Authenticating with built-in users

Elastic Stack Elasticsearch
1

Hello, I ran into some problems with authenticating with built-in users (in this case elastic) on my cluster nodes other than the master.

I have a cluster setup on 8.5.3:

  • 3 master nodes
  • 4 data nodes
  • 2 coordinator nodes

I have done:

  1. First time interactive password setup for built in users
  2. Added xpack.security.authc.realms.native.native1.order: 0 in config

Other than the master, none of the other nodes are able to authenticate the elastic user.
The log shows that:

Authentication of [elastic] was terminated by realm [reserved] was terminated by realm [reserved] - failed to authenticate user [elastic]

This is tested via simple http requests to https://<node-hostname>:9200 with the elastic user credentials.

Is this behavior intended?

I have also tested that the nodes are able to authenticate these other types of users with no issues:

  1. Native users - created via `/_security/name/
  2. AD users (after adding license)
2

No it's not the intended behaviour especially if you have done "First time interactive password setup for built in users".

What version are you using? If it is 8.0+, you can reset elastic's password with the elasticsearch-reset-password CLI.

3

Very thankful for the suggestion, which helped to resolve the issue. I am running v8.5.3.

In my case, I created a new superuser account via api.
Then sign in to Kibana using said user and performed a password reset for all built-in users.
Tested and verified that built-in users is able to authenticate correctly from other nodes.

Any idea what might be the root cause?

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.