Hello.
I would like to get help with configuration for active directory authentication for x-pack security.
I was able to login to kibana via active directory authentication, however, it took 3 login attempts . I had checked the log file for elasticsearch and saw below errors. I am not sure if this is the root cause of why it took three attempts but I would like to start from here.
Since the log was too long I have added only the portion of it
Error log
[2017-04-22T17:19:13,179][WARN ][o.e.x.s.a.l.s.LdapUtils ] caught exception while trying to follow referral [ldap://ForestDnsZones.example.com/DC=ForestDnsZones,DC=example,DC=com]
com.unboundid.ldap.sdk.LDAPException: An error occurred while attempting to resolve address 'ForestDnsZones.example.com':
....
Caused by: java.net.UnknownHostException: ForestDnsZones.example.com: Name or service not known
...
[2017-04-22T17:19:38,369][WARN ][o.e.x.s.a.l.s.LdapUtils ] caught exception while trying to follow referral [ldap://DomainDnsZones.example.com/DC=DomainDnsZones,DC=example,DC=com]
com.unboundid.ldap.sdk.LDAPException: An error occurred while attempting to resolve address 'DomainDnsZones.example.com':
.....
Caused by: java.net.UnknownHostException: DomainDnsZones.example.com: Name or service not known
...
[2017-04-22T17:19:43,371][WARN ][o.e.x.s.a.l.s.LdapUtils ] caught exception while trying to follow referral [ldap://example.com/CN=Configuration,DC=example,DC=com]
...
Caused by: java.io.IOException: LDAPException(resultCode=91 (connect error), errorMessage='Unable to establish a connection to server example.com/93.184.216.34:389 within the configured timeout of 5000 milliseconds.')
...
Caused by: com.unboundid.ldap.sdk.LDAPException: Unable to establish a connection to server example.com/93.184.216.34:389 within the configured timeout of 5000 milliseconds.
at com.unboundid.ldap.sdk.ConnectThread.getConnectedSocket(ConnectThread.java:235) ~[?:?]
at com.unboundid.ldap.sdk.LDAPConnectionInternals.<init>(LDAPConnectionInternals.java:161) ~[?:?]
at com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:860) ~[?:?]
... 9 more
[2017-04-22T17:19:51,854][WARN ][o.e.x.s.a.l.s.LdapUtils ] caught exception while trying to follow referral [ldap://ForestDnsZones.example.com/DC=ForestDnsZones,DC=example,DC=com]
com.unboundid.ldap.sdk.LDAPException: An error occurred while attempting to resolve address 'ForestDnsZones.example.com':
....
Caused by: java.net.UnknownHostException: ForestDnsZones.example.com: Name or service not known
...
[2017-04-22T17:20:16,878][WARN ][o.e.x.s.a.l.s.LdapUtils ] caught exception while trying to follow referral [ldap://DomainDnsZones.example.com/DC=DomainDnsZones,DC=example,DC=com]
com.unboundid.ldap.sdk.LDAPException: An error occurred while attempting to resolve address 'DomainDnsZones.example.com':
...
Caused by: java.net.UnknownHostException: DomainDnsZones.example.com: Name or service not known
...
[2017-04-22T17:20:21,880][WARN ][o.e.x.s.a.l.s.LdapUtils ] caught exception while trying to follow referral [ldap://example.com/CN=Configuration,DC=example,DC=com]
com.unboundid.ldap.sdk.LDAPException:
...
Caused by: java.io.IOException: LDAPException(resultCode=91 (connect error), errorMessage='Unable to establish a connection to server example.com/93.184.216.34:389 within the configured timeout of 5000 milliseconds.')
...
Caused by: com.unboundid.ldap.sdk.LDAPException: Unable to establish a connection to server example.com/93.184.216.34:389 within the configured timeout of 5000 milliseconds.
at com.unboundid.ldap.sdk.ConnectThread.getConnectedSocket(ConnectThread.java:235) ~[?:?]
at com.unboundid.ldap.sdk.LDAPConnectionInternals.<init>(LDAPConnectionInternals.java:161) ~[?:?]
at com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:860) ~[?:?]
... 9 more
My enviroment is
kibana 5.3.0
elasticsearch 5.3.0
x-pack 5.3.0
And authenticating against,
Windows server 2012 R2 Datacenter
Why is x-pack security accessing to hosts that are not defined anywhere?
ldap://ForestDnsZones.example.com/DC=ForestDnsZones,DC=example,DC=com
ldap://DomainDnsZones.example.com/DC=DomainDnsZones,DC=example,DC=com
ldap://example.com/CN=Configuration,DC=example,DC=com