Docker login 401 Unauthorized

Hello ,

I am using nexus as a Docker container, with tag sonatype/nexus3:3.14.0. Also, I connect nexus with LDAP for user better user management it is helpful for group and role management.

For my case, I create a blog-store and create two docker registry repository, one hosted and one group. I try to log in, on hosted and it works fine. But when I tried to connect into the grouped repository I get
401 Unauthorized. I also tried to connect with admin credentials but I get the same error too,

Error response from daemon: login attempt to https:///v2/ failed with status: 401 Unauthorized.

Suggestions are welcome
PParthenis

@pparthenhs

You should check if your access control is set correctly. How do you set access control? Do you use content selectors?

@atselvan

I set up the LDAP correctly. When I am login into nexus UI I can see the grouped Docker registry repository. The problem is when I try to connet into it with docker login command. I get the
following error.

Error response from daemon: login attempt to https://myrepo:port/v2/ failed with status: 401 Unauthorized.

The same problem I am getting when I am try to connect with nexus-admin, which is very odd.

I’m having a similar issue. As per the documentation:

Provide your repository manager credentials of username and password as well as an email address.

I’m never prompted for a email, just a username and password. Does that raise any red flags to anyone?

(also, I’m not using LDAP, just nexus’s built in user management, so LDAP propably isn’t the issue here)

Did anyone find a solution?
I created a simple docker (hosted) repository.
I can see it when I $ curl -X GET http://IP:port/v2/_catalog
But, I cannot login. It keeps rejecting the admin:admin123
I also configured the docker client (/etc/docker/daemon.json) to accept this registry as insecure.
Whatever I do I keep getting the unauthorized.
It is a simple case, it shouldn’t be so hard, don’t you think?

I don’t have any information specific to the problem… but one thing to keep in mind, the communication from docker to nexus looks like this:

Docker Client —> Docker Server —> Neus Repo

So whatever is going wrong here is in between the server and Nexus. Examining the docker daemon logs would be a good idea.

Hi,
Enable the Docker Bearer Token Realm in Nexus Security->Realms Tab.

6 Likes

I did it and it worked.
Thank you very much.

P.S.: Still wondering why there’s nowhere else this information and how all these guys who make tutorial videos don’t say anything about this conf.

1 Like

This worked for me as well! Thanks so much.

1 Like

Worked for me as well, thank you.

1 Like

Does anyone know if the ordering makes a difference for the active realms? Docker Bearer Token is there however it is bottom of the list (they’re all in the Active column).
Thanks

Great, it worked for me, thanks

1 Like

@ben_jones2 the ordering only matters if there’s a conflict. For example if you have an ldap user named “joe” and a NXRM user named “joe”. Other than that the ordering is just used for accessibility. Because of this, we recommend the services that are logged in most frequently are higher. We also generally recommend the NXRM internal realms remain first in case there’s a problem with the external systems you’ll still be able to login locally and troubleshoot.

@gioargyr The information was present on https://help.sonatype.com/display/NXRM3M/Authentication but it was a bit buried (and also our docker documentation is lengthy). I attempted to bring it more to the front.

I will relay this feedback to our tutorial team as well.

Very valuable information @gioargyr . Thanks.

1 Like

Just realized that doc link is wrong should have been https://help.sonatype.com/display/NXRM3/Authentication =\ My bad.
-Joe

Thank you, enabling the Docker Bearer Token Realm allowed the login to start working.
I agree with @gioargyr when he wonders why Sonatype makes videos and documentation and NOWHERE for setting up Docker repo does it mention to do this.
@rseddon please review the steps and provide a response to this issue higher up the thread. As a “Sonatyper” it’s a little disconcerting to hear you know nothing about this, and somebody else had to resolve it.
Thanks.

Hey Richard,

Thanks for the feedback. We have some work in progress to make it easier to find the “correct” answers in any given Topic thread, stay tuned for that.

The Community is a place where everyone can help each other, not just Sonatypers providing the answers. Kudos to @pawel.skarzynski for helping out here. Sonatypers obviously can’t know all the answers all the time, especially in the context of a community post.

Remember, if you are a licensed user for Nexus Repo Pro and/or IQ Server then you have access to our full support team over at support.sonatype.com. The team will be able to go much more in depth over there to help with any issues.

Cheers,

Nick

Thanks a lot for that fix. Their documentation is not complete for this feature. I spent hours going over it and making sure I didn’t miss a setting. Such a simple fix.

This page has been moved, it’s now Docker Authentication. Since I’ve corrected twice now, hopefully people believe it’s there and search around if this link also changes.