Unable to authenticate user [kibana_system] for REST request [/_xpack] error

daniela09 · May 15, 2023, 11:07am

I am using EFK stack on Kubernetes, Elastic and Kibana 8.7.0:

I changed the passwords for built-in users elastic and kibana_system with ./bin/elasticsearch-reset-password user --username kibana_system and ./bin/elasticsearch-reset-password user --username elastic
Then I added them to the elasticsearch-keystore with ./bin/elasticsearch-keystore add kibana_pass and ./bin/elasticsearch-keystore add elastic_pass
I have created Secretc with both passwords
And everything is working fine, but after restart I get this error in my kibana logs:

[2023-05-15T06:54:11.417+00:00][ERROR][plugins.security.authentication] License is not available, authentication is not possible.
[2023-05-15T06:54:11.429+00:00][WARN ][plugins.licensing] License information could not be obtained from Elasticsearch due to ResponseError: security_exception
        Root causes:
                security_exception: unable to authenticate user [kibana_system] for REST request [/_xpack] error

and this is my elastic log:

{"@timestamp":"2023-05-15T09:25:40.548Z", "log.level": "INFO", "message":"Authentication of [kibana_system] was terminated by realm [reserved] - failed to authenticate user [kibana_system]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch-client][transport_worker][T#7]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","trace.id":"5451638a596cc9a373336ecc3552088a","elasticsearch.cluster.uuid":"6h24ceJZS6-w0WZ3EPg8PA","elasticsearch.node.id":"Cu3XJpMASA20AMH2QcnvoQ","elasticsearch.node.name":"elasticsearch-client","elasticsearch.cluster.name":"elasticsearch"}

And I need to change the passwords again and create new Secrets so I can authenticate both users, I need help how to make them persistent so I dont have to do this everytime a node restarts

Yang_Wang · May 16, 2023, 4:02am

Elasticsearch keystore is not the place for storing these passwords. What are you trying to achieve? Maybe you were looking for kibana-keystore?

daniela09 · May 16, 2023, 8:34am

Hi, I want to make the passwords persistent, so when the cluster fails or restarts they still to remain the same.

Yang_Wang · May 16, 2023, 8:58am

It's persistant already since ./bin/elasticsearch-reset-password saves the new password to the security index which is on disk and available across restart (assuming you don't actively delete data between restarts).

daniela09 · May 16, 2023, 9:32am

I don't delete data, but when my cluster fails or I restart it, I get the logs above and I need to reset the password again so elastic can authenticate the user kibana_system

kiel · May 28, 2023, 5:14pm

Did you found any solution for that problem?
I have the same problem and kibana doesn´t start. It shows your error, too.

daniela09 · May 29, 2023, 11:57am

No, I still haven't found a solution for this problem.
If I solve it I will write here

system · June 26, 2023, 11:57am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
License information from the X-Pack plugin could not be obtained from Elasticsearch for the [data] cluster. [security_exception] missing authentication credentials for REST request [/_xpack] Elasticsearch elastic-stack-security	5	12883	July 4, 2019
Kibana unable to authenticate Elasticsearch elastic-stack-security	10	14099	February 26, 2021
Kibana Elasticsearch -> after 7 Days elastic user pw changed Elasticsearch elastic-stack-security , docker	7	663	July 5, 2021
If I enable xpack , Elasticsearch stops working and my license won't work Elasticsearch elastic-stack-security	10	2478	October 22, 2020
Unable to log into Kibana after first time setup of xpack.security.enabled Kibana elastic-stack-security	8	1687	December 16, 2020

Unable to authenticate user [kibana_system] for REST request [/_xpack] error

Related topics