Elasticsearch/Kibana Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]

I am configuring an EFK-stack (Elasticsearch - Fluentd - Kibana) running under Docker containers to allow LDAP authentication with my AD (Active Directory) realm.

I am getting the error...

Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]

...from elasticsearch log and...

"Status changed from red to red - [security_exception] failed to authenticate user [elastic], with { header={ WWW-Authenticate="Basic realm=\"security\" charset=\"UTF-8\"" } }"

...from kibana log.

  • Docker version 19.03.1, build 74b1e89
  • Kibana 7.2.0
  • Elasticsearch 7.2.0
  • Fluentd 1.5.1-1.0

elasticsearch.yml

 cluster.name: "docker-cluster"
     network.host: 0.0.0.0
     xpack.security.enabled: true
     xpack:
       security:
         authc:
           realms:
             ldap:
               ldap1:
                 order: 0
                 url: "ldaps://my.domain.example.com"
                 bind_dn: "cn=mycontaineradmin,cn=users,dc=my,dc=domain,dc=example,dc=com"
                 user_search:
                   base_dn: "dc=my,dc=domain,dc=example,dc=com"
                   filter: "(&(objectClass=user)(memberOf=cn=My-Group-Staff,ou=My Groups,dc=my,dc=domain,dc=example,dc=com))"

Note: I am not sure if xpack.security.enabled: true setting must be in this way.

kibana.yml

server.name: kibana
server.host: "0"
elasticsearch.hosts: http://elasticsearch:9200
elasticsearch.username: elastic
elasticsearch.password: changeme
xpack.monitoring.ui.container.elasticsearch.enabled: true

I followed the Configure an LDAP realm article from LDAP user authentication.

Let me know if you need more details about my case.

I'm not sure what your problem is but please beware that LDAP integration is not available with the free Basic license, if that is what you're using, only with Gold and Platinum as you can see from the subscription matrix.

If you have Gold or Platinum you should be able to get help directly from an Elastic tech.

OK, from Security for Elasticsearch is now free article published on May 20th, 2019; I understand that only three core security features are free now, but AD/LDAP is not.

Is this the reason why I am getting those messages?
Is it possible to test it as a part of demo license?

Security is free, starting in versions 6.8.0 and 7.1.0

For a change this important, we wanted to make sure that it was available to as many people as possible, so today we are releasing versions 6.8.0 and 7.1.0 of the Elastic Stack. These versions do not contain new features; they simply make the following core security features free in the default distribution of the Elastic Stack:

  • TLS for encrypted communications
  • File and native realm for creating and managing users
  • Role-based access control for controlling user access to cluster APIs and indexes; also allows multi-tenancy for Kibana with security for Kibana Spaces

Previously, these core security features required a paid Gold subscription. Now they are free as a part of the Basic tier. Note that our advanced security features — from single sign-on and Active Directory/LDAP authentication to field- and document-level security — remain paid features. See the full feature matrix for details.

Also there are another discussions about same/similar errors solved by curl -u <user_here> 'http://localhost:9200/_xpack/security/_authenticate?pretty' command.

From <https://discuss.elastic.co/t/x-pack-kibana-failed-to-authenticate-user/117193/4>

I don't know, I haven't done any LDAP integration myself so I don't recognize the error message.

According to the License management documentation:

If you want to try the platinum features, you can start a 30-day trial. Go to the License Management page in Kibana or use the start trial API.

So, yes, you should be able to test LDAP integration in a 30-day period.

Great!

Thanks Bernt, I will go and ask for a 30 days trial platinum license and give it a try to make it work.
Then I will see if it is worth to buy it.

If anybody else have more information to solve it, I will appreciate any clue provided.

1 Like

Is this really the password for your elastic user? Elasticsearch stopped using the default "changeme" password in 6.0, so it will only be "changeme" if you explicitly set it to that.
Did you run the elasticsearch-setup-passwords command when you set up your cluster?

The password is only for demoing my configurations here.
I am new on EFK stack so I am not sure how to configure most of its configurations.
I red some blogs where that command is mentioned, is this password the one that I must define for the system or is the password that I should have from the license?

Thanks for your help @TimV!

OK, but you must have put something in for the password setting in that configuration file. Where did that password come from? The error message:

is a sign that this password is not the correct password for the elastic user. What reason do you have for thinking that it would be the correct password?

You should start with the documentation then:

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.