Failed to authenticate user elastic

Divyabharathi · August 19, 2020, 12:45pm

I have 3 instances of elasticsearch 7.6 (2-master+data & 1- data). Cluster name is same in all three instances. I have enabled the security using xpack.security.enabled=true and xpack.security.transport.ssl.enabled=true in all three elasticsearch.yml. In the first instance (master+data) i have executed setup password interactive and have set the password for all the users. Curl command with credentials working fine in this instance but in other two instances getting , failed to authenticate user elastic. Can someone please guide since im very new to elasticsearch.

FYI.

ES1:

cluster.name: myapp
node.name: master
node.master: true
node.data: true
network.host: 10.10.10.10
http.port: 9200
discovery.seed_hosts: ["10.10.10.10", "10.10.10.20" , "10.10.10.30"]
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true

ES2:

cluster.name: myapp
node.name: master
node.master: true
node.data: true
network.host: 10.10.10.20
http.port: 9200
discovery.seed_hosts: ["10.10.10.10", "10.10.10.20" , "10.10.10.30"]
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true

ES3:
cluster.name: myapp
node.name: data
node.master: false
node.data: true
network.host: 10.10.10.30
http.port: 9200
discovery.seed_hosts: ["10.10.10.10", "10.10.10.20" , "10.10.10.30"]
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true

I have tested the connectivity between 3 severs using telnet on 9300 and its fine. I had also got master not discoverd exception on .20 and .30

warkolm · August 19, 2020, 10:01pm

Welcome to our community!

Can you please post the Elasticsearch logs from one of the new hosts.

Divyabharathi · August 20, 2020, 5:04am

Hi ,

curl -u elastic:pwd '10.10.10.20:9200'

{"error":
{"root_cause": [ { "type": "security_exception", "reason": " failed to authenticate user [elastic]", "header" : {"WWW-Authenticate": "Basic realm= "security" charset="UTF-8""}}],
"type":"security-exception", "reason":"failed to authenticate user [eastic]", "header":"{WWW-Authenticate": "Basic realm= "security" charset="UTF-8""}}, "status":401}

Divyabharathi · August 20, 2020, 5:10am

Hi Below from the elastic search cluster log file.

Exception caught on transport layer [Netty4TcpChannel [ localAddress=/10.10.10.20:9300, remoteAddress=/10.10.10.30:39430}], closing connection

io.netty.handler.codec.DecodeException: javax.net.ssl.SSLHandshakeException: No available authentication scheme

system · September 17, 2020, 5:10am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.