Configure xpack for Elastic Search and Kibana with Active Directory

stargate · April 26, 2018, 3:39am

Hi,

We are using trial version of xpack security for ElasticSearch & Kibana and running it on a single node.
We have configured 'elasticsearch.yml' and 'kibana.yml' config files with the active directory details.

I have attached the relevant log files for your reference.

//Kibana Logs
<>
{"type":"log","@timestamp":"2018-04-26T03:35:39Z","tags":["reporting","esqueue","worker","debug"],"pid":1264,"message":"jgfyl14o00z45c74056u16y8 - job querying failed: [security_exception] missing authentication token for REST request [/.reporting-/esqueue/_search?version=true], with { header={ WWW-Authenticate="Basic realm=\"security\" charset=\"UTF-8\"" } } :: {"path":"/.reporting-/esqueue/_search","query":{"version":true},"body":"{\"_source\":{\"excludes\":[\"output.content\"]},\"query\":{\"constant_score\":{\"filter\":{\"bool\":{\"filter\":{\"term\":{\"jobtype\":\"csv\"}},\"should\":[{\"term\":{\"status\":\"pending\"}},{\"bool\":{\"filter\":[{\"term\":{\"status\":\"processing\"}},{\"range\":{\"process_expiration\":{\"lte\":\"2018-04-26T03:35:39.405Z\"}}}]}}]}}}},\"sort\":[{\"priority\":{\"order\":\"asc\"}},{\"created_at\":{\"order\":\"asc\"}}],\"size\":10}","statusCode":401,"response":"{\"error\":{\"root_cause\":[{\"type\":\"security_exception\",\"reason\":\"missing authentication token for REST request [/.reporting-/esqueue/_search?version=true]\",\"header\":{\"WWW-Authenticate\":\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\"}}],\"type\":\"security_exception\",\"reason\":\"missing authentication token for REST request [/.reporting-/esqueue/_search?version=true]\",\"header\":{\"WWW-Authenticate\":\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\"}},\"status\":401}","wwwAuthenticateDirective":"Basic realm=\"security\" charset=\"UTF-8\""}\n at respond (C:\Program Files\ElasticStack\kibana\node_modules\elasticsearch\src\lib\transport.js:295:15)\n at checkRespForFailure (C:\Program Files\ElasticStack\kibana\node_modules\elasticsearch\src\lib\transport.js:254:7)\n at HttpConnector. (C:\Program Files\ElasticStack\kibana\node_modules\elasticsearch\src\lib\connectors\http.js:159:7)\n at IncomingMessage.bound (C:\Program Files\ElasticStack\kibana\node_modules\elasticsearch\node_modules\lodash\dist\lodash.js:729:21)\n at emitNone (events.js:91:20)\n at IncomingMessage.emit (events.js:185:7)\n at endReadableNT (_stream_readable.js:974:12)\n at _combinedTickCallback (internal/process/next_tick.js:80:11)\n at process._tickDomainCallback (internal/process/next_tick.js:128:9)"}
</>

However, when I try to login to Kibana using the url 'https://win7-iet-001:5601' we get the following as shown in the screenshot.

//This is what I get when I browse to 'https://win7-iet-001:5601'
<>
ID Status
plugin:kibana@6.2.2 Ready
plugin:elasticsearch@6.2.2 Authentication Exception
plugin:xpack_main@6.2.2 [security_exception] missing authentication token for REST request [/_xpack], with { header={ WWW-Authenticate="Basic realm="security" charset="UTF-8"" } }
plugin:searchprofiler@6.2.2 [security_exception] missing authentication token for REST request [/_xpack], with { header={ WWW-Authenticate="Basic realm="security" charset="UTF-8"" } }
plugin:ml@6.2.2 [security_exception] missing authentication token for REST request [/_xpack], with { header={ WWW-Authenticate="Basic realm="security" charset="UTF-8"" } }
plugin:tilemap@6.2.2 [security_exception] missing authentication token for REST request [/_xpack], with { header={ WWW-Authenticate="Basic realm="security" charset="UTF-8"" } }
plugin:watcher@6.2.2 [security_exception] missing authentication token for REST request [/_xpack], with { header={ WWW-Authenticate="Basic realm="security" charset="UTF-8"" } }
plugin:license_management@6.2.2 Ready
plugin:graph@6.2.2 [security_exception] missing authentication token for REST request [/_xpack], with { header={ WWW-Authenticate="Basic realm="security" charset="UTF-8"" } }
plugin:monitoring@6.2.2 Ready
plugin:reporting@6.2.2 [security_exception] missing authentication token for REST request [/_xpack], with { header={ WWW-Authenticate="Basic realm="security" charset="UTF-8"" } }
plugin:grokdebugger@6.2.2 Ready
plugin:dashboard_mode@6.2.2 Ready
plugin:logstash@6.2.2 [security_exception] missing authentication token for REST request [/_xpack], with { header={ WWW-Authenticate="Basic realm="security" charset="UTF-8"" } }
plugin:apm@6.2.2 Ready
plugin:console@6.2.2 Ready
plugin:metrics@6.2.2 Ready
plugin:timelion@6.2.2 Ready
</>

I was wondering if someone at Elastic can help us achieve this without any issues.

Regards,
Anand

stargate · April 26, 2018, 5:23am

I have managed to resolve this issue by changing the below details in kibana.yml file with an AD user.

elasticsearch.username: ""
elasticsearch.password: ""

Thanks.

ikakavas · April 26, 2018, 6:25am

Hi there,

The errors you were getting were because Kibana could not communicate to Elasticsearch as you figured out, but

is not a good practice.

Kibana needs to communicate with elasticsearch using a user that has the correct role/permissions. For this, the kibana internal user is shipped with Elasticsearch. It would be preferable to configure this user in kibana.yml. You can look at the documentation to see how to set the password for the Kibana user.

stargate · April 26, 2018, 7:19am

Thanks for your reply. How was use the built in roles in my kibana.yml file to fix the above issues?

ikakavas · April 26, 2018, 7:24am

Set the password for the kibana internal user as mentioned

Set

elasticsearch.username: "kibana"
elasticsearch.password: "<the password you set at step 1>"

in kibana.yml and restart Kibana

stargate · April 27, 2018, 5:34am

I have now created passwords for Elastic, Kibana and Logstash_system users and configured the kibana user password in kibana.yml file. After restarting Kibana, everything looks good.

system · May 25, 2018, 5:34am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.