Neutron responds with invalid token

asked 2015-12-22 22:32:48 -0500

hanchao gravatar image

According to the openstack installation guide of liberty version in neutron part [1], I configured the [keystone_authtoken] section in "/etc/neutron/neutron.conf" file as follows:

auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = NEUTRON_PASS

The "NEUTRON_PASS" is modified with the proper password. However, when I tried with neutron services, e.g. neutron net-list, in the controller node, I got the following errors from "/var/log/neutron/server.log".

2015-12-23 11:26:52.609 31463 ERROR keystonemiddleware.auth_token [-] Bad response code while validating token: 400
2015-12-23 11:26:52.623 31463 WARNING keystonemiddleware.auth_token [-] Identity response: {"error": {"message": "Expecting to find id or name in user - the server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error.", "code": 400, "title": "Bad Request"}}
2015-12-23 11:26:52.623 31463 CRITICAL keystonemiddleware.auth_token [-] Unable to validate token: Failed to fetch token data from identity server

Then, I modified the [keystone_authtoken] section in "/etc/neutron/neutron.conf" file as below:

auth_uri = http://controller:5000/v2.0
auth_url = http://controller:35357
identity_uri = http://controller:5000
project_domain_id = default
admin_tenant_name = service
admin_user = neutron
admin_password = NEUTRON_PASS

Now it seems Neutron is able to work and no error is logged. What could be the problem?

[1] (

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2015-12-23 11:11:53 -0500

Tony gravatar image

updated 2015-12-23 22:19:10 -0500

Bipin gravatar image

This page might be helpful.

Particularly this following excerpt


if admin_token is not set, or invalid, then admin_user, admin_password, and admin_tenant_name are defined as a service account which is expected to have been previously configured in Keystone to validate user tokens.

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2015-12-22 22:32:48 -0500

Seen: 1,952 times

Last updated: Dec 23 '15