X-pack Failed to authenticate user [elastic]

f26227279 · March 30, 2018, 4:59am

Hi everyone, after installing x-pack, I know I need to modify the elasticsearch password.But when I use the command on ES
bin/x-pack/setup-passwords interactive
it show me an error:

Failed to authenticate user 'elastic' against http://172.30.254.23:9200/_xpack/security/_authenticate?pretty
Possible causes include:
 * The password for the 'elastic' user has already been changed on this cluster
 * Your elasticsearch node is running against a different keystore
   This tool used the keystore at /home/es2/Downloads/elasticsearch-6.2.2/config/elasticsearch.keystore

ERROR: Failed to verify bootstrap password

ES log:
[ES2] Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]

so now I can't log in to ES because I don't know the default password and even can't modify the password.
this is my ES config:

    # ======================== Elasticsearch Configuration =========================
    #
    # NOTE: Elasticsearch comes with reasonable defaults for most settings.
    #       Before you set out to tweak and tune the configuration, make sure you
    #       understand what are you trying to accomplish and the consequences.
    #
    # The primary way of configuring a node is via this file. This template lists
    # the most important settings you may want to configure for a production cluster.
    #
    # Please consult the documentation for further information on configuration options:
    # https://www.elastic.co/guide/en/elasticsearch/reference/index.html
    #
    # ---------------------------------- Cluster -----------------------------------
    #
    # Use a descriptive name for your cluster:
    #
    cluster.name: Winoc
    #
    # ------------------------------------ Node ------------------------------------
    #
    # Use a descriptive name for the node:
    #
    node.name: ES2
    #
    # Add custom attributes to the node:
    #
    #node.attr.rack: r1
    #
    # ----------------------------------- Paths ------------------------------------
    #
    # Path to directory where to store the data (separate multiple locations by comma):
    #
    #path.data: /path/to/data
    #
    # Path to log files:
    #
    #path.logs: /path/to/logs
    #
    # ----------------------------------- Memory -----------------------------------
    #
    # Lock the memory on startup:
    #
    #bootstrap.memory_lock: true
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
network.host: 172.30.254.23
#
# Set a custom port for HTTP:
#
#http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when new node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
#discovery.zen.ping.unicast.hosts: ["172.30.254.23", "172.30.254.24", "172.30.254.27",  "172.30.254.28"]
#
# Prevent the "split brain" by configuring the majority of nodes (total number of master-eligible nodes / 2 + 1):
#
#discovery.zen.minimum_master_nodes:
#
# For more information, consult the zen discovery module documentation.
#
# ---------------------------------- Gateway -----------------------------------
#
# Block initial recovery after a full cluster restart until N nodes are started:
#
#gateway.recover_after_nodes: 3
#
# For more information, consult the gateway module documentation.
#
# ---------------------------------- Various -----------------------------------
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true
xpack.security.audit.enabled: "true"
#elasticsearch.username: ""

thank you in advance!

ikakavas · March 30, 2018, 5:37am

Hi,

Your elasticsearch.yml says Elasticsearch is listening on
network.host: 172.30.254.23

and setup-passwords ran against 172.30.214.21

which means that you either

Ran setup-passwords with a --url argument
Ran setup-passwords from a different node
Ran setup-passwords using a different $ES_CONF_PATH
Haven't restarted Elasticsearch after making changes to your elasticsearch.yml
made changes to the elasticsearch.yml file you copied here after running setup-passwords

Can you clarify? Also, have you run setup-passwords before successfully before getting that error ?
Does elasticsearch start without any errors in the log ?

Krunal_kalaria · March 30, 2018, 5:37am

Hi @f26227279,

Can you check the elasticsearch service is start or not and try this command to show the password:

bin/x-pack/setup-passwords auto -u "http://172.30.214.21:9200"

Thanks & Regards,
Krunal.

f26227279 · March 30, 2018, 5:42am

I am very sorry for that I modify the ip because I am afraid of being invaded, now I have modified it to correct ip!

bin/x-pack/setup-passwords auto -u "http://172.30.254.23:9200"
has the same problem:

Failed to authenticate user 'elastic' against http://172.30.254.23:9200/_xpack/security/_authenticate?pretty
Possible causes include:
 * The password for the 'elastic' user has already been changed on this cluster
 * Your elasticsearch node is running against a different keystore
   This tool used the keystore at /home/es2/Downloads/elasticsearch-6.2.2/config/elasticsearch.keystore

ERROR: Failed to verify bootstrap password

f26227279 · March 30, 2018, 5:43am

yes, I have ever success on one node, but when I set the seccond node, it has the error.
on the second node setup-passwords never success.

ikakavas · March 30, 2018, 5:54am

You don't have to re run setup-password on each node of the same cluster. Can you not authenticate user elastic with the password you set the first time you ran the setup-password ?

f26227279 · March 30, 2018, 6:55am

I can't use the first time password I set to log in.

[root@10-255-254-23 elasticsearch-6.2.2]# curl -u elastic 'http://172.30.254.23:9200/_xpack/security/_authenticate?pretty'
Enter host password for user 'elastic':
{
  "error" : {
    "root_cause" : [
      {
        "type" : "security_exception",
        "reason" : "failed to authenticate user [elastic]",
        "header" : {
          "WWW-Authenticate" : "Basic realm=\"security\" charset=\"UTF-8\""
        }
      }
    ],
    "type" : "security_exception",
    "reason" : "failed to authenticate user [elastic]",
    "header" : {
      "WWW-Authenticate" : "Basic realm=\"security\" charset=\"UTF-8\""
    }
  },
  "status" : 401
}

but on third node, I can log in using first password I set.

f26227279 · March 30, 2018, 7:28am

it works!
after open the discovery.zen.ping.unicast.hosts

thank you very much

system · April 27, 2018, 7:29am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
After X-pack Installation : Failed to authenticate user [elastic] Elasticsearch elastic-stack-security	7	11873	April 17, 2020
Unable to change elastic user password Elasticsearch	3	19069	April 5, 2018
Password reset of elastic user Elasticsearch elastic-stack-security	4	3097	September 16, 2020
Failed to authenticate user [elastic] Elasticsearch	5	18531	August 8, 2017
Elastic xpack security Elasticsearch	3	8528	December 24, 2017

X-pack Failed to authenticate user [elastic]

Related topics