Authentication finally failed for kibana from 127.0.0.1

Search Guard
1

hi, im getting following errors from the searchguard_demo.log

[2019-08-27T17:21:35,794][INFO ][o.e.c.s.ClusterApplierService] [localhost.localdomain] master node changed {previous [], current [{localhost.localdomain}{Jt3go99TTs6MRZ0syUrz7w}{RGe1YRgsSkSZparlpq8qSQ}{127.0.0.1}{127.0.0.1:9300}{dim}{ml.machine_memory=3964243968, xpack.installed=true, ml.max_open_jobs=20}]}, term: 7, version: 57, reason: Publication{term=7, version=57}

[2019-08-27T17:21:36,559][INFO ][o.e.h.AbstractHttpServerTransport] [localhost.localdomain] publish_address {127.0.0.1:9200}, bound_addresses {[::1]:9200}, {127.0.0.1:9200}
[2019-08-27T17:21:36,560][INFO ][o.e.n.Node ] [localhost.localdomain] started
[2019-08-27T17:21:36,562][INFO ][c.f.s.SearchGuardPlugin ] [localhost.localdomain] Node started
[2019-08-27T17:21:36,563][INFO ][c.f.s.c.ConfigurationRepository] [localhost.localdomain] Check if searchguard index exists …
[2019-08-27T17:21:36,564][INFO ][c.f.s.c.ConfigurationRepository] [localhost.localdomain] searchguard index does not exist yet, so we create a default config
[2019-08-27T17:21:36,569][INFO ][c.f.s.SearchGuardPlugin ] [localhost.localdomain] 4 Search Guard modules loaded so far: [Module [type=REST_MANAGEMENT_API, implementing class=com.floragunn.searchguard.dlic.rest.api.SearchGuardRestApiActions], Module [type=AUDITLOG, implementing class=com.floragunn.searchguard.auditlog.impl.AuditLogImpl], Module [type=MULTITENANCY, implementing class=com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl], Module [type=DLSFLS, implementing class=com.floragunn.searchguard.configuration.SearchGuardFlsDlsIndexSearcherWrapper]]
[2019-08-27T17:21:36,578][INFO ][c.f.s.c.ConfigurationRepository] [localhost.localdomain] Background init thread started. Install default config?: true
[2019-08-27T17:21:36,639][INFO ][c.f.s.c.ConfigurationRepository] [localhost.localdomain] Will create searchguard index so we can apply default config
[2019-08-27T17:21:36,772][INFO ][o.e.m.j.JvmGcMonitorService] [localhost.localdomain] [gc][5] overhead, spent [308ms] collecting in the last [1s]
[2019-08-27T17:21:39,150][INFO ][o.e.l.LicenseService ] [localhost.localdomain] license [37e7b3c0-762a-4210-8bf3-cb2dac7d6b5c] mode [basic] - valid
[2019-08-27T17:21:39,314][INFO ][o.e.g.GatewayService ] [localhost.localdomain] recovered [4] indices into cluster_state
[2019-08-27T17:21:39,305][ERROR][c.f.s.a.BackendRegistry ] [localhost.localdomain] Not yet initialized (you may need to run sgadmin)
[2019-08-27T17:21:39,725][ERROR][c.f.s.a.BackendRegistry ] [localhost.localdomain] Not yet initialized (you may need to run sgadmin)
[2019-08-27T17:21:40,662][ERROR][c.f.s.a.BackendRegistry ] [localhost.localdomain] Not yet initialized (you may need to run sgadmin)
[2019-08-27T17:21:43,048][ERROR][c.f.s.a.BackendRegistry ] [localhost.localdomain] Not yet initialized (you may need to run sgadmin)
[2019-08-27T17:21:44,913][INFO ][o.e.m.j.JvmGcMonitorService] [localhost.localdomain] [gc][13] overhead, spent [398ms] collecting in the last [1s]
[2019-08-27T17:21:45,722][ERROR][c.f.s.a.BackendRegistry ] [localhost.localdomain] Not yet initialized (you may need to run sgadmin)
[2019-08-27T17:21:45,727][ERROR][c.f.s.a.BackendRegistry ] [localhost.localdomain] Not yet initialized (you may need to run sgadmin)
[2019-08-27T17:21:45,731][ERROR][c.f.s.a.BackendRegistry ] [localhost.localdomain] Not yet initialized (you may need to run sgadmin)
[2019-08-27T17:21:45,950][ERROR][c.f.s.a.BackendRegistry ] [localhost.localdomain] Not yet initialized (you may need to run sgadmin)
[2019-08-27T17:21:46,396][INFO ][o.e.c.r.a.AllocationService] [localhost.localdomain] Cluster health status changed from [RED] to [YELLOW] (reason: [shards started [[.kibana_task_manager][0], [.kibana_1][0], [sg7-auditlog-2019.08.27][0]] …]).
[2019-08-27T17:21:47,552][INFO ][c.f.s.c.ComplianceConfig ] [localhost.localdomain] Compliance features are enabled
[2019-08-27T17:21:47,560][INFO ][c.f.s.c.ConfigurationRepository] [localhost.localdomain] Search Guard License Info: SearchGuardLicense [uid=00000000-0000-0000-0000-000000000000, type=TRIAL, features=[COMPLIANCE], issueDate=2019-08-27, expiryDate=2019-10-26, issuedTo=The world, issuer=floragunn GmbH, startDate=2019-08-27, majorVersion=7, clusterName=*, allowedNodeCount=2147483647, msgs=, expiresInDays=60, isExpired=false, valid=true, action=, prodUsage=Yes, one cluster with all commercial features and unlimited nodes per cluster., clusterService=org.elasticsearch.cluster.service.ClusterService@36032848, getMsgs()=, getExpiresInDays()=60, isExpired()=false, isValid()=true, getAction()=, getProdUsage()=Yes, one cluster with all commercial features and unlimited nodes per cluster.]
[2019-08-27T17:21:47,560][INFO ][c.f.s.c.ConfigurationRepository] [localhost.localdomain] Search Guard License Type: TRIAL, valid
[2019-08-27T17:21:47,561][INFO ][c.f.s.c.ConfigurationRepository] [localhost.localdomain] Node ‘localhost.localdomain’ initialized
[2019-08-27T17:21:47,931][WARN ][c.f.s.a.BackendRegistry ] [localhost.localdomain] Authentication finally failed for kibana from 127.0.0.1:49684
[2019-08-27T17:21:48,502][WARN ][c.f.s.a.BackendRegistry ] [localhost.localdomain] Authentication finally failed for kibana from 127.0.0.1:49686
[2019-08-27T17:21:48,573][WARN ][c.f.s.a.BackendRegistry ] [localhost.localdomain] Authentication finally failed for kibana from 127.0.0.1:49688
[2019-08-27T17:21:48,811][WARN ][c.f.s.a.BackendRegistry ] [localhost.localdomain] Authentication finally failed for kibana from 127.0.0.1:49692
[2019-08-27T17:21:51,068][WARN ][c.f.s.a.BackendRegistry ] [localhost.localdomain] Authentication finally failed for kibana from 127.0.0.1:49684
[2019-08-27T17:21:51,894][WARN ][c.f.s.a.BackendRegistry ] [localhost.localdomain] Authentication finally failed for kibana from 127.0.0.1:49686
[2019-08-27T17:21:53,578][WARN ][c.f.s.a.BackendRegistry ] [localhost.localdomain] Authentication finally failed for kibana from 127.0.0.1:49692

Elasticsearch.yml

http.port: 9200

######## Start Search Guard Demo Configuration ########

WARNING: revise all the lines below before you go into production

searchguard.ssl.transport.pemcert_filepath: esnode.pem
searchguard.ssl.transport.pemkey_filepath: esnode-key.pem
searchguard.ssl.transport.pemtrustedcas_filepath: root-ca.pem
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.http.enabled: false
searchguard.ssl.http.pemcert_filepath: esnode.pem
searchguard.ssl.http.pemkey_filepath: esnode-key.pem
searchguard.ssl.http.pemtrustedcas_filepath: root-ca.pem
searchguard.allow_unsafe_democertificates: true
searchguard.allow_default_init_sgindex: true
searchguard.authcz.admin_dn:

  • CN=kirk,OU=client,O=client,L=test, C=de

searchguard.audit.type: internal_elasticsearch
searchguard.enable_snapshot_restore_privilege: true
searchguard.check_snapshot_restore_write_privileges: true
searchguard.restapi.roles_enabled: [“SGS_ALL_ACCESS”]
cluster.routing.allocation.disk.threshold_enabled: false
cluster.name: searchguard_demo
node.max_local_storage_nodes: 3
xpack.security.enabled: false
######## End Search Guard Demo Configuration ########

Kibana.yml
server.port: 5601

server.host: “SERVERURL”

elasticsearch.hosts: [“http://localhost:9200”]

elasticsearch.username: “kibana”
elasticsearch.password: “kibana”

server and ELK info
server- CentOS 7.6
elasticsearch elasticsearch- 7.3.1
Kibana- 7.3.1
Search guard plugin- search-guard-7 (com.floragunn:search-guard-7:7.3.1-36.1.0)

2

If you are using the demo configuration of Search Guard, it is:

elasticsearch.username: “kibanaserver”
elasticsearch.password: “kibanaserver”

See also here regarding the Kibana server user:

4

Hi, after i change the username.password, i could get to the kibana but i get panel informing “kibana status is red”
and following are the log details of the elasticsearch.log

  [2019-08-28T15:09:57,967][INFO ][o.e.p.PluginsService     ] [localhost.localdomain] loaded plugin [search-guard-7]

[2019-08-28T15:10:32,456][INFO ][o.e.x.m.p.l.CppLogMessageHandler] [localhost.localdomain] [controller/4412] [Main.cc@110] controller (64 bit): Version 7.3.1 (Build 1d93901e09ef43) Copyright (c) 2019 Elasticsearch BV
[2019-08-28T15:10:36,564][DEBUG][o.e.a.ActionModule ] [localhost.localdomain] Using REST wrapper from plugin com.floragunn.searchguard.SearchGuardPlugin
[2019-08-28T15:10:38,740][INFO ][o.e.d.DiscoveryModule ] [localhost.localdomain] using discovery type [zen] and seed hosts providers [settings]
[2019-08-28T15:10:44,959][INFO ][o.e.n.Node ] [localhost.localdomain] initialized
[2019-08-28T15:10:44,960][INFO ][o.e.n.Node ] [localhost.localdomain] starting …
[2019-08-28T15:10:46,098][INFO ][o.e.m.j.JvmGcMonitorService] [localhost.localdomain] [gc][1] overhead, spent [272ms] collecting in the last [1s]
[2019-08-28T15:10:46,219][INFO ][o.e.t.TransportService ] [localhost.localdomain] publish_address {127.0.0.1:9300}, bound_addresses {[::1]:9300}, {127.0.0.1:9300}
[2019-08-28T15:10:46,266][WARN ][o.e.b.BootstrapChecks ] [localhost.localdomain] the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured
[2019-08-28T15:10:46,309][INFO ][o.e.c.c.Coordinator ] [localhost.localdomain] cluster UUID [LBI2Of-kTWK-jQn6AMewHQ]
[2019-08-28T15:10:46,369][INFO ][o.e.c.c.ClusterBootstrapService] [localhost.localdomain] no discovery configuration found, will perform best-effort cluster bootstrapping after [3s] unless existing master is discovered
[2019-08-28T15:10:46,954][INFO ][o.e.c.s.MasterService ] [localhost.localdomain] elected-as-master ([1] nodes joined)[{localhost.localdomain}{Jt3go99TTs6MRZ0syUrz7w}{pCHpJJ9TTza15OBC6xlowg}{127.0.0.1}{127.0.0.1:9300}{dim}{ml.machine_memory=3964243968, xpack.installed=true, ml.max_open_jobs=20} elect leader, BECOME_MASTER_TASK, FINISH_ELECTION], term: 15, version: 97, reason: master node changed {previous , current [{localhost.localdomain}{Jt3go99TTs6MRZ0syUrz7w}{pCHpJJ9TTza15OBC6xlowg}{127.0.0.1}{127.0.0.1:9300}{dim}{ml.machine_memory=3964243968, xpack.installed=true, ml.max_open_jobs=20}]}
[2019-08-28T15:10:47,931][INFO ][o.e.c.s.ClusterApplierService] [localhost.localdomain] master node changed {previous , current [{localhost.localdomain}{Jt3go99TTs6MRZ0syUrz7w}{pCHpJJ9TTza15OBC6xlowg}{127.0.0.1}{127.0.0.1:9300}{dim}{ml.machine_memory=3964243968, xpack.installed=true, ml.max_open_jobs=20}]}, term: 15, version: 97, reason: Publication{term=15, version=97}
[2019-08-28T15:10:48,188][INFO ][o.e.h.AbstractHttpServerTransport] [localhost.localdomain] publish_address {127.0.0.1:9200}, bound_addresses {[::1]:9200}, {127.0.0.1:9200}
[2019-08-28T15:10:48,189][INFO ][o.e.n.Node ] [localhost.localdomain] started
[2019-08-28T15:10:48,190][INFO ][c.f.s.SearchGuardPlugin ] [localhost.localdomain] Node started
[2019-08-28T15:10:48,191][INFO ][c.f.s.c.ConfigurationRepository] [localhost.localdomain] Check if searchguard index exists …
[2019-08-28T15:10:48,192][INFO ][c.f.s.c.ConfigurationRepository] [localhost.localdomain] searchguard index does not exist yet, so we create a default config
[2019-08-28T15:10:48,220][INFO ][c.f.s.SearchGuardPlugin ] [localhost.localdomain] 0 Search Guard modules loaded so far:
[2019-08-28T15:10:48,221][INFO ][c.f.s.c.ConfigurationRepository] [localhost.localdomain] Background init thread started. Install default config?: true
[2019-08-28T15:10:48,256][INFO ][c.f.s.c.ConfigurationRepository] [localhost.localdomain] Will create searchguard index so we can apply default config
[2019-08-28T15:10:49,180][ERROR][c.f.s.a.BackendRegistry ] [localhost.localdomain] Not yet initialized (you may need to run sgadmin)
[2019-08-28T15:10:49,193][ERROR][c.f.s.a.BackendRegistry ] [localhost.localdomain] Not yet initialized (you may need to run sgadmin)
[2019-08-28T15:10:49,286][ERROR][c.f.s.a.BackendRegistry ] [localhost.localdomain] Not yet initialized (you may need to run sgadmin)
[2019-08-28T15:10:49,322][ERROR][c.f.s.a.BackendRegistry ] [localhost.localdomain] Not yet initialized (you may need to run sgadmin)
[2019-08-28T15:10:49,393][ERROR][c.f.s.a.BackendRegistry ] [localhost.localdomain] Not yet initialized (you may need to run sgadmin)
[2019-08-28T15:10:50,346][INFO ][o.e.l.LicenseService ] [localhost.localdomain] license [37e7b3c0-762a-4210-8bf3-cb2dac7d6b5c] mode [basic] - valid
[2019-08-28T15:10:50,423][INFO ][o.e.g.GatewayService ] [localhost.localdomain] recovered [4] indices into cluster_state
[2019-08-28T15:10:51,066][ERROR][c.f.s.a.BackendRegistry ] [localhost.localdomain] Not yet initialized (you may need to run sgadmin)
[2019-08-28T15:10:51,909][ERROR][c.f.s.a.BackendRegistry ] [localhost.localdomain] Not yet initialized (you may need to run sgadmin)
[2019-08-28T15:10:54,080][ERROR][c.f.s.a.BackendRegistry ] [localhost.localdomain] Not yet initialized (you may need to run sgadmin)
[2019-08-28T15:10:54,426][ERROR][c.f.s.a.BackendRegistry ] [localhost.localdomain] Not yet initialized (you may need to run sgadmin)
[2019-08-28T15:10:55,087][INFO ][o.e.c.r.a.AllocationService] [localhost.localdomain] Cluster health status changed from [RED] to [YELLOW] (reason: [shards started [[.kibana_task_manager][0], [.kibana_1][0], [sg7-auditlog-2019.08.27][0]] …]).
[2019-08-28T15:10:56,247][ERROR][c.f.s.a.BackendRegistry ] [localhost.localdomain] Not yet initialized (you may need to run sgadmin)
[2019-08-28T15:10:56,344][INFO ][c.f.s.c.ConfigurationRepository] [localhost.localdomain] Search Guard License Info: No license needed because enterprise modules are not enabled
[2019-08-28T15:10:56,345][INFO ][c.f.s.c.ConfigurationRepository] [localhost.localdomain] Node ‘localhost.localdomain’ initialized
[2019-08-28T15:10:59,557][INFO ][o.e.c.m.MetaDataIndexTemplateService] [localhost.localdomain] adding template [.management-beats] for index patterns [.management-beats]

5

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.