Xpack File realm user cant login

HI i saw some of the similar question like

but still cant work so please help LOL

i use file realm to add a new user


and in ./users list i have

then i go to check my users and users roles file

they both look normal...

then when i test my account i get an error said unable to authenticate user

if i test the default user elastic with the password changme . it's work

oh and all my version is 5.4.1

any suggestion????

Please don't paste screenshots. Copy and paste from your terminal - apart from being easier for those of us who read on mobile devices, it also makes it much easier for us to post replies like this:

You ran

./users useradd admin -p passowrd -r superuser

You misspelt password.

Sorry Tim my bad first ask question in community
I tried one more time,delete the orignally misspelt user
./user userdel admin
and add new user
./users useradd admin -p password -r superuser
then check ./users list result is
superuser:admin
then I check users in xpack ,it different now
admin:$2a$10$0m.G/whh9Yw7xf9cbDtlUu80g2yDWdbtmIrGsGf/lsOJNTvEfWPfi
user_roles inside is
admin:superuser
In the end I use
curl -XGET --user admin:password -k 'https://172.16.1.244:9200/sales_record/_search?pretty'
but sill got the error message
[root@localhost x-pack]# curl -XGET --user admin:password -k 'https://172.16.1.244:9200/sales_record/_search?pretty'
{
"error" : {
"root_cause" : [
{
"type" : "security_exception",
"reason" : "unable to authenticate user [admin] for REST request [/sales_record/_search?pretty]",
"header" : {
"WWW-Authenticate" : "Basic realm="security" charset="UTF-8""
}
}
],
"type" : "security_exception",
"reason" : "unable to authenticate user [admin] for REST request [/sales_record/_search?pretty]",
"header" : {
"WWW-Authenticate" : "Basic realm="security" charset="UTF-8""
}
},
"status" : 401
}

What does your elasticsearch.yml config file look like?

Per the documentation for the file realm:

[quote]
When you configure realms in elasticsearch.yml, only the realms you specify are used for authentication. To use the file realm as a fallback, you must include it in the realm chain.[/quote]

If you have configured anything under xpack.security.authc.realms.* then you need to explicitly list the file realm as well.

I did add a file realm call my_realm in the end of my elasticsearch.yml

here is my elasticsearch.yml

# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please see the documentation for further information on configuration options:
# <https://www.elastic.co/guide/en/elasticsearch/reference/5.0/settings.html>
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
#cluster.name: my-application
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
#node.name: node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
#path.data: /path/to/data
#
# Path to log files:
#
#path.logs: /path/to/logs
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
#network.host: 192.168.0.1
network.host: 172.16.1.244
#
# Set a custom port for HTTP:
#
#http.port: 9200
#
# For more information, see the documentation at:
# <https://www.elastic.co/guide/en/elasticsearch/reference/5.0/modules-network.html>
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when new node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
#discovery.zen.ping.unicast.hosts: ["host1", "host2"]
#
# Prevent the "split brain" by configuring the majority of nodes (total number of nodes / 2 + 1):
#
#discovery.zen.minimum_master_nodes: 3
#
# For more information, see the documentation at:
# <https://www.elastic.co/guide/en/elasticsearch/reference/5.0/modules-discovery-zen.html>
#
# ---------------------------------- Gateway -----------------------------------
#
# Block initial recovery after a full cluster restart until N nodes are started:
#
#gateway.recover_after_nodes: 3
#
# For more information, see the documentation at:
# <https://www.elastic.co/guide/en/elasticsearch/reference/5.0/modules-gateway.html>
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true
#configsync.config_path: /var/lib/elasticsearch/elasticsearch/config
script.engine.groovy.inline.update: on
#------------------------------------xpack----------------------
#xpack.security.audit.enabled: true
#xpack.security.audit.outputs: [ index, logfile ]

#xpack.security.audit.index.settings:
#  index:
#    number_of_shards: 1
#    number_of_replicas: 1

#xpack.security.audit.logfile.events.exclude: [ access_granted ]
#xpack.security.audit.index.events.exclude: [ access_granted ]

xpack:
    ssl:
        key: /usr/share/elasticsearch/config/localhost.key
        certificate: /usr/share/elasticsearch/config/localhost.crt
      # This points to where the CA cert is - every node shares this
        certificate_authorities: /usr/share/elasticsearch/config/ca.crt

# We need to ensure that the transport (port 9300) and HTTP (port
# 9200) protocols secure communication is enabled:
xpack.security.transport.ssl.enabled: true
xpack.security.http.ssl.enabled: true

xpack:
  security:
    authc:
      realms:
        my_realm:
          type: file
          order: 0

And I tried to remove ca and ssl .but still get the same result.
Any ideas??

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.