Kibana authentication fails


(Parth Mehta) #1

I setup two users on kibana and gave them necessary permission via user roles.
It was working fine until kibana suddenly crashed. On restarting kibana, I am unable to use any users that I created previously. It returns login error.

The same users work fine with elasticsearch via a python api.


(Pjanzen) #2

Anything in the kibana logs?


(Parth Mehta) #3

I was dumb enough to print them on stdout and not save. So I have the logs only after I restarted kibana. Nothing useful there.


(Pjanzen) #4

As authentication is done at ES you might want to check that while doing a login from kibana. Without logs I cannot help (and I am guessing none can)


(Mark Walkom) #5

Are you using X-Pack?


(Parth Mehta) #6

Yes I am using X-Pack for this. Sorry I should have mentioned this in the original post.


(Parth Mehta) #7

log [14:36:05.869] [info][status][plugin:ml@5.5.1] Status changed from red to green - Ready
log [14:36:05.901] [error][status][plugin:xpack_main@5.5.1] Status changed from red to red - Elasticsearch is still initializing the kibana index.
log [14:36:05.902] [error][status][plugin:graph@5.5.1] Status changed from red to red - Elasticsearch is still initializing the kibana index.
log [14:36:05.903] [error][status][plugin:reporting@5.5.1] Status changed from red to red - Elasticsearch is still initializing the kibana index.
log [14:36:05.904] [error][status][plugin:security@5.5.1] Status changed from red to red - Elasticsearch is still initializing the kibana index.
log [14:36:05.905] [error][status][plugin:searchprofiler@5.5.1] Status changed from red to red - Elasticsearch is still initializing the kibana index.
log [14:36:05.905] [error][status][plugin:ml@5.5.1] Status changed from green to red - Elasticsearch is still initializing the kibana index.
log [14:36:05.906] [error][status][plugin:tilemap@5.5.1] Status changed from red to red - Elasticsearch is still initializing the kibana index.
log [14:36:05.907] [error][status][plugin:watcher@5.5.1] Status changed from red to red - Elasticsearch is still initializing the kibana index.
log [14:36:05.908] [error][status][plugin:elasticsearch@5.5.1] Status changed from red to red - Elasticsearch is still initializing the kibana index.
log [14:36:08.489] [info][status][plugin:elasticsearch@5.5.1] Status changed from red to green - Kibana index ready
log [14:36:08.490] [info][status][ui settings] Status changed from red to green - Ready
log [14:36:08.511] [info][license][xpack] Imported license information from Elasticsearch for [data] cluster: mode: trial | status: active | expiry date: 2017-09-28T07:18:31+00:00
log [14:36:08.534] [info][status][plugin:xpack_main@5.5.1] Status changed from red to green - Ready
log [14:36:08.535] [info][status][plugin:graph@5.5.1] Status changed from red to green - Ready
log [14:36:08.537] [info][status][plugin:reporting@5.5.1] Status changed from red to green - Ready
log [14:36:08.538] [info][status][plugin:security@5.5.1] Status changed from red to green - Ready
log [14:36:08.539] [info][status][plugin:searchprofiler@5.5.1] Status changed from red to green - Ready
log [14:36:08.540] [info][status][plugin:ml@5.5.1] Status changed from red to green - Ready
log [14:36:08.541] [info][status][plugin:tilemap@5.5.1] Status changed from red to green - Ready
log [14:36:08.542] [info][status][plugin:watcher@5.5.1] Status changed from red to green - Ready
log [14:36:08.565] [info][license][xpack] Imported license information from Elasticsearch for [monitoring] cluster: mode: trial | status: active | expiry date: 2017-09-28T07:18:31+00:00
log [14:36:08.568] [info][status][plugin:monitoring@5.5.1] Status changed from green to yellow - Waiting for Monitoring Health Check
log [14:36:08.770] [info][status][plugin:monitoring@5.5.1] Status changed from yellow to green - Ready

This is the kibana log, after I restarted kibana and elasticsearch


#8

@parth126 can you try checking the roles of the users directly using curl on elastic search.

curl -XGET http://host:port/.security/user/USERNAME?pretty

Pass the username password and cert required in curl command.

Check if the user is found,enabled and has kibana_user role.


(Parth Mehta) #9

Hi @karanshah

That seems to clarify things a bit. None of the users are found.
But surprisingly the users still work when communicating with elasticsearch.

curl -XGET -u elastic 'hostname:port/.security/user/elastic?pretty'

This works fine with the username 'elastic' (default superuser)
But it is unable to find the user 'elastic'

Response:

{
 "_index" : ".security",
"_type" : "user",
"_id" : "elastic",
"found" : false
 }

What am I doing wrong?

Update:

Seems like this command lists only the new users and roles that I defined and not the default users ('elastic' and 'kibana').

So I tried in on the new user (my-company-admin), and here is the result:

{
  "_index" : ".security",
  "_type" : "user",
  "_id" : "my-company-admin",
  "_version" : 1,
  "found" : true,
  "_source" : {
    "username" : "my-company-admin",
    "password" : "some encoded stuff",
    "roles" : [
      "my_company_admin"
    ],
    "full_name" : null,
    "email" : null,
    "metadata" : null,
    "enabled" : true
  }
}

Details for the user role (my_company_user):

{
  "_index" : ".security",
  "_type" : "role",
  "_id" : "my_company_admin",
  "_version" : 1,
  "found" : true,
  "_source" : {
    "cluster" : [ ],
    "indices" : [
      {
        "names" : [
          "my_company*"
        ],
        "privileges" : [
          "manage",
          "read",
          "index"
        ]
      },
      {
        "names" : [
          ".kibana*"
        ],
        "privileges" : [
          "manage",
          "read",
          "index"
        ]
      }
    ],
    "run_as" : [ ],
    "metadata" : { }
  }
}

(system) #10

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.