Access Elasticsearch/Kibana using Active Directory


#1

Hi All,

May I know why I can't connect to Elasticsearch using this setup.

xpack:
  security:
    authc:
      realms:
        active_directory:
          type: active_directory
          order: 0 
          domain_name: domainexample.com
          unmapped_groups_as_roles: true

Error being thrown.

  "error" : {
    "root_cause" : [
      {
        "type" : "security_exception",
        "reason" : "error attempting to authenticate request",
        "header" : {
          "WWW-Authenticate" : "Basic realm=\"security\" charset=\"UTF-8\""
        }
      }
    ],
    "type" : "security_exception",
    "reason" : "error attempting to authenticate request",
    "caused_by" : {
      "type" : "l_d_a_p_exception",
      "reason" : "An error occurred while attempting to connect to server domainexample.com:389:  java.io.IOException: LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server domainexample.com/127.0.0.1:389:  ConnectException(message='Connection refused: connect', trace='waitForConnect(null:native) / socketConnect(null:unknown) / doConnect(null:unknown) / connectToAddress(null:unknown) / connect(null:unknown) / connect(null:unknown) / connect(null:unknown) / connect(null:unknown) / run(ConnectThread.java:146)', revision=24201)')",
      "caused_by" : {
        "type" : "i_o_exception",
        "reason" : "LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server domainexample.com/127.0.0.1:389:  ConnectException(message='Connection refused: connect', trace='waitForConnect(null:native) / socketConnect(null:unknown) / doConnect(null:unknown) / connectToAddress(null:unknown) / connect(null:unknown) / connect(null:unknown) / connect(null:unknown) / connect(null:unknown) / run(ConnectThread.java:146)', revision=24201)')",
        "caused_by" : {
          "type" : "l_d_a_p_exception",
          "reason" : "An error occurred while attempting to establish a connection to server domainexample.com/127.0.0.1:389:  ConnectException(message='Connection refused: connect', trace='waitForConnect(null:native) / socketConnect(null:unknown) / doConnect(null:unknown) / connectToAddress(null:unknown) / connect(null:unknown) / connect(null:unknown) / connect(null:unknown) / connect(null:unknown) / run(ConnectThread.java:146)', revision=24201)",
          "caused_by" : {
            "type" : "connect_exception",
            "reason" : "Connection refused: connect"
          }
        }
      }
    },
    "header" : {
      "WWW-Authenticate" : "Basic realm=\"security\" charset=\"UTF-8\""
    }
  },
  "status" : 401
}

Thanks!


(David Pilato) #2

Please don't post pictures like this but text. It's hardly readable.

Please format your code using </> icon as explained in this guide. It will make your post more readable.

Or use markdown style like:

```
CODE
```

#4

Hi Dadoonet,

I have modified it. Please provide your inputs. Thanks!


(David Pilato) #5

I moved your question to #x-pack

Apparently it can't connect to the LDAP server you declared: domainexample.com/127.0.0.1:389


#6

Hi All,

How can we access using LDAP? Is it the same with http? Thanks!


(David Pilato) #7

I meant active directory. But I know a little about security plugin so I prefer to let another one to answer.

I just meant to move your question to the right place so experts can help.


(Tim Vernum) #8

Is this configuration and error message exactly as they were in your testing?

If so, it looks like you are trying to connect to an AD server at domainexample.com, and you have mapped that domain name to your local machine (from the error message domainexample.com/127.0.0.1), but you aren't actually running ActiveDirectory on the localhost.

Is that what you were trying to do?


#9

Hi Tim,

This is not the exact configuration but close to. Also, may i know if domain_name in the elasticsearch.yml should be the domain(DNS) of the server?


(Tim Vernum) #10

In general, yes.


#11

Hi Tim,

So what I've supplied in the elasticsearch.yml is correct. But as what you've mentioned above, I was trying to connect to an AD server but I haven't mapped it to my local machine but to the IP of the server. Also, I am getting the error since I want to access using my AD account but I am not able to.


(Tim Vernum) #12

I can only work from the information that you have provided.

The error message you posted very clearly has the server as 127.0.0.1 which is the local machine that elasticsearch is running on.

If that is the error message you are seeing, then it indicates that your DNS resolver thinks "domainexample.com" is on the local machine. And that's not a elasticsearch issue.

If that's not the real error message, then you're going to have to work out whether the IP address that is in your message is in fact the IP of your Active Directory server. Because as far as Elasticsearch can tell, there is nothing listening on port 389 of that server. It could be that you have the wrong domain name. It could be that you have a DNS issue. It could be that you have a firewall or other network device preventing access. All of those are issues that you will have to check for yourself.


#13

Hi Tim,

IP provided above is just an example for the discussion but what I've supplied is the correct IP for the AD Server. If that is the case, we need to check the firewall or ports used since I have supplied the correct domain_name for the server. Thanks for the help and FYI. we are new to this technology and still exploring its functionalities. Thanks!


(system) closed #14

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.