Thanks for the responses. Matt Clarke: The permissions look fine. Nifi runs as user “nifi” and all files are owned by “nifi” (with write permissions of course)
Matt Gilman: As far as additional logging here is what I found – No errors of any sort: 016-07-25 16:10:59,420 INFO [main] o.a.nifi.admin.UserDataSourceFactoryBean Existing database found and connected to at: jdbc:h2:./database_repository/nifi-users;AUTOCOMMIT=OFF;DB_CLOSE_ON_EXIT=FALSE;LOCK_MODE=3;LOCK_TIMEOUT=25000;WRITE_DELAY=0;AUTO_SERVER=FALSE 2016-07-25 16:10:59,473 INFO [main] o.a.n.a.s.action.SeedUserAccountsAction User account already created: <enabled user 1>. Updating authorities... 2016-07-25 16:10:59,485 INFO [main] o.a.n.a.s.action.SeedUserAccountsAction User account already created: <enabled user 2>. Updating authorities... 2016-07-25 16:10:59,487 INFO [main] o.a.n.a.s.action.SeedUserAccountsAction User account already created: <enabled user 3>. Updating authorities... 2016-07-25 16:10:59,492 INFO [main] o.a.n.a.s.action.SeedUserAccountsAction User account already created: <enabled user 4>. Updating authorities... 2016-07-25 16:10:59,494 INFO [main] o.a.n.a.s.action.SeedUserAccountsAction User account already created:<enabled user 5>. Updating authorities… .. 2016-07-25 16:10:59,508 INFO [main] o.a.n.a.s.action.SeedUserAccountsAction User not authorized with configured provider: <disabled user 1>. Disabling account... 2016-07-25 16:10:59,509 INFO [main] o.a.n.a.s.action.SeedUserAccountsAction User not authorized with configured provider: <disabled user 2>. Disabling account... … From: Matthew Clarke <[email protected]<mailto:[email protected]>> Reply-To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Date: Tuesday, July 26, 2016 at 10:03 AM To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Re: authentication problem Verify the user running your nifi has the correct permissions to read and edit all the database files in the NiFi database repository directory. Also make sure the user running NiFi had permissions to edit the authorized-users.xml file. This file is only read on start-up. After nifi is running it operates solely from the memory and DBs. My guess is here that nifi can not update the authorized-users.xml file with the changes you are making in the User management UI. Thanks, Matt On Jul 26, 2016 12:47 PM, "Perko, Ralph J" <[email protected]<mailto:[email protected]>> wrote: Hi – whenever we restart Nifi half the accounts are disabled with this message: INFO [main] o.a.n.a.s.action.SeedUserAccountsAction User not authorized with configured provider: <user-id>. Disabling account... The users are in the authorized-users.xml file. Is this a configuration issue on our part or a bug? It is curious that not all the accounts get disabled only some and it is always the same accounts. To re-enable the accounts I go into the users page, select the disabled user (click the little pencil) and click ‘apply’ with no changes - the account is re-enabled. Details: Nifi 0.6.1 authority-providers.xml: default file provider login-identy-management.xml: kerberos-provider (corporate system – everyone is in it) authorized-users.xml:setup for each user Thanks, Ralph
