Kibana active directory

Guys help me, I can't log in kibana, error 401, my settings are in Elasticsearch true
            domain_name: mgc.local
            url: ldap://mck-dc1.mgc.local:389
            bind_dn: CN=s-kibn,OU=SERVERS-MONITORING,OU=DC,DC=mgc,DC=local
            bind_password: 123456
            files.role_mapping: /etc/elasticsearch/role_mappings.yml

My Role Mapping Settings

- cn=kibana-superuser,ou=Groups,ou=DC,dc=mgc,dc=local
- cn=DDenisov,ou=Users,ou=MIGCRDIT,dc=mgc,dc=local
- "cn=kibana-users,cn=Groups,cn=DC,dc=mgc,dc=local"

I do curl -k -u DDenisov@domain:pass''

and get the correct answer

  "username" : "DDenisov@domain",
  "roles" : [

I also created two rules for the mapping role in Kibana, one of them is monitoring_user and it is displayed correctly, but when I try to log in under an account in Kibana, I get an error 401
I don't know what to do now, please help

{"statusCode":401,"error":"Unauthorized","message":"[security_exception] unable to authenticate user [DDenisov@domain] for REST request [/_security/_authenticate], with { header={ WWW-Authenticate=\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\" } }"}

Hi @Dmitrymig

What stack version are you using?

Did you check our official docs about AD authorisation?

Best, Dzmitry

I am using version 7.9. I followed the documentation with the exception of "bind_password:" I put it in Elasticsearch.yml and I configured the mapping role without the API but through the file. Elasticsearch shows the correct roles for the user, but when I try to enter Kibana via the WEB, an error 401 appears, I can’t find a solution on the Internet, so I contacted you)

I get this response when I log in to Kibana and see a 401 error

[2022-05-19T15:45:29,491][DEBUG][o.e.x.s.a.AuthenticationService] [gray-1] Authentication of [s-kibana@mgc.local] using realm [active_directory/my_ad] with token [UsernamePasswordToken] was [AuthenticationResult{status=SUCCESS, user=User[username=s-kibana@mgc.local,roles=[monitoring_user,superuser],fullName=null,email=null,metadata=

Here's more from the log, how to resolve I don't understand

[2022-05-19T16:04:08,816][DEBUG][o.e.x.s.a.l.ActiveDirectorySessionFactory] [gray-1] Resolved 0 meta-data fields [{}] for user [

If you're seeing those messages, then authentication is working fine.

What's the exact error you see in Kibana? What does the kibana log tell you?

sorry to distract you, I didn't set up the roles and didn't attach them to the role mapping
Everything is working now

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.