Unable to setup authentication using x-pack

I have setup the ELK stack and also installed x-pack plugin. I then created a new user. Now whenever I run the following command it gives me this response.

curl -u adminuser:password -XGET http://localhost:9200

{"error":{"root_cause":[{"type":"security_exception","reason":"action [cluster:monitor/main] is unauthorized for user [adminuser]"}],"type":"security_exception","reason":"action [cluster:monitor/main] is unauthorized for user [adminuser]"},"status":403}

and when I list the users. I see the following output

./users list
adminuser : -

the adminuser is a superuser

Now I don't see any logs shipped through filebeat either. Can this be an issue? How do I fix this?

Which roles do the adminuser have? Does any of them include cluster level privileges?

If it prints adminuser : - then that means that adminuser has no roles .

If adminuser was a superuser, then you would get:

bin/x-pack/users list
adminuser      : superuser

What makes you think adminuser should be a superuser?
What did you do to configure that?

1 Like

@TimV , @Christian_Dahlqvist : I did ./users roles adminuser -r superuser assuming that it will assign a role to the user. But looks like it didn't. Am I doing it right?

Also I have installed x-pack for kibana and also for Logstash. Do I have to create users/roles in these as well? I have already created users in Kibana UI (Browser).

I'm not quite understanding the setup process here. What I'm trying to do is, I need to have user/role based authentication in Kibana so that some of my team members will only get "Read-Only" like privilege.

I see that without these proper authentication process ElasticSearch is not accepting any logs from LogStash. But if I remove x-pack from ES, Logstash and Kibana, the logs are displayed in Kibana as usual.

./users roles adminuser -r superuser

When running the roles sub-command a -r is a remove option.
The command you ran remove the superuser role from adminuser.

You can see the help text for by running

 bin/x-pack/users roles --help    

With respect to your other questions:

No, users are only created in Elasticsearch. The other products in the Elastic Stack use Elasticsearch as their user store where applicable. However, you will need to configure those products so that they can authenticate to Elasticsearch.

Please see: Logstash Reference [8.11] | Elastic

@TimV : Thank you that fixed the issue.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.