Users password expiration or blocked accounts

d.silwon · January 21, 2022, 4:31pm

Dears,

In our Elastic cluster we have few local users which login to Kibana for browsing indexes with applications logs.
Twice a week two users reports me problems with login to Kibana. After password reset these users can login to Kibana but problem come back for few days with such errors in the browser:
StatusCode: 404
Error: "Not found"
Message: "Not found"

Can such an account be blocked by elastic when the user enters the wrong password few times?
How can I check the status of user and password? Is there any way to do it?

Best Regards,
Dan

warkolm · January 23, 2022, 11:43pm

What realm is the user in?

d.silwon · January 24, 2022, 5:52am

@warkolm Here you are my configuration:

xpack:
  security:
    authc:
      realms:
        active_directory:
          my_ad:
            order: 0
            domain_name: my.ldap
            url: ldaps://my.ldap:636
            bind_dn: elastic@my.ldap
            ssl:
              certificate_authorities: [ "/etc/elasticsearch/certs/ca.crt" ]
              verification_mode: certificate
            files:
              role_mapping: "/etc/elasticsearch/role_mapping.yml"
        native:
          native1:
            order: 1

Thanks a lot.

warkolm · January 24, 2022, 6:00am

It's likely AD that's causing the lockout then.

d.silwon · January 24, 2022, 6:09am

@warkolm I understand that such situation can occur when user have the same password in Elasticsearch (native user) and AD. Is it true?

warkolm · January 24, 2022, 6:30am

Only if the user exists in both realms and it has been set to that, yes.

d.silwon · January 24, 2022, 6:35am

Thanks a lot.

system · February 21, 2022, 6:35am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.