Unable to authenticate user [*****] for REST request [/]

akhil · August 30, 2019, 7:49am

Hi Team,

*I have created one user from kibana UI and also from elastic server using the REST API.
Now when I'm trying to hit the API using my new user id and password I'm getting the error message -

*API that I'm using -

curl -v -u akhil:akhil12345 -X GET "https://*******.***.com:7878/_xpack/security/_authenticate"

below is the error message -

Connection #0 to host .***.com left intact

{"error":{"root_cause":[{"type":"security_exception","reason":"unable to authenticate user [akhil] for REST request [/_xpack/security/_authenticate]","header":{"WWW-Authenticate":["Bearer realm="security"","Basic realm="security" charset="UTF-8""]}}],"type":"security_exception","reason":"unable to authenticate user [akhil] for REST request [/_xpack/security/_authenticate]","header":{"WWW-Authenticate":["Bearer realm="security"","Basic realm="security" charset="UTF-8""]}},"status":401}

Also, unable to login kibana with this new uid and password.

*it's working fine for elastic

curl -v -u elastic:akhil12345 -X GET "https://*******.*****.com:7878/_xpack/security/_authenticate"

{"username":"elastic","roles":["superuser"],"full_name":null,"email":null,"metadata":{"_reserved":true},"enabled":true}

*API used for creating user -

curl -v -u elastic:akhil12345 -X POST "https://..com:7878/_xpack/security/user/akhil?pretty" -H 'Content-Type: application/json' -d'
{
"password" : "akhil12345",
"roles" : [ "superuser", "other_role1" ],
"full_name" : "Akhil Patwal",
"email" : "akhil@.",
"metadata" : {
"intelligence" : 7
}
}

I can see this user when hitting the below API -

curl -v -u elastic:akhil12345 -X GET "https://.**.com:7878/_xpack/security/user"

#0 to host .**.com left intact

":{},"enabled":true},"akhil":{"username":"akhil","roles":["superuser"],"full_name":null,"email":null,"metadata":{},"enabled":

Tried to create the user from kibana also, but my bad luck it's not working, getting the same error.

Below are some more details regarding this ELK setup :

Using nginx reverse proxy method- port 7878 has been used
We have valid ssl certificates that we are using currently.
Also having a gold licence. It's also in used.

Please let us know, how it can be resolved. If you want more details kindly let us know.

ikakavas · August 30, 2019, 8:00am

A number of things can be happening:

Your password is wrong or misstyped. You can use the change password API authenticating as the elastic user to change the password of your akhil user just to be sure.
You have defined an extra authentication realm in your elasticsearch.yml. Doing so, stops the native realm from being implicitly enabled, so you need to explicitly enable it yourself. See https://www.elastic.co/guide/en/elasticsearch/reference/7.3/configuring-native-realm.html

system · September 27, 2019, 8:00am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.