Authentication Error for User [elastic] When Accessing Elasticsearch from Kibana

Announcements Community Ecosystem
1

Hi everyone,

I'm encountering an authentication issue between Kibana and Elasticsearch. Upon starting Kibana, I receive the following error indicating that Kibana cannot obtain license information from Elasticsearch due to an authentication failure of the user [elastic]. The specific REST request it tries to make is [/_xpack], which results in a 401 unauthorized status.

Here's the error log from Kibana:

{
  "type": "log",
  "@timestamp": "2025-02-08T01:42:20Z",
  "tags": ["warning", "plugins", "licensing"],
  "pid": xxxxx,
  "message": "License information could not be obtained from Elasticsearch due to [security_exception] unable to authenticate user [elastic] for REST request [/_xpack], with { header={ WWW-Authenticate=\"Basic realm=\"security\" charset=\"UTF-8\" } } : ...",
  "wwwAuthenticateDirective": "Basic realm=\"security\" charset=\"UTF-8\" error"
}

Additionally, Elasticsearch logs indicate a similar problem:

Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]

It seems there's a problem with authenticating the 'elastic' user, preventing Kibana from connecting properly. Could this be related to incorrect credentials or misconfiguration? Any advice on troubleshooting steps or configurations to check would be greatly appreciated.

Thanks in advance for any help!

2

Hi @TYQ33

The error is really just a connection / authentication error...

What version are you using?
How /what instructions did you follow?
What type of installation?

Please share your entire elasticsearch.yml and kibana.yml.

3

Details of My Setup:
Version: Elasticsearch 7.9.3
Installation Type: Cluster with 3 master nodes and 3 data nodes
elasticsearch.yml Configuration:

cluster.name: xxxxx
node.name: node-xxxxx
node.master: true
node.data: true
path.data: data
bootstrap.memory_lock: true
network.host: xxxxx
network.publish_host: xxxxx
http.port: xxxxx
transport.tcp.port: xxxxx
discovery.seed_hosts: ["IP1:PORTA","IP2:PORTA","IP3:PORTA"]
cluster.initial_master_nodes: ["node-xxxxx","node-xxxxx","node-xxxxx"]
action.auto_create_index: true
action.destructive_requires_name: true
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /xxxxxx/elasticsearch/config/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /xxxxxx/elasticsearch/config/elastic-stack-ca.p12

kibana.yml Configuration:

server.port: xxxx
server.host: 0.0.0.0
elasticsearch.hosts: ["IP1:PORTB","IP2:PORTB","IP3:PORTB"]
i18n.locale: en

I have already tried modifying the Elasticsearch password, and curl commands are working correctly. The Elasticsearch cluster is also functioning normally. However, when I start Kibana, I still encounter the same authentication error.
Could you please provide any additional steps or configurations that might help resolve this issue?

Best regards.

4

Where is the username and password in kibana.yml

elasticsearch.username and elasticsearch.password
If your Elasticsearch is protected with basic authentication, these settings provide the username and password that the Kibana server uses to perform maintenance on the Kibana index at startup. Kibana users still need to authenticate with Elasticsearch, which is proxied through the Kibana server.

Also 7.9 is Sooooo old out of date out of date security patched you should upgrade with a matter of urgency

5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.