Getting authentication error

Bharathkumarraju · March 9, 2018, 12:14pm

I am installing elasticsearch freshly and installed x-pack as well. It is elasticsearch6.2.1

test@test[~] $ curl -XPOST -u elastic -ks 'https://10.192.87.187:9200/_xpack/security/user/elastic/_password' -H 'Content-Type:application/json' -d '

{
"password" : "test!elastic@123"
}'
Enter host password for user 'elastic':
{"error":{"root_cause":[{"type":"security_exception","reason":"failed to authenticate user [elastic]","header":{"WWW-Authenticate":"Basic realm="security" charset="UTF-8""}}],"type":"security_exception","reason":"failed to authenticate user [elastic]","header":{"WWW-Authenticate":"Basic realm="security" charset="UTF-8""}},"status":401}
test@test[DEV][~] $

Yogesh_Gaikwad · March 9, 2018, 12:49pm

Hi Bharathkumar,

'elastic' is inbuilt user and to set the password first time for this user, you need to use the setup-passwords script. Not sure if you did run this script or not.
Refer: https://www.elastic.co/guide/en/x-pack/current/security-getting-started.html

Your description seems to be trying to update the password for this default user. Can you please check the password that you enter on curl is the same as the one for 'elastic' user? Either you did the 'interactive' setup, in that case, you would have entered the password for this user or in case it was 'auto' the password would have been spewed by the setup-passwords script.

Regards,
Yogesh Gaikwad

Bharathkumarraju · March 9, 2018, 1:00pm

@Yogesh_Gaikwad

Thanks a lot for your reply.

Yeah you are right. I tried to run setup-passwords actually but it got failed see below.

test@test[DEV][x-pack] $ ./setup-passwords interactive -u "https://10.192.87.187:9200" -E ES_PATH_CONF=/opt/app/elasticsearch/node_1/config -E xpack.security.http.ssl.verification_mode=none -E xpack.security.http.ssl.client_authentication=none -v
Running with configuration path: /opt/app/elasticsearch/current/config

Testing if bootstrap password is valid for https://10.192.87.187:9200/_xpack/security/_authenticate?pretty
{
"username" : "elastic",
"roles" : [
"superuser"
],
"full_name" : null,
"email" : null,
"metadata" : {
"_reserved" : true
},
"enabled" : true
}

Initiating the setup of passwords for reserved users elastic,kibana,logstash_system.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y

Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:

Trying user password change call https://10.192.87.187:9200/_xpack/security/user/kibana/_password?pretty

Connection failure to: https://10.192.87.187:9200/_xpack/security/user/kibana/_password?pretty failed: Read timed out

java.net.SocketTimeoutException: Read timed out
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.socketRead(SocketInputStream.java:116)
at java.net.SocketInputStream.read(SocketInputStream.java:171)
at java.net.SocketInputStream.read(SocketInputStream.java:141)
at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
at sun.security.ssl.InputRecord.read(InputRecord.java:503)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:983)
at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:940)
at sun.security.ssl.AppInputStream.read(AppInputStream.java:105)
at java.io.BufferedInputStream.fill(BufferedInputStream.java:246)
at java.io.BufferedInputStream.read1(BufferedInputStream.java:286)
at java.io.BufferedInputStream.read(BufferedInputStream.java:345)
at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:735)
at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:678)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1569)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1474)
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338)
at org.elasticsearch.xpack.security.authc.esnative.tool.CommandLineHttpClient.postURL(CommandLineHttpClient.java:121)
at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool$SetupCommand.changeUserPassword(SetupPasswordTool.java:336)
at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool$SetupCommand.changePasswords(SetupPasswordTool.java:393)
at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool$InteractiveSetup.execute(SetupPasswordTool.java:184)
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124)
at org.elasticsearch.cli.MultiCommand.execute(MultiCommand.java:75)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124)
at org.elasticsearch.cli.Command.main(Command.java:90)
at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool.main(SetupPasswordTool.java:105)

ERROR: Failed to set password for user [kibana].
test@test[DEV][x-pack] $

Yogesh_Gaikwad · March 9, 2018, 1:12pm

Hi @Bharathkumarraju,

Looks like your ES is not up and running, please check the ES status.
Also please check the license, if you have enabled trial license on the ES setup.
Once the ES is up and running, then you can invoke the setup-passwords script to reset passwords.
Hope this helps.

Regards,
Yogesh Gaikwad

Bharathkumarraju · March 9, 2018, 1:34pm

test@test[DEV][x-pack] $ ./users useradd my_admin -p my_password -r superuser

test@test[DEV][x-pack] $

I have added file realm and tried reset the elastic password it worked well.

test@test[DEV][x-pack] $ curl -XPOST -u my_admin:my_password -ks 'https://10.192.87.187:9200/_xpack/security/user/elastic/_password?pretty' -H 'Content-Type:application/json' -d'
{
"password" : "XXXXXX"
}'
test@test[DEV][x-pack] $

But when i tried to test cluter status, it is still failing i think .security got corrupted

test@test[DEV][x-pack] $ curl -XGET -u elastic:XXXXXX 'https://10.192.87.187:9200?pretty' -ks
{
"error" : {
"root_cause" : [
{
"type" : "security_exception",
"reason" : "failed to authenticate user [elastic]",
"header" : {
"WWW-Authenticate" : "Basic realm="security" charset="UTF-8""
}
}
],
"type" : "security_exception",
"reason" : "failed to authenticate user [elastic]",
"header" : {
"WWW-Authenticate" : "Basic realm="security" charset="UTF-8""
}
},
"status" : 401
}
test@test[DEV][x-pack] $

TimV · March 12, 2018, 5:40am

Please check your elasticsearch logs, and let us know what errors you find.

Something is going wrong with your cluster, and the only way to diagnose it is to inspect the logs.

Bharathkumarraju · March 12, 2018, 6:11am

@TimV

Thanks for your help. I have installed ES many times like removing all the data and indices when ever i install newly my ./setup-passwords seems working. But this time it is getting failed by showing error below...

this is what i confused i have tested this setup-passwords from 521,600,611 and it is failing in 621 only not sure why?

please see below output

test@test[DEV][x-pack] $ ./setup-passwords interactive -u "https://elastic-dev.com:9200" -E ES_PATH_CONF=/opt/app/elasticsearch/node_1/config -E xpack.security.http.ssl.verification_mode=none -E xpack.security.http.ssl.client_authentication=none -v
Running with configuration path: /opt/app/elasticsearch/current/config

Testing if bootstrap password is valid for https://elastic-dev.com:9200/_xpack/security/_authenticate?pretty
{
"username" : "elastic",
"roles" : [
"superuser"
],
"full_name" : null,
"email" : null,
"metadata" : {
"_reserved" : true
},
"enabled" : true
}
Initiating the setup of passwords for reserved users elastic,kibana,logstash_system.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:

Trying user password change call https://elastic-dev.com:9200/_xpack/security/user/kibana/_password?pretty
Connection failure to: https://elastic-dev.com:9200/_xpack/security/user/kibana/_password?pretty failed: Read timed out
java.net.SocketTimeoutException: Read timed out
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.socketRead(SocketInputStream.java:116)
at java.net.SocketInputStream.read(SocketInputStream.java:171)
at java.net.SocketInputStream.read(SocketInputStream.java:141)
at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
at sun.security.ssl.InputRecord.read(InputRecord.java:503)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:983)
at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:940)
at sun.security.ssl.AppInputStream.read(AppInputStream.java:105)
at java.io.BufferedInputStream.fill(BufferedInputStream.java:246)
at java.io.BufferedInputStream.read1(BufferedInputStream.java:286)
at java.io.BufferedInputStream.read(BufferedInputStream.java:345)
at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:735)
at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:678)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1569)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1474)
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338)
at org.elasticsearch.xpack.security.authc.esnative.tool.CommandLineHttpClient.postURL(CommandLineHttpClient.java:121)
at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool$SetupCommand.changeUserPassword(SetupPasswordTool.java:336)
at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool$SetupCommand.changePasswords(SetupPasswordTool.java:393)
at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool$InteractiveSetup.execute(SetupPasswordTool.java:184)
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124)
at org.elasticsearch.cli.MultiCommand.execute(MultiCommand.java:75)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124)
at org.elasticsearch.cli.Command.main(Command.java:90)
at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool.main(SetupPasswordTool.java:105)

ERROR: Failed to set password for user [kibana].
test@test[DEV][x-pack] $

TimV · March 12, 2018, 6:28am

We need to see the log files for your elasticsearch node.

setup-passwords is failing because something is going wrong inside elasticsearch. I cannot tell you how to resolve that until I can see the actual errors from elasticsearch.log.

Bharathkumarraju · March 12, 2018, 9:35am

@TimV,

Thank you for your help. i have fixed it. Actually i was trying with single node cluster but in elasticsearch.yml zen discovery unicast and minimum masternodes configured differently .. i have commented those lines. And tried to run the setup-passwords and it worked fine. After that i have enabled cluster settings.

discovery.zen.ping.unicast.hosts:
discovery.zen.minimum_master_nodes:

system · April 9, 2018, 9:35am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Failed to authenticate user [elastic] on Kibana v.6.4.0 Elasticsearch elastic-stack-security	2	1337	December 9, 2018
Unable to change elastic user password Elasticsearch	3	19068	April 5, 2018
Upgrade from 5.6.8 to 6.2.2 failing Elasticsearch	4	651	April 4, 2018
X-Pack Authentication issue Elasticsearch	9	37786	April 5, 2018
Failed to authenticate user [elastic] Elasticsearch	5	18531	August 8, 2017

Getting authentication error

Related topics