Getting authentication error

Elastic Stack Elasticsearch
1

I am installing elasticsearch freshly and installed x-pack as well. It is elasticsearch6.2.1

test@test[~] $ curl -XPOST -u elastic -ks 'https://10.192.87.187:9200/_xpack/security/user/elastic/_password' -H 'Content-Type:application/json' -d '

{
"password" : "test!elastic@123"
}'
Enter host password for user 'elastic':
{"error":{"root_cause":[{"type":"security_exception","reason":"failed to authenticate user [elastic]","header":{"WWW-Authenticate":"Basic realm="security" charset="UTF-8""}}],"type":"security_exception","reason":"failed to authenticate user [elastic]","header":{"WWW-Authenticate":"Basic realm="security" charset="UTF-8""}},"status":401}
test@test[DEV][~] $

2

Hi Bharathkumar,

'elastic' is inbuilt user and to set the password first time for this user, you need to use the setup-passwords script. Not sure if you did run this script or not.
Refer: https://www.elastic.co/guide/en/x-pack/current/security-getting-started.html

Your description seems to be trying to update the password for this default user. Can you please check the password that you enter on curl is the same as the one for 'elastic' user? Either you did the 'interactive' setup, in that case, you would have entered the password for this user or in case it was 'auto' the password would have been spewed by the setup-passwords script.

Regards,
Yogesh Gaikwad

3

@Yogesh_Gaikwad

Thanks a lot for your reply.

Yeah you are right. I tried to run setup-passwords actually but it got failed see below.

test@test[DEV][x-pack] $ ./setup-passwords interactive -u "https://10.192.87.187:9200" -E ES_PATH_CONF=/opt/app/elasticsearch/node_1/config -E xpack.security.http.ssl.verification_mode=none -E xpack.security.http.ssl.client_authentication=none -v
Running with configuration path: /opt/app/elasticsearch/current/config

Testing if bootstrap password is valid for https://10.192.87.187:9200/_xpack/security/_authenticate?pretty
{
"username" : "elastic",
"roles" : [
"superuser"
],
"full_name" : null,
"email" : null,
"metadata" : {
"_reserved" : true
},
"enabled" : true
}

Initiating the setup of passwords for reserved users elastic,kibana,logstash_system.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y

Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:

Trying user password change call https://10.192.87.187:9200/_xpack/security/user/kibana/_password?pretty

Connection failure to: https://10.192.87.187:9200/_xpack/security/user/kibana/_password?pretty failed: Read timed out

java.net.SocketTimeoutException: Read timed out
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.socketRead(SocketInputStream.java:116)
at java.net.SocketInputStream.read(SocketInputStream.java:171)
at java.net.SocketInputStream.read(SocketInputStream.java:141)
at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
at sun.security.ssl.InputRecord.read(InputRecord.java:503)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:983)
at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:940)
at sun.security.ssl.AppInputStream.read(AppInputStream.java:105)
at java.io.BufferedInputStream.fill(BufferedInputStream.java:246)
at java.io.BufferedInputStream.read1(BufferedInputStream.java:286)
at java.io.BufferedInputStream.read(BufferedInputStream.java:345)
at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:735)
at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:678)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1569)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1474)
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338)
at org.elasticsearch.xpack.security.authc.esnative.tool.CommandLineHttpClient.postURL(CommandLineHttpClient.java:121)
at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool$SetupCommand.changeUserPassword(SetupPasswordTool.java:336)
at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool$SetupCommand.changePasswords(SetupPasswordTool.java:393)
at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool$InteractiveSetup.execute(SetupPasswordTool.java:184)
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124)
at org.elasticsearch.cli.MultiCommand.execute(MultiCommand.java:75)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124)
at org.elasticsearch.cli.Command.main(Command.java:90)
at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool.main(SetupPasswordTool.java:105)

ERROR: Failed to set password for user [kibana].
test@test[DEV][x-pack] $

4

Hi @Bharathkumarraju,

Looks like your ES is not up and running, please check the ES status.
Also please check the license, if you have enabled trial license on the ES setup.
Once the ES is up and running, then you can invoke the setup-passwords script to reset passwords.
Hope this helps.

Regards,
Yogesh Gaikwad

5 
test@test[DEV][x-pack] $ ./users useradd my_admin -p my_password -r superuser

test@test[DEV][x-pack] $

I have added file realm and tried reset the elastic password it worked well.

test@test[DEV][x-pack] $ curl -XPOST -u my_admin:my_password -ks 'https://10.192.87.187:9200/_xpack/security/user/elastic/_password?pretty' -H 'Content-Type:application/json' -d'
{
"password" : "XXXXXX"
}'
test@test[DEV][x-pack] $

But when i tried to test cluter status, it is still failing i think .security got corrupted

test@test[DEV][x-pack] $ curl -XGET -u elastic:XXXXXX 'https://10.192.87.187:9200?pretty' -ks
{
"error" : {
"root_cause" : [
{
"type" : "security_exception",
"reason" : "failed to authenticate user [elastic]",
"header" : {
"WWW-Authenticate" : "Basic realm="security" charset="UTF-8""
}
}
],
"type" : "security_exception",
"reason" : "failed to authenticate user [elastic]",
"header" : {
"WWW-Authenticate" : "Basic realm="security" charset="UTF-8""
}
},
"status" : 401
}
test@test[DEV][x-pack] $

6

Please check your elasticsearch logs, and let us know what errors you find.

Something is going wrong with your cluster, and the only way to diagnose it is to inspect the logs.

7

@TimV

Thanks for your help. I have installed ES many times like removing all the data and indices when ever i install newly my ./setup-passwords seems working. But this time it is getting failed by showing error below...

this is what i confused i have tested this setup-passwords from 521,600,611 and it is failing in 621 only not sure why?

please see below output

test@test[DEV][x-pack] $ ./setup-passwords interactive -u "https://elastic-dev.com:9200" -E ES_PATH_CONF=/opt/app/elasticsearch/node_1/config -E xpack.security.http.ssl.verification_mode=none -E xpack.security.http.ssl.client_authentication=none -v
Running with configuration path: /opt/app/elasticsearch/current/config

Testing if bootstrap password is valid for https://elastic-dev.com:9200/_xpack/security/_authenticate?pretty
{
"username" : "elastic",
"roles" : [
"superuser"
],
"full_name" : null,
"email" : null,
"metadata" : {
"_reserved" : true
},
"enabled" : true
}
Initiating the setup of passwords for reserved users elastic,kibana,logstash_system.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:

Trying user password change call https://elastic-dev.com:9200/_xpack/security/user/kibana/_password?pretty
Connection failure to: https://elastic-dev.com:9200/_xpack/security/user/kibana/_password?pretty failed: Read timed out
java.net.SocketTimeoutException: Read timed out
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.socketRead(SocketInputStream.java:116)
at java.net.SocketInputStream.read(SocketInputStream.java:171)
at java.net.SocketInputStream.read(SocketInputStream.java:141)
at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
at sun.security.ssl.InputRecord.read(InputRecord.java:503)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:983)
at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:940)
at sun.security.ssl.AppInputStream.read(AppInputStream.java:105)
at java.io.BufferedInputStream.fill(BufferedInputStream.java:246)
at java.io.BufferedInputStream.read1(BufferedInputStream.java:286)
at java.io.BufferedInputStream.read(BufferedInputStream.java:345)
at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:735)
at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:678)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1569)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1474)
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338)
at org.elasticsearch.xpack.security.authc.esnative.tool.CommandLineHttpClient.postURL(CommandLineHttpClient.java:121)
at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool$SetupCommand.changeUserPassword(SetupPasswordTool.java:336)
at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool$SetupCommand.changePasswords(SetupPasswordTool.java:393)
at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool$InteractiveSetup.execute(SetupPasswordTool.java:184)
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124)
at org.elasticsearch.cli.MultiCommand.execute(MultiCommand.java:75)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124)
at org.elasticsearch.cli.Command.main(Command.java:90)
at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool.main(SetupPasswordTool.java:105)

ERROR: Failed to set password for user [kibana].
test@test[DEV][x-pack] $

8

We need to see the log files for your elasticsearch node.

setup-passwords is failing because something is going wrong inside elasticsearch. I cannot tell you how to resolve that until I can see the actual errors from elasticsearch.log.

9

@TimV,

Thank you for your help. i have fixed it. Actually i was trying with single node cluster but in elasticsearch.yml zen discovery unicast and minimum masternodes configured differently .. i have commented those lines. And tried to run the setup-passwords and it worked fine. After that i have enabled cluster settings.

discovery.zen.ping.unicast.hosts:
discovery.zen.minimum_master_nodes:

10

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.