An Active Directory error 49 is invalid credentials
Without more context it's hard to tell what the real problem is, but it could be any of:
- The DN you've put in
bind_dnis incorrect (doesn't exist in the directory) - The password you've put in
bind_passwordis incorrect - The
domainyou're using in your AD configuration is incorrect. - The user name you've entered in the Kibana login box is incorrect.
- The user name you've entered in the Kibana login box is in an incorrect format.
- The password you've entered in the Kibana login box is incorrect.
Working through those:
- You said you can use the bind credentials in an LDAP client. That's good. Please triple-check that the values you entered in your elasticsearch config are an exact match for what you're putting in the client.
- Check the
domainvalue you're using in your config. If you try to login to an AD realm using a simple username likejsmith, then X-Pack security will use the configured domain name in order to bind as the user being authenticated - that is it will bind asjsmith@your.ad.domain. If the configured domain doesn't match the domain being used for the UPN, then the bind will fail. - Triple check the username and password you're entering in Kibana. These need to match something in AD.
- X-Pack security supports usernames in 3 different formats: raw account-name like
jsmith, a user-principal-name likejsmith@your.ad.domainor a NetBIOS (down level) styleAdDomain\\jsmith. All of those work - if the realm is configured correctly and the correct values are used for your domain.
If you provide more details from your logs we may be able to help narrow down the possible causes.