Configure xpack for Elastic Search and Kibana with Active Directory

Hi,

We are using trial version of xpack security for ElasticSearch & Kibana and running it on a single node.
We have configured 'elasticsearch.yml' and 'kibana.yml' config files with the active directory details.

I have attached the relevant log files for your reference.

//Kibana Logs
<>
{"type":"log","@timestamp":"2018-04-26T03:35:39Z","tags":["reporting","esqueue","worker","debug"],"pid":1264,"message":"jgfyl14o00z45c74056u16y8 - job querying failed: [security_exception] missing authentication token for REST request [/.reporting-/esqueue/_search?version=true], with { header={ WWW-Authenticate="Basic realm=\"security\" charset=\"UTF-8\"" } } :: {"path":"/.reporting-/esqueue/_search","query":{"version":true},"body":"{\"_source\":{\"excludes\":[\"output.content\"]},\"query\":{\"constant_score\":{\"filter\":{\"bool\":{\"filter\":{\"term\":{\"jobtype\":\"csv\"}},\"should\":[{\"term\":{\"status\":\"pending\"}},{\"bool\":{\"filter\":[{\"term\":{\"status\":\"processing\"}},{\"range\":{\"process_expiration\":{\"lte\":\"2018-04-26T03:35:39.405Z\"}}}]}}]}}}},\"sort\":[{\"priority\":{\"order\":\"asc\"}},{\"created_at\":{\"order\":\"asc\"}}],\"size\":10}","statusCode":401,"response":"{\"error\":{\"root_cause\":[{\"type\":\"security_exception\",\"reason\":\"missing authentication token for REST request [/.reporting-/esqueue/_search?version=true]\",\"header\":{\"WWW-Authenticate\":\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\"}}],\"type\":\"security_exception\",\"reason\":\"missing authentication token for REST request [/.reporting-/esqueue/_search?version=true]\",\"header\":{\"WWW-Authenticate\":\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\"}},\"status\":401}","wwwAuthenticateDirective":"Basic realm=\"security\" charset=\"UTF-8\""}\n at respond (C:\Program Files\ElasticStack\kibana\node_modules\elasticsearch\src\lib\transport.js:295:15)\n at checkRespForFailure (C:\Program Files\ElasticStack\kibana\node_modules\elasticsearch\src\lib\transport.js:254:7)\n at HttpConnector. (C:\Program Files\ElasticStack\kibana\node_modules\elasticsearch\src\lib\connectors\http.js:159:7)\n at IncomingMessage.bound (C:\Program Files\ElasticStack\kibana\node_modules\elasticsearch\node_modules\lodash\dist\lodash.js:729:21)\n at emitNone (events.js:91:20)\n at IncomingMessage.emit (events.js:185:7)\n at endReadableNT (_stream_readable.js:974:12)\n at _combinedTickCallback (internal/process/next_tick.js:80:11)\n at process._tickDomainCallback (internal/process/next_tick.js:128:9)"}
</>

However, when I try to login to Kibana using the url 'https://win7-iet-001:5601' we get the following as shown in the screenshot.

//This is what I get when I browse to 'https://win7-iet-001:5601'
<>
ID Status
plugin:kibana@6.2.2 Ready
plugin:elasticsearch@6.2.2 Authentication Exception
plugin:xpack_main@6.2.2 [security_exception] missing authentication token for REST request [/_xpack], with { header={ WWW-Authenticate="Basic realm="security" charset="UTF-8"" } }
plugin:searchprofiler@6.2.2 [security_exception] missing authentication token for REST request [/_xpack], with { header={ WWW-Authenticate="Basic realm="security" charset="UTF-8"" } }
plugin:ml@6.2.2 [security_exception] missing authentication token for REST request [/_xpack], with { header={ WWW-Authenticate="Basic realm="security" charset="UTF-8"" } }
plugin:tilemap@6.2.2 [security_exception] missing authentication token for REST request [/_xpack], with { header={ WWW-Authenticate="Basic realm="security" charset="UTF-8"" } }
plugin:watcher@6.2.2 [security_exception] missing authentication token for REST request [/_xpack], with { header={ WWW-Authenticate="Basic realm="security" charset="UTF-8"" } }
plugin:license_management@6.2.2 Ready
plugin:graph@6.2.2 [security_exception] missing authentication token for REST request [/_xpack], with { header={ WWW-Authenticate="Basic realm="security" charset="UTF-8"" } }
plugin:monitoring@6.2.2 Ready
plugin:reporting@6.2.2 [security_exception] missing authentication token for REST request [/_xpack], with { header={ WWW-Authenticate="Basic realm="security" charset="UTF-8"" } }
plugin:grokdebugger@6.2.2 Ready
plugin:dashboard_mode@6.2.2 Ready
plugin:logstash@6.2.2 [security_exception] missing authentication token for REST request [/_xpack], with { header={ WWW-Authenticate="Basic realm="security" charset="UTF-8"" } }
plugin:apm@6.2.2 Ready
plugin:console@6.2.2 Ready
plugin:metrics@6.2.2 Ready
plugin:timelion@6.2.2 Ready
</>

I was wondering if someone at Elastic can help us achieve this without any issues.

Regards,
Anand

I have managed to resolve this issue by changing the below details in kibana.yml file with an AD user.

elasticsearch.username: ""
elasticsearch.password: ""

Thanks.

Hi there,

The errors you were getting were because Kibana could not communicate to Elasticsearch as you figured out, but

is not a good practice.

Kibana needs to communicate with elasticsearch using a user that has the correct role/permissions. For this, the kibana internal user is shipped with Elasticsearch. It would be preferable to configure this user in kibana.yml. You can look at the documentation to see how to set the password for the Kibana user.

Thanks for your reply. How was use the built in roles in my kibana.yml file to fix the above issues?

1. Set the password for the kibana internal user as mentioned

2. Set

elasticsearch.username: "kibana"
elasticsearch.password: "<the password you set at step 1>"

in kibana.yml and restart Kibana

I have now created passwords for Elastic, Kibana and Logstash_system users and configured the kibana user password in kibana.yml file. After restarting Kibana, everything looks good.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.