Yes! I was actually about to edit to add logs.
var/log/kibana generates the following log entry when I try to authenticate:
{"service":{"node":{"roles":["background_tasks","ui"]}},"ecs":{"version":"8.4.0"},"@timestamp":"2023-03-23T19:38:32.317+00:00","message":"Authentication attempt failed: {\"error\":{\"root_cause\":[{\"type\":\"security_exception\",\"reason\":\"unable to authenticate user [kibanaorwell] for REST request [/_security/_authenticate]\",\"header\":{\"WWW-Authenticate\":[\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\",\"ApiKey\"]}}],\"type\":\"security_exception\",\"reason\":\"unable to authenticate user [kibanaorwell] for REST request [/_security/_authenticate]\",\"header\":{\"WWW-Authenticate\":[\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\",\"ApiKey\"]}},\"status\":401}","log":{"level":"INFO","logger":"plugins.security.authentication"},"process":{"pid":5697},"trace":{"id":"58d53d53d4982eccbeb2a5dbeff5f5b9"},"transaction":{"id":"5b441aaed56ddd01"}}
This is strange because kibanaorwell is the username I have for Nginx before I had security enabled.
The following is the Elasticsearch log entry from when I tried to login:
[2023-03-23T19:31:54,179][INFO ][o.e.x.s.a.RealmsAuthenticator] [bigbrother] Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]
I found this thread a couple of minutes ago and I think I might be suffering from a similar problem.
I apologize for not mentioning I had been using Nginx before I enabled security, I had no idea it could cause this sort of issue.
I am using Nginx to be able to access the Kibana dashboard from my ELK server's public IP address. This was a solution suggested to me at the time when I started with 7.x.
Is there no longer a need for this or do I still need to use Nginx to do it but have to change configurations?
Thank you for taking the time to reply. If there's anything else I can do or if I need to provide more logs just let me know.