I am configuring an EFK-stack (Elasticsearch - Fluentd - Kibana) running under Docker containers to allow LDAP authentication with my AD (Active Directory) realm.
I am getting the error...
Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]
...from elasticsearch log and...
"Status changed from red to red - [security_exception] failed to authenticate user [elastic], with { header={ WWW-Authenticate="Basic realm=\"security\" charset=\"UTF-8\"" } }"
I'm not sure what your problem is but please beware that LDAP integration is not available with the free Basic license, if that is what you're using, only with Gold and Platinum as you can see from the subscription matrix.
If you have Gold or Platinum you should be able to get help directly from an Elastic tech.
OK, from Security for Elasticsearch is now free article published on May 20th, 2019; I understand that only three core security features are free now, but AD/LDAP is not.
Is this the reason why I am getting those messages?
Is it possible to test it as a part of demo license?
Security is free, starting in versions 6.8.0 and 7.1.0
For a change this important, we wanted to make sure that it was available to as many people as possible, so today we are releasing versions 6.8.0 and 7.1.0 of the Elastic Stack. These versions do not contain new features; they simply make the following core security features free in the default distribution of the Elastic Stack:
TLS for encrypted communications
File and native realm for creating and managing users
Role-based access control for controlling user access to cluster APIs and indexes; also allows multi-tenancy for Kibana with security for Kibana Spaces
Previously, these core security features required a paid Gold subscription. Now they are free as a part of the Basic tier. Note that our advanced security features — from single sign-on and Active Directory/LDAP authentication to field- and document-level security — remain paid features. See the full feature matrix for details.
Also there are another discussions about same/similar errors solved by curl -u <user_here> 'http://localhost:9200/_xpack/security/_authenticate?pretty' command.
Is this really the password for your elastic user? Elasticsearch stopped using the default "changeme" password in 6.0, so it will only be "changeme" if you explicitly set it to that.
Did you run the elasticsearch-setup-passwords command when you set up your cluster?
The password is only for demoing my configurations here.
I am new on EFK stack so I am not sure how to configure most of its configurations.
I red some blogs where that command is mentioned, is this password the one that I must define for the system or is the password that I should have from the license?
OK, but you must have put something in for the password setting in that configuration file. Where did that password come from? The error message:
is a sign that this password is not the correct password for the elastic user. What reason do you have for thinking that it would be the correct password?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.