Authentication issues while xpack security enabling - Elasticsearch version 7.7

Hello,

I'm having issues setting up security for a fresh install of ES.
The issue is after enabling xpack.security on the elasticsearch.yml and starting the ES service, then executing for example:

" curl --insecure -X GET http://suelastic501.ritta.local:9200/_cluster/health?pretty"

Which return the following errors:

*  "error" : {*
*    "root_cause" : [*
*      {*
*        "type" : "security_exception",*
*        "reason" : "missing authentication credentials for REST request [/_cluster/health?pretty]",*
*        "header" : {*
*          "WWW-Authenticate" : "Basic realm=\"security\" charset=\"UTF-8\""*
*        }*
*      }*
*    ],*
*    "type" : "security_exception",*
*    "reason" : "missing authentication credentials for REST request [/_cluster/health?pretty]",*
*    "header" : {*
*      "WWW-Authenticate" : "Basic realm=\"security\" charset=\"UTF-8\""*
*    }*
*  },*
*  "status" : 401*
*}*

Scenario:
2 VMs running ES service - RHEL 8
1 VM with Kibana - RHEL 8

I following the steps described in : https://www.elastic.co/blog/getting-started-with-elasticsearch-security

I can't execute the " Step 2: Elasticsearch cluster passwords" from the previously " from the previously link.

Information from my setup:

1. Running ES with Basic support - installed following the link : https://www.elastic.co/guide/en/elasticsearch/reference/current/rpm.html

2. My config/elasticsearch.yaml has the following data:
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

3. Already generated and prepared certificates

4. When executing "/usr/share/elasticsearch/bin/elasticsearch-setup-passwords auto" , i'm getting the following error.

*Failed to determine the health of the cluster running at http://10.191.37.94:9200*
*Unexpected response code [503] from calling GET http://10.191.37.94:9200/_cluster/health?pretty*
*Cause: master_not_discovered_exception*

*It is recommended that you resolve the issues with your cluster before running elasticsearch-setup-passwords.*
*It is very likely that the password changes will fail when run against an unhealthy cluster.*

*Do you want to continue with the password setup process [y/N]*

Anyone got any ideas how to solve this issue ?

Thanks a lot,

You are not passing in a username and password so elasticsearch cant authenticate you.

How, exactly ?

As the error message says you cant execute that command because your cluster is unhealthy. Please check your elasticsearch logs ,the reason why your cluster cant form ,will be in there

Hello ikakavas,

Thank you for your reply :slight_smile: .

After some more digging, i found the issue.
We need to make sure the cluster Health in terms of communication with the other cluster members are working OK, otherwise we can't run the command to generate the passwords for built-in users.

So, my issue was with the certificates on my other cluster node. After the communication between the clusters using xpack was working fine, i was able to run the command to generate the password successfully.

Best Regards,

Hello,

Well now i'm having issues logging to kibana URL.
I'm getting error 404 Not Found on the Browser.

I'm using the user elastic and the password generated from the "elasticsearch-setup-passwords auto" command.

Also changed the kibana.yml config and added kibana user and password:
elasticsearch.username: "kibana"
elasticsearch.password: "****"

Isn't elastic the default user for the kibana Web Console ?

Best Regards,

This doesnt sound like an authentication issue. Van you please explain in detail what you are trying to do and the exact error you get ?

Blockquote This doesnt sound like an authentication issue. Van you please explain in detail what you are trying to do and the exact error you get ?

So, i just configured xpack on the ES cluster, generated the passwords automatically, then confgiured kibana.yml with the kibana user and password.

Next step was trying to login to kibana GUI.
http://:5601/app/kibana

The GUI asks for a user and password and when i enter the user and password i'm getting error "404 not found".

I'm using "elastic" user and the automatically generated password.

Example:

Best Regards,

Hello,

Additional info:

On kibana logs i'm getting the following when performing the login:

{"type":"log","@timestamp":"2020-05-21T11:30:34Z","tags":["debug","plugins","security","basic","basic"],"pid":10502,"message":"Trying to authenticate user request to /app/kibana."}
{"type":"log","@timestamp":"2020-05-21T11:30:34Z","tags":["debug","plugins","security","basic","basic"],"pid":10502,"message":"Cannot authenticate requests with `Authorization` header."}
{"type":"log","@timestamp":"2020-05-21T11:30:34Z","tags":["debug","plugins","security","http"],"pid":10502,"message":"Trying to authenticate user request to /app/kibana."}
{"type":"log","@timestamp":"2020-05-21T11:30:34Z","tags":["debug","plugins","security","http"],"pid":10502,"message":"Request to /app/kibana has been authenticated via authorization header with \"Basic\" scheme."}
{"type":"log","@timestamp":"2020-05-21T11:30:34Z","tags":["debug","plugins","security","app-authorization"],"pid":10502,"message":"authorizing access to \"kibana\""}
{"type":"log","@timestamp":"2020-05-21T11:30:34Z","tags":["debug","plugins","security","app-authorization"],"pid":10502,"message":"not authorized for \"kibana\""}