ERROR3099 API Invalid credentials
1,560 views
Skip to first unread message
Nicolas Apelbaum
Jun 20, 2023, 9:25:09 AM6/20/23
to Wazuh mailing list
Hey All,
We just upgraded to latest version and now for some reason the api user is not working.
I've re created it using the following command
curl -k -X POST "https://localhost:55000/security/users?pretty=true" -H "accept: application/json" -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -d "{\"username\":\"<USER>\",\"password\":\"<PASSWORD>\"}"
curl -k -X POST "https://localhost:55000/security/users?pretty=true" -H "accept: application/json" -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -d "{\"username\":\"<USER>\",\"password\":\"<PASSWORD>\"}"
I've updated the conf file
/usr/share/kibana/data/wazuh/config/wazuh.yml:
hosts:
- 1578471002127:
url: https://<IP>
port: 55000
user: <USER>
password: <PASS>
/usr/share/kibana/data/wazuh/config/wazuh.yml:
hosts:
- 1578471002127:
url: https://<IP>
port: 55000
user: <USER>
password: <PASS>
While trying to test the api from the web I'm getting the following err:
the log shows
Jun 20, 2023 @ 16:15:00 ERROR Request failed with status code 401
Jun 20, 2023 @ 16:15:00 ERROR Request failed with status code 401
using curl with the same user works fine:
curl -k -X GET "https://localhost:55000/" -H "Authorization: Bearer $TOKEN"
{"data": {"title": "Wazuh API REST", "api_version": "4.4.4", "revision": 40411, "license_name": "GPL 2.0", "license_url": "https://github.com/wazuh/wazuh/blob/v4.4.4/LICENSE", "hostname": "<HOST NAME>", "timestamp": "2023-06-20T13:22:58Z"}, "error": 0}
curl -k -X GET "https://localhost:55000/" -H "Authorization: Bearer $TOKEN"
{"data": {"title": "Wazuh API REST", "api_version": "4.4.4", "revision": 40411, "license_name": "GPL 2.0", "license_url": "https://github.com/wazuh/wazuh/blob/v4.4.4/LICENSE", "hostname": "<HOST NAME>", "timestamp": "2023-06-20T13:22:58Z"}, "error": 0}
I will really appreciate some help :)
Bin Do Tuan Anh
Jun 20, 2023, 10:22:58 AM6/20/23
to Wazuh mailing list
Hi,
There is an administrator API user (the user used for communications between Wazuh dashboard and the Wazuh manager API) - it is wazuh-wui. It is not the same user that login to Wazuh Dashboard. You can change (and it is recommended to do it) the password of the user (after the change you will need to update the file /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml and restart Wazuh Dashboard to apply the changes). Here you can find more about it:
Also, you can check here how to create an admin user: https://documentation.wazuh.com/current/user-manual/user-administration/rbac.html#creating-and-setting-a-wazuh-admin-user
Best regards,
Bin.
Nicolas Apelbaum
Jun 21, 2023, 3:20:24 AM6/21/23
to Wazuh mailing list
Hey,
We are using elastic not OpenSearch.
I've created the user using this article:
https://documentation.wazuh.com/current/user-manual/api/rbac/configuration.html#create-a-new-user
I've also assign it role 1 just like wazuh and wazuh-wui.
I've created the user using this article:
https://documentation.wazuh.com/current/user-manual/api/rbac/configuration.html#create-a-new-user
I've also assign it role 1 just like wazuh and wazuh-wui.
when im running api requests it work with no issues, on the wazuh app it doesn't work though.
User name and password are the same on wazuh.yml and curl.
User name and password are the same on wazuh.yml and curl.
I managed to solve it by removing the configuration in wazuh.yml and then add them again.
I dont know why it solved it but....
Nicolas
suricata
Sep 27, 2023, 1:12:28 AM9/27/23
to Wazuh | Mailing List
Hello,
Yesterday I had the same problem when updating to version v4.5.2. I rebooted several times and it didn't work. I left it and today it is working correctly.
Saludos,
Greetings,
Reply all
Reply to author
Forward
0 new messages