Kibana active directory

Dmitrymig · May 17, 2022, 10:12am

Guys help me, I can't log in kibana, error 401, my settings are in Elasticsearch

xpack.security.enabled: true
xpack:
  security:
    authc:
      realms:
        active_directory:
          my_ad:
            domain_name: mgc.local
            url: ldap://mck-dc1.mgc.local:389
            bind_dn: CN=s-kibn,OU=SERVERS-MONITORING,OU=DC,DC=mgc,DC=local
            bind_password: 123456
            files.role_mapping: /etc/elasticsearch/role_mappings.yml

My Role Mapping Settings

superuser:
- cn=kibana-superuser,ou=Groups,ou=DC,dc=mgc,dc=local
- cn=DDenisov,ou=Users,ou=MIGCRDIT,dc=mgc,dc=local
user:
- "cn=kibana-users,cn=Groups,cn=DC,dc=mgc,dc=local"

I do curl -k -u DDenisov@domain:pass'http://10.102.59.41:9200/_xpack/security/_authenticate?pretty'

and get the correct answer

{
  "username" : "DDenisov@domain",
  "roles" : [
    "monitoring_user",
    "superuser"
  ],

I also created two rules for the mapping role in Kibana, one of them is monitoring_user and it is displayed correctly, but when I try to log in under an account in Kibana, I get an error 401
I don't know what to do now, please help

{"statusCode":401,"error":"Unauthorized","message":"[security_exception] unable to authenticate user [DDenisov@domain] for REST request [/_security/_authenticate], with { header={ WWW-Authenticate=\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\" } }"}

Dzmitry · May 17, 2022, 3:57pm

Hi @Dmitrymig

What stack version are you using?

Did you check our official docs about AD authorisation?

Best, Dzmitry

Dmitrymig · May 19, 2022, 7:44am

I am using version 7.9. I followed the documentation with the exception of "bind_password:" I put it in Elasticsearch.yml and I configured the mapping role without the API but through the file. Elasticsearch shows the correct roles for the user, but when I try to enter Kibana via the WEB, an error 401 appears, I can’t find a solution on the Internet, so I contacted you)

Dmitrymig · May 19, 2022, 12:49pm

I get this response when I log in to Kibana and see a 401 error

[2022-05-19T15:45:29,491][DEBUG][o.e.x.s.a.AuthenticationService] [gray-1] Authentication of [s-kibana@mgc.local] using realm [active_directory/my_ad] with token [UsernamePasswordToken] was [AuthenticationResult{status=SUCCESS, user=User[username=s-kibana@mgc.local,roles=[monitoring_user,superuser],fullName=null,email=null,metadata=

Dmitrymig · May 19, 2022, 1:09pm

Here's more from the log, how to resolve I don't understand

[2022-05-19T16:04:08,816][DEBUG][o.e.x.s.a.l.ActiveDirectorySessionFactory] [gray-1] Resolved 0 meta-data fields [{}] for user [

TimV · May 20, 2022, 4:46am

If you're seeing those messages, then authentication is working fine.

What's the exact error you see in Kibana? What does the kibana log tell you?

Dmitrymig · May 20, 2022, 9:14am

sorry to distract you, I didn't set up the roles and didn't attach them to the role mapping
Everything is working now

system · June 17, 2022, 9:14am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Kibana + Elasticsearch add active directory Kibana elastic-stack-security	2	399	June 14, 2022
Unable to login to Kibana by using LDAP user who is having a superuser role Elasticsearch elastic-stack-security	8	1816	August 21, 2020
Active Directory Authentication for ES and Kibana Elasticsearch elastic-stack-security	5	919	April 22, 2020
Can't setup active-directory auth Elasticsearch	1	490	July 27, 2020
Action [cluster:monitor/health] is unauthorized for user Elasticsearch elastic-stack-security	3	2067	October 8, 2019

Kibana active directory

Related topics