I can't authenticate using 'elastic' , 'kibana_system' in ELK version 8.5

I am using ELK cluster consists of three nodes. I can't access Kibana using its URL https://kibana_IP:5601.

When I checked the logs of /var/log/elasticsearch/elasticsearch.log I found these errors:

Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]

When I checked the logs of kibana, I found the below error:

Unable to authenticate user [kibana_system] for REST request [/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip]

I tried to reset the password for elastic user using this command /usr/share/elasticsearch/bin/elasticsearch-reset-password -i -u elastic

but I got this error:

Error: Failed to determine the health of the cluster. Cluster health is currently RED

I checked elastisearch service in all nodes and it is up and running.

How to solve this problem, please?

Regards,

Hi @linux_admin,

Have you checked the health of the cluster using the _cluster/health API??

Do you have the password for the elastic and kibana_system users? There is also a useful way to check passwords in this topic.

Hi @carly.richmond
Thanks for your support!
The problem has been solved using the followings:

  1. Stop elasticsearch service on all cluster nodes using systemctl stop elasticsearch

  2. Set xpack.security.enabled: false in elasticsearch.yml on all nodes, and restart elasticsearch on all nodes using systemctl start elasticsearch

  3. Reset elastic and kibana_system users password using bin/elasticsearch-reset-password -u elastic --interactive and bin/elasticsearch-reset-password -u kibana_system --interactive

  4. Update /etc/kibana/kibana.yml with the new password of kibana_system

  5. Stop elasticsearch service on all nodes again using systemctl stop elasticsearch

  6. Reenable xpack.security.enabled: true in elasticsearch.yml on all nodes, and restart elasticsearch on all nodes using systemctl start elasticsearch

  7. Restart kibana service

Great, thanks for sharing the solution @linux_admin!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.