Elastic authentication error

We are trying to remove Readonly Rest from authentication equation and setup x-pack on ( ES 7.15 )

[2021-12-23T11:08:27,433][INFO ][o.e.x.s.a.AuthenticationService] [XXXX] Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]

[2021-12-23T11:08:27,434][DEBUG][o.e.x.s.r.SecurityRestFilter] [XXXX] Authentication failed for REST request [/]

org.elasticsearch.ElasticsearchSecurityException: unable to authenticate user [elastic] for REST request [/]

I have setup the password using /usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive and post that i am seeing the above logs.

I have tried setting up the password from the API however no luck. How can i setup xpack with minimal settings.

Checking if anyone has thoughts on this one ?

Though I'm not sure what " remove Readonly Rest from authentication equation" really means, the log looks only showing the username ('elastic') and password does not match.
As the Elasticsearch-setup-passwords uses elastic bootstrap password, it could not be used after the bootstrap password are changed.

Hey @Tomo_M i am trying to use elasticstack by using natively supported authentication ( xpack ) rather than added plugin ( Readonly Rest from Beshu )

I have redone the config in the meantime and i am getting a differnt error in kibana log now, i have already added the elasticsearch.password into kibana keystore and have elasticsearch.username in my kibana.yml

{"type":"log","@timestamp":"2021-12-25T06:34:04-05:00","tags":["error","savedobjects-service"],"pid":19145,"message":"Unable to retrieve version information from Elasticsearch nodes. security_

`exception: [security_exception] Reason: missing authentication credentials for REST request [/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip]"}`

Not sure what credentials its referring to now

Here are logs from Elasticsearch

[2021-12-25T06:39:31,940][DEBUG][r.suppressed             ] [XXXXXX] path: /_nodes, params: {filter_path=nodes.*.version,nodes.*.http.publish_address,nodes.*.ip}
org.elasticsearch.ElasticsearchSecurityException: missing authentication credentials for REST request [/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip]
        at org.elasticsearch.xpack.core.security.support.Exceptions.authenticationError(Exceptions.java:19) ~[x-pack-core-7.15.2.jar:7.15.2]
        at org.elasticsearch.xpack.core.security.authc.DefaultAuthenticationFailureHandler.createAuthenticationError(DefaultAuthenticationFailureHandler.java:164) ~[x-pack-core-7.15.2.jar:7.15.2]

Sorry I don't understand your prerequisites. In the first place, ELK works on its own. How does the plugin relate to your cluster?
If you want to remove and revert the once installed plugin, ask to the plugin developer will solve the problem sooner.

Anyway, can you access root elasticsearch url and log in to it? If you can and you know the password of user "elastic" (or any other user with appropriate role), you can use "change passwords API" and "create users API".
I found command line elasticsearch-reset-password tool for 8.0, but it is not supported in 7.15.

And I suppose this topic will also help you.

I hope some of them work for you.

Hi @Tomo_M

First I would highly recommend following the docs very carefully step by step Configuring Security

And specifically this section since you are working on authentication

Once you have followed those steps you should validate you can connect to Elasticsearch with the credentials from one of you Elasticsearch nodes.

curl -u "elastic:yourpassword" http://localhost:9200

After that you can work connecting Kibana, the steps for that are right there as well.

I think something is messed up on my VM, i have created a fresh machine and it seems to be working better. I am doing some tests to confirm.

This question can be ignored for the time being.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.