Kibana (active directory realm) (version 6.2.1)


We are using elastic search version 6.2.1. I've setup elastic/kibana to use the active directory realm. We've ran into strange issue. It doesn't matter what user I use to log in. It keeps logging in as built user "kibana".

Any help is much appreciated.


elastic yml

            type: native
            order: 0
          type: active_directory
          order: 1
          url: ldap:// 

kibana yml

    enabled: true

I moved your question to #x-pack

Please format your code, logs or configuration files using </> icon as explained in this guide and not the citation button. It will make your post more readable.

Or use markdown style like:


There's a live preview panel for exactly this reasons.

Lots of people read these forums, and many of them will simply skip over a post that is difficult to read, because it's just too large an investment of their time to try and follow a wall of badly formatted text.
If your goal is to get an answer to your questions, it's in your interest to make it as easy to read and understand as possible.
Please update your post.

Will do thank you! Thanks for moving it into #x-pack

I have an update on this.

I explicitly disabled the kibana user with the following command

After I performed this command, I logged in with my AD creds into kibana.
Kibana immediately prompted me a native user prompt (a user/pass challenge box from the browser).

I canceled out of that window and it immediately threw an error saying invalid credentials for the user "kibana".

After that, I hit Ctrl + f5 (in chrome) and I was in the AD prompt. This time when I logged in with my AD creds it worked as expected.

My only guess is that when I disabled the "kibana" native account it cleared out some kind of cache.

If anyone knows further explanation regarding this situation please chime in.


That seems unwise.
What use are you using to connect Kibana to Elasticsearch (elasticsearch.username) ? You should be using kibana for that, which won't work if you disable the user.


This was a temporary disable of the account. At that time the elasticsearch.username was elastic.

Before I tried this, I enabled the audit logs and all I saw was the context was switching from my AD account to the "kibana" account but never really eluded to why it was switching context. I am not certain but there was some kind of caching going on causing the login to always be kibana (as if xpack security wasn't turned on).

Do you have any ideas as to why it would just log in as kibana?


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.