config entries are not valid / used:

dbms.security.auth_provider.username=neo4j
dbms.security.auth_provider.password=mypassword

The password that is being checked and is incorrect is the one you're passing in via the front-end.

marohamamjyan commented 1 week ago

Hi @phil198 , you are right, can you please advise how the password that should be used via front-end, should be configured? Thanks

phil198 commented 1 week ago

Hi @marohamamjyan,

you can either run the set-initial-password command before the first time you run the database for the first time (assuming you have already run the database, then this will no longer be possible unless you delete your installation and start again).

Or you can use the default password of neo4j (which you will be prompted to change the first time you log in).

See here for details.