Users password expiration or blocked accounts

Elastic Stack Elasticsearch
1

Dears,

In our Elastic cluster we have few local users which login to Kibana for browsing indexes with applications logs.
Twice a week two users reports me problems with login to Kibana. After password reset these users can login to Kibana but problem come back for few days with such errors in the browser:
StatusCode: 404
Error: "Not found"
Message: "Not found"

Can such an account be blocked by elastic when the user enters the wrong password few times?
How can I check the status of user and password? Is there any way to do it?

Best Regards,
Dan

2

What realm is the user in?

3

@warkolm Here you are my configuration:

xpack:
  security:
    authc:
      realms:
        active_directory:
          my_ad:
            order: 0
            domain_name: my.ldap
            url: ldaps://my.ldap:636
            bind_dn: elastic@my.ldap
            ssl:
              certificate_authorities: [ "/etc/elasticsearch/certs/ca.crt" ]
              verification_mode: certificate
            files:
              role_mapping: "/etc/elasticsearch/role_mapping.yml"
        native:
          native1:
            order: 1

Thanks a lot.

4

It's likely AD that's causing the lockout then.

5

@warkolm I understand that such situation can occur when user have the same password in Elasticsearch (native user) and AD. Is it true?

6

Only if the user exists in both realms and it has been set to that, yes.

7

Thanks a lot.

8

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.