User authentication refused when we use the ELK (CE) APIs
21 views
Skip to first unread message
plaz3...@gmail.com
Dec 13, 2018, 3:08:24 AM12/13/18
to Search Guard Community Forum
Hi,
We are trying to use API available in ELK Community Edition to manage elastic indexes, import dashboard, etc ...
With ELK CE we can use it without problem. When we use SearchGuard plugin (CE) API authentication is refused even if we use the demo users database and even if it is the admin user.
Is it possible to use Elastic & Kibana API with SearchGuard (CE) plugin ? and if not, is it possible to deactivate Searchguard (CE) plugin for the API in order to use like we did with ELK CE. (no user authentication) ?
Thank for your support.
* Search Guard and Elasticsearch version: 6.4.3
* Installed and used enterprise modules, if any NO
SG
Dec 13, 2018, 5:21:04 AM12/13/18
to search...@googlegroups.com
Kibana API should work fine with Search Guard CE
Can you please provide the following informations so that we help to track down this issue:
- ES/Kibana and SG version you are using
- kibana.yml and elasticsearch.yml
- The API call which fails (including exact response)
- ES + Kibana logs
> --
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/323bd5a7-293f-49f9-98bd-b4744bedb96e%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Can you please provide the following informations so that we help to track down this issue:
- ES/Kibana and SG version you are using
- kibana.yml and elasticsearch.yml
- The API call which fails (including exact response)
- ES + Kibana logs
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/323bd5a7-293f-49f9-98bd-b4744bedb96e%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Message has been deleted
SG
Dec 14, 2018, 1:03:12 AM12/14/18
to search...@googlegroups.com
Problem seems to be
[2018-12-13T06:09:20,425][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for elastic
[2018-12-13T06:09:21,464][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for elastic
[2018-12-13T06:09:43,265][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for admin
[2018-12-13T06:09:44,295][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for admin
[2018-12-13T06:15:54,985][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for admin
[2018-12-13T06:15:55,999][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for admin
[2018-12-13T06:19:00,254][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for pascal.lazaridis
[2018-12-13T06:19:01,269][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for pascal.lazaridis
[2018-12-13T06:19:44,182][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for kibanaserver
[2018-12-13T06:19:45,202][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for kibanaserver
[2018-12-13T06:20:32,852][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for kibanaro
[2018-12-13T06:20:33,866][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for kibanaro
[2018-12-13T06:21:09,221][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for snapshotrestore
[2018-12-13T06:21:10,236][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for snapshotrestore
[2018-12-13T19:35:58,128][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for snapshotrestore
[2018-12-13T19:35:59,165][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for snapshotrestore
[2018-12-13T19:36:39,963][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for admin
[2018-12-13T19:36:40,993][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for admin
Can you please also attach your sg_config.yml and sg_internal_users.yml (just to make sure config is ok)
> Am 13.12.2018 um 20:48 schrieb plaz3...@gmail.com:
>
> Thank you for your support. Please find hereunder the requested information:
>
> ELK_VERSION=6.4.3
> SG_VERSION=23.1
> SG_VERSION_KIBANA=15
> ========================
> Kibana API requests:
> 1) restore dashboards:
> curl -u admin:admin -X POST "http://192.168.213.128:8082/api/kibana/dashboards/import?force=true" -H "kbn-xsrf: true" -H "Content-Type: application/json" --data-binary "@/opt/dataDisk/KIBANA_ELK.json"
>
> 2) set default kibana index
> curl -u admin:admin -X POST "http://192.168.213.128:8082/api/kibana/settings/defaultIndex" -H "kbn-xsrf: true" -H "kbn-xsrf: true" -d {"value": "51353aa0-d56b-11e8-a5e1-8df6c780d644"}"
>
> ** No reply received.from the server
> ========================
>
> ES & Kibana logs files and their configuration files are attached to this message.
>
> Thank you !
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/c86c6c4e-9e31-4ece-b7ee-0ecd11bad1fd%40googlegroups.com.
[2018-12-13T06:09:20,425][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for elastic
[2018-12-13T06:09:21,464][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for elastic
[2018-12-13T06:09:43,265][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for admin
[2018-12-13T06:09:44,295][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for admin
[2018-12-13T06:15:54,985][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for admin
[2018-12-13T06:15:55,999][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for admin
[2018-12-13T06:19:00,254][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for pascal.lazaridis
[2018-12-13T06:19:01,269][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for pascal.lazaridis
[2018-12-13T06:19:44,182][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for kibanaserver
[2018-12-13T06:19:45,202][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for kibanaserver
[2018-12-13T06:20:32,852][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for kibanaro
[2018-12-13T06:20:33,866][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for kibanaro
[2018-12-13T06:21:09,221][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for snapshotrestore
[2018-12-13T06:21:10,236][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for snapshotrestore
[2018-12-13T19:35:58,128][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for snapshotrestore
[2018-12-13T19:35:59,165][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for snapshotrestore
[2018-12-13T19:36:39,963][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for admin
[2018-12-13T19:36:40,993][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for admin
Can you please also attach your sg_config.yml and sg_internal_users.yml (just to make sure config is ok)
> Am 13.12.2018 um 20:48 schrieb plaz3...@gmail.com:
>
> Thank you for your support. Please find hereunder the requested information:
>
> ELK_VERSION=6.4.3
> SG_VERSION=23.1
> SG_VERSION_KIBANA=15
> ========================
> Kibana API requests:
> 1) restore dashboards:
> curl -u admin:admin -X POST "http://192.168.213.128:8082/api/kibana/dashboards/import?force=true" -H "kbn-xsrf: true" -H "Content-Type: application/json" --data-binary "@/opt/dataDisk/KIBANA_ELK.json"
>
> 2) set default kibana index
> curl -u admin:admin -X POST "http://192.168.213.128:8082/api/kibana/settings/defaultIndex" -H "kbn-xsrf: true" -H "kbn-xsrf: true" -d {"value": "51353aa0-d56b-11e8-a5e1-8df6c780d644"}"
>
> ** No reply received.from the server
> ========================
>
> ES & Kibana logs files and their configuration files are attached to this message.
>
> Thank you !
> For more options, visit https://groups.google.com/d/optout.
> <elasticsearch.yml><kibana.yml><KIBANA.log><ES.log>
plaz3...@gmail.com
Dec 14, 2018, 12:09:38 PM12/14/18
to search...@googlegroups.com
Hi,
In fact I found the problem and it was due to a bad curl request.
Sorry to have posted my support request may be too quickly.
Thank you again !
Reply all
Reply to author
Forward
0 new messages