Missing authentication ceredentials for rest request

Krypton8 · October 23, 2019, 11:51am

Hello guys,

I have put in place a LDAP realm on my ES cluster.

I enabled the xpack.security.enabled to true on all of my cluster nodes (3).
I have modified my elasticsearch.yml to set the LDAP realm with user_search and then update my role_mapping.

Therefore, when i'm trying to start Kibana service, I have an error like this:

{"type":"log","@timestamp":"2019-10-23T11:24:06Z","tags":["warning","task_manager"],"pid":10628,"message":"PollError [security_exception] missing authentication credentials for REST request [/_template/.kibana_task_manager?filter_path=*.version], with { header={ WWW-Authenticate="Basic realm=\"security\" charset=\"UTF-8\"" } }"}

Looks like Kibana cannot connect to the cluster. I have no other authentication active, like the basic auth, only the LDAP realm one.

My elasticsearch.yml:

---------------------------------- Various -----------------------------------

Require explicit names when deleting indices:

#action.destructive_requires_name: true

Activation de la securité xpack

xpack.security.enabled: true
xpack.monitoring.collection.enabled: true

Activation de l'encryption elastic

#xpack.security.transport.ssl.enabled: true
#xpack.security.transport.ssl.verification_mode: certificate
#xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
#xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12

xpack:
security:
authc:
realms:
ldap:
ldap1:
order: 0
url: "ldap://active_directoryIP:389"
bind_dn: "cn=ldapuser,ou=MYOU,dc=MyDc,dc=MyDc2"
user_search:
base_dn: "dc=MyDc,dc=MyDc2"
filter: "(cn={0})"
group_search:
base_dn: "dc=MyDc,dc=MyDc2"
files:
role_mapping: "/etc/elasticsearch/role_mapping.yml"
unmapped_groups_as_roles: false

My kibana.yml:

server.ssl.enabled: true
server.ssl.certificate: /etc/kibana/ssl/kibana.crt
server.ssl.key: /etc/kibana/ssl/kibana.key
xpack.security.enabled: true
xpack.reporting.enabled: true
xpack.monitoring.enabled: true

Everything was working fine until I set the LDAP realm. I really don't know what to do, I searched in the forum, stackoverflow and official docs but I can't find a solution.

Hope someone will bring light to this.

Best regards

Larry_Gregory · October 23, 2019, 1:57pm

Hey @Krypton8,

It looks like your kibana.yml is missing credentials for Kibana to authenticate to Elasticsearch. I'd expect to see values in there for elasticsearch.username and elasticsearch.password. Can you verify you have that configured correctly?

Krypton8 · October 24, 2019, 8:14am

Hello Larry,

I tried to put different values to elasticsearch.username and elasticsearch.password but this is not working properly.

I tried to put the default user (elastic:changeme) or an LDAP user but this is not working !

Thank you for your help

system · November 21, 2019, 8:14am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.