SASLTypePlaintext not working, Error while performing SASL handshake

[BTYHunter]

Description

Below is my code.

go version: go version go1.20.2 windows/amd64 sarama version: v1.42.1 kafka version: 3.0.0

package main

import (
	"fmt"
	"github.com/IBM/sarama"
)

func main() {
	brokerList := []string{"kafka_IP:9092"}
	config := sarama.NewConfig()
	config.Net.SASL.Enable = true
	config.Net.SASL.User = "admin"
	config.Net.SASL.Password = "adminpass"
	config.Net.SASL.Mechanism = sarama.SASLTypePlaintext
	config.Net.TLS.Enable = true


	config.Producer.RequiredAcks = sarama.WaitForAll
        config.Producer.Retry.Max = 5
        config.Producer.Return.Successes = true


	producer, err := sarama.NewSyncProducer(brokerList, config)
	if err != nil {
		panic("Failed to create Kafka producer: " + err.Error())
	}
	defer func() {
		if err := producer.Close(); err != nil {
			fmt.Println("Failed to close Kafka producer:", err)
		}
	}()

	
	topic := "request-topic"
	message := &sarama.ProducerMessage{
		Topic: topic,
		Value: sarama.StringEncoder("Hello, Kafka from Golang!"),
	}
	partition, offset, err := producer.SendMessage(message)
	if err != nil {
		panic("Failed to send message: " + err.Error())
	}

	fmt.Printf("Message sent to topic %s, partition %d, offset %d\n", topic, partition, offset)
}

output is panic: Failed to create Kafka producer: kafka: client has run out of available brokers to talk to: read tcp local_IP:63192->kafka_IP:9092: wsarecv: An existing connection was forcibly closed by the remote host.

Configuration

kafka config

listeners=SASL_PLAINTEXT://IP:9092
security.inter.broker.protocol=SASL_PLAINTEXT
sasl.enabled.mechanisms=PLAIN
sasl.mechanism.inter.broker.protocol=PLAIN
authorizer.class.name=kafka.security.authorizer.AclAuthorizer
allow.everyone.if.no.acl.found=false

Logs

logs: CLICK ME

[Sarama]2024/01/28 15:12:01 sarama.go:132: Initializing new client
[Sarama]2024/01/28 15:12:01 config.go:618: ClientID is the default of 'sarama', you should consider setting it to something application-specific.
[Sarama]2024/01/28 15:12:01 config.go:618: ClientID is the default of 'sarama', you should consider setting it to something application-specific.
[Sarama]2024/01/28 15:12:01 sarama.go:129: client/metadata fetching metadata for all topics from broker Kafka_IP:9092
[Sarama]2024/01/28 15:12:09 broker.go:1244: Error while performing SASL handshake Kafka_IP:9092
[Sarama]2024/01/28 15:12:09 sarama.go:129: Closed connection to broker Kafka_IP:9092
[Sarama]2024/01/28 15:12:09 broker.go:198: Error while sending ApiVersionsRequest to broker Kafka_IP:9092: read tcp local_IP:49323->Kafka_IP:9092: wsarecv: An existing connection was forcibly closed by the remote host.
[Sarama]2024/01/28 15:12:09 client.go:1073: client/metadata got error from broker -1 while fetching metadata: read tcp local_IP:49323->Kafka_IP:9092: wsarecv: An existing connection was forcibly closed by the remote host.
[Sarama]2024/01/28 15:12:09 client.go:1086: client/metadata no available broker to send metadata request to
[Sarama]2024/01/28 15:12:09 client.go:788: client/brokers resurrecting 1 dead seed brokers
[Sarama]2024/01/28 15:12:09 client.go:1012: client/metadata retrying after 250ms... (2 attempts remaining)
[Sarama]2024/01/28 15:12:09 config.go:618: ClientID is the default of 'sarama', you should consider setting it to something application-specific.
[Sarama]2024/01/28 15:12:09 sarama.go:129: client/metadata fetching metadata for all topics from broker Kafka_IP:9092
[Sarama]2024/01/28 15:12:18 broker.go:1244: Error while performing SASL handshake Kafka_IP:9092
[Sarama]2024/01/28 15:12:18 sarama.go:129: Closed connection to broker Kafka_IP:9092
[Sarama]2024/01/28 15:12:18 broker.go:198: Error while sending ApiVersionsRequest to broker Kafka_IP:9092: read tcp local_IP:49328->Kafka_IP:9092: wsarecv: An existing connection was forcibly closed by the remote host.
[Sarama]2024/01/28 15:12:18 client.go:1073: client/metadata got error from broker -1 while fetching metadata: read tcp local_IP:49328->Kafka_IP:9092: wsarecv: An existing connection was forcibly closed by the remote host.
[Sarama]2024/01/28 15:12:18 client.go:1086: client/metadata no available broker to send metadata request to
[Sarama]2024/01/28 15:12:18 client.go:788: client/brokers resurrecting 1 dead seed brokers
[Sarama]2024/01/28 15:12:18 client.go:1012: client/metadata retrying after 250ms... (1 attempts remaining)
[Sarama]2024/01/28 15:12:18 config.go:618: ClientID is the default of 'sarama', you should consider setting it to something application-specific.
[Sarama]2024/01/28 15:12:18 sarama.go:129: client/metadata fetching metadata for all topics from broker Kafka_IP:9092
[Sarama]2024/01/28 15:12:24 broker.go:1244: Error while performing SASL handshake Kafka_IP:9092
[Sarama]2024/01/28 15:12:24 sarama.go:129: Closed connection to broker Kafka_IP:9092
[Sarama]2024/01/28 15:12:24 broker.go:198: Error while sending ApiVersionsRequest to broker Kafka_IP:9092: read tcp local_IP:49334->Kafka_IP:9092: wsarecv: An existing connection was forcibly closed by the remote host.
[Sarama]2024/01/28 15:12:24 client.go:1073: client/metadata got error from broker -1 while fetching metadata: read tcp local_IP:49334->Kafka_IP:9092: wsarecv: An existing connection was forcibly closed by the remote host.
[Sarama]2024/01/28 15:12:24 client.go:1086: client/metadata no available broker to send metadata request to
[Sarama]2024/01/28 15:12:24 client.go:788: client/brokers resurrecting 1 dead seed brokers
[Sarama]2024/01/28 15:12:24 client.go:1012: client/metadata retrying after 250ms... (0 attempts remaining)
[Sarama]2024/01/28 15:12:24 config.go:618: ClientID is the default of 'sarama', you should consider setting it to something application-specific.
[Sarama]2024/01/28 15:12:24 sarama.go:129: client/metadata fetching metadata for all topics from broker Kafka_IP:9092
[Sarama]2024/01/28 15:12:33 broker.go:1244: Error while performing SASL handshake Kafka_IP:9092
[Sarama]2024/01/28 15:12:33 sarama.go:129: Closed connection to broker Kafka_IP:9092
[Sarama]2024/01/28 15:12:33 broker.go:198: Error while sending ApiVersionsRequest to broker Kafka_IP:9092: read tcp local_IP:49338->Kafka_IP:9092: wsarecv: An existing connection was forcibly closed by the remote host.
[Sarama]2024/01/28 15:12:33 client.go:1073: client/metadata got error from broker -1 while fetching metadata: read tcp local_IP:49338->Kafka_IP:9092: wsarecv: An existing connection was forcibly closed by the remote host.
[Sarama]2024/01/28 15:12:33 client.go:1086: client/metadata no available broker to send metadata request to
[Sarama]2024/01/28 15:12:33 client.go:788: client/brokers resurrecting 1 dead seed brokers
[Sarama]2024/01/28 15:12:33 sarama.go:132: Closing Client

Additional Context

Use C++ rdlibkafka library，C++ client will link and send message successfully with SASL. Stop using SASL，go client will link and send message successfully (using the above code that delete SASL code config). Is there the SASL sarama config is wrong or sarama version problem?

[dnwe]

@BTYHunter thanks for getting in touch. Looking over the config options that you've shared here, it looks like your Sarama client is configured to use TLS (config.Net.TLS.Enable = true) but your Kafka cluster is configured to use SASL_PLAINTEXT (i.e., SASL without TLS encryption) — is that a mistake in the configuration?

[BTYHunter]

Thanks. I changed config.Net.TLS.Enable = false , but the error is still there.

[dnwe]

Hmm that's odd, the error log around the connection being forcibly closed mid handshake attempt certainly seemed like a mistake to do with using TLS to connect to a non-TLS endpoint. Is the error message you're getting on the client-side definitely identical?

Are you also able to share server-side broker logs?

[BTYHunter]

Thanks very much. The above code config.Net.TLS.Enable = false runs on internal network (10.x.x.x) works well and kafka will recive message. Its looks like network ploblem. If run the above code on my local desktop, although I can telnet 10.x.x.x.x:9092 successful (Kafka Broker IP and PORT) the server-side broker logs can not show relevent logs.

[dnwe]

OK, is there more for us to do here or will you continue looking into networking issues on your systems?

[github-actions[bot]]

Thank you for taking the time to raise this issue. However, it has not had any activity on it in the past 90 days and will be closed in 30 days if no updates occur. Please check if the main branch has already resolved the issue since it was raised. If you believe the issue is still valid and you would like input from the maintainers then please comment to ask for it to be reviewed.