[BUG] login failed: Invalid username or password, please try again

[r0736202]

I need to login to access my opensearch dashboard
but it says Invalid username or password, please try again

Ive never changed the credentials, so i used admin:admin --> DOESNT WORK
i looked into my opensearch_dashboard.yml CONFIG file and it says

kibanaserver:kibanaserver
but that also didnt work

im clueless, please help!

im using the latest opensearch-oss image and opensearch-dashboard via docker-compose

this is my docker-compose for opensearchdashboard

[kavilla]

Hello @r0736202,

Thank you for opening. Are you loading your opensearch_dashboards.yml like this? If so you probably don't need to set the environment variable. Can you inspect the network tab and tell me what you see?

Or if you are able to share your docker-compose file. I believe seeing OPENSEARCH_HOSTS=["http: looks incorrect and most likely your OpenSearch Dashboards is starting but not actually communicating with OpenSearch.

[ananzh]

Hi @r0736202

could try change http to https and see if work

[r0736202]

Hi @r0736202

could try change http to https and see if work

No im using http instead of https, thanks for your comment tho <3

[r0736202]

Hello @r0736202,

Thank you for opening. Are you loading your opensearch_dashboards.yml like this? If so you probably don't need to set the environment variable. Can you inspect the network tab and tell me what you see?

Or if you are able to share your docker-compose file. I believe seeing OPENSEARCH_HOSTS=["http: looks incorrect and most likely your OpenSearch Dashboards is starting but not actually communicating with OpenSearch.

No im not loading my .yml like that, and this is my network

below is my docker compose


node 2 and logstash, not very important here, they both work:

thank you

[ananzh]

@r0736202
I do see some strange stuff in your docker-compose file. Since you are trying to disable security in os and osd, the admin and admin should should not work. If you want to use security, you could modify your docker-compose file by removing the DISABLE_SECURITY_PLUGIN=true , DISABLE_SECURITY_DASHBOARDS_PLUGIN=true and etc. A reference is below:

version: '3'
services:
  opensearch-node1:
    image: opensearchproject/opensearch:2.0.0
    container_name: opensearch-node1
    environment:
      - cluster.name=opensearch-cluster
      - node.name=opensearch-node1
      - discovery.seed_hosts=opensearch-node1,opensearch-node2
      - cluster.initial_master_nodes=opensearch-node1,opensearch-node2
      - bootstrap.memory_lock=true # along with the memlock settings below, disables swapping
      - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536 # maximum number of open files for the OpenSearch user, set to at least 65536 on modern systems
        hard: 65536
    volumes:
      - opensearch-data1:/usr/share/opensearch/data
    ports:
      - 9200:9200
      - 9600:9600 # required for Performance Analyzer
    networks:
      - opensearch-net
  opensearch-node2:
    image: opensearchproject/opensearch:2.0.0
    container_name: opensearch-node2
    environment:
      - cluster.name=opensearch-cluster
      - node.name=opensearch-node2
      - discovery.seed_hosts=opensearch-node1,opensearch-node2
      - cluster.initial_master_nodes=opensearch-node1,opensearch-node2
      - bootstrap.memory_lock=true
      - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    volumes:
      - opensearch-data2:/usr/share/opensearch/data
    networks:
      - opensearch-net
  opensearch-dashboards:
    image: opensearchproject/opensearch-dashboards:2.0.0
    container_name: opensearch-dashboards
    ports:
      - 5601:5601
    expose:
      - "5601"
    environment:
      OPENSEARCH_HOSTS: '["https://opensearch-node1:9200","https://opensearch-node2:9200"]' # must be a string with no spaces when specified as an environment variable
    networks:
      - opensearch-net

volumes:
  opensearch-data1:
  opensearch-data2:

networks:
  opensearch-net:

[ananzh]

@r0736202 I did check the below docker with security and admin:admin works fine. More reference could be found here

[r0736202]

@r0736202 I did check the below docker with security and admin:admin works fine. More reference could be found here

yeah when i tested it, i ofcourse enabled security and it still wouldnt work
now ive found my problem:
i dont have the security plugin installed for opensearch (not opensearch dashboard)
plugin: opensearch-security 1.3.2.0

but it doesnt let me install it

[ananzh]

@r0736202 did you remove DISABLE_SECURITY_PLUGIN=true? or could you try my docker-compose.yml and see if it could help you start the container and run OSD successfully ?

[eogredici]

Hi @r0736202 ,
If your problem still persists, I faced the same problem. I fixed this issue, change plugins.security.disabled to:false
at opensearch.yml. Your specs may be plugins.security.disabled to:true.

Opensearch version: 2.3.0
OSD version: 2.3.0
I used tarball for the install method.

[ashokfredrick]

Hi Friends, I'm also facing the same issue, please advise.

Issue : Not able to login with initial ID&pwd in opensearch dashbaords and getting 404.

RPM installation

[ashokfredrick]

Hi @eogredici,

Tried with opensearch.yml / plugins.security.disabled to:false but not working for me.Any idea, please?

[kavilla]

Hi @eogredici,

Tried with opensearch.yml / plugins.security.disabled to:false but not working for me.Any idea, please?

Hello!

Can you confirm if the security dashboards plugin is still enabled or installed?

You will have to make sure to disable it for dashboards and remove any configurations related to it in opensearch_dashboards.yml

REF: https://opensearch.org/docs/latest/security-plugin/configuration/disable

[ashokfredrick]

Hi Kavilla,

Thanks for your reply.

Can you confirm if the security dashboards plugin is still enabled or installed?
You will have to make sure to disable it for dashboards and remove any configurations related to it in opensearch_dashboards.yml
Means you want to uninstall all plugins (currently 10(2.3) plugins are there in my server?
have added plugins.security.disabled: true in opensearch.yml , possible pls share me the opensearch and opensearch-dashboard.yml for rpm installation for the default user (kibanaserver).

Thanks in advance.

[eogredici]

Hi @eogredici,

Tried with opensearch.yml / plugins.security.disabled to:false but not working for me.Any idea, please?

Hi @ashokfredrick ,

Could you please share your opensearch.yml

I will share my opensearch.yml and opensearch_dashboards.yml to bellow;

opensearch.yml

network.host: 0.0.0.0
discovery.type: single-node
plugins.security.disabled: false

plugins.security.ssl.transport.pemcert_filepath: $YOUR_PATH/node1.pem
plugins.security.ssl.transport.pemkey_filepath: $YOUR_PATH/node1-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: $YOUR_PATH/root-ca.pem
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.http.enabled: true
plugins.security.ssl.http.pemcert_filepath: $YOUR_PATH/node1.pem
plugins.security.ssl.http.pemkey_filepath: $YOUR_PATH/node1-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: $YOUR_PATH/root-ca.pem
plugins.security.allow_default_init_securityindex: true
plugins.security.authcz.admin_dn:
#Change it according to your configuration
  - 'CN=XXXX,OU=XXXX,O=XXXX,L=XXXX,ST=XXXX,C=XXXX'
plugins.security.nodes_dn:
#Change it according to your configuration
  - 'CN=XXXX,OU=XXXX,O=XXXX,L=XXXX,ST=XXXX,C=XXXX'
plugins.security.audit.type: internal_opensearch
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]

opensearch_dashboards.yml ;

opensearch.hosts: ["https://localhost:9200"]
opensearch.ssl.verificationMode: none
opensearch.username: "**username**"
opensearch.password: "**password**"
opensearch.requestHeadersAllowlist: [ authorization,securitytenant ]
server.ssl.enabled: false
#server.ssl.certificate: $YOUR_PATH/client.pem
#server.ssl.key: $YOUR_PATH/client-key.pem
#opensearch.ssl.certificateAuthorities: [ "**$YOUR_PATH**/root-ca.pem","**$YOUR_PATH**/root-ca-key.pem"]
opensearch_security.multitenancy.enabled: true
opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
opensearch_security.cookie.secure: false

[ashokfredrick]

Hi @eogredici,

Thanks for the details.

I have tried with your yml (opensearch.yml and opensearch-dashboard.yml) file without plugins.security settings for opensearch.yml and it's not working for me.
Error message : Error Code:404 / Unauthorized / authentication required.
FYI, i'm not using any ssl/certs/ldaps config from my server and just trying with default.

Please advise.

[jamie-chapman]

Having the same issue here, I'm creating a docker-compose file to test my ELK stack locally. I'm using http and have plugins.security.disabled=true, then trying to log in with admin as username and password is now failing.

As I understand from this https://opensearch.org/docs/latest/dashboards/install/plugins#remove-plugins I need to disable security in the dashboard too?

However I'm not sure how to do this in the environment variables currently.

[quickbooks2018]

I am using terraform getting the same error "Log In Invalid username or password, please try again"

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::123456789:user/cloud_user",
""
]
},
"Action": "es:",
"Resource": "arn:aws:es:us-east-1:123456789:domain/cloudgeeks-opensearch/*"
}
]
}

module.opensearch.elasticsearch_opensearch_roles_mapping.master_user_arn["security_manager"]: Creating...
module.opensearch.elasticsearch_opensearch_roles_mapping.master_user_arn["all_access"]: Creating...
╷
│ Error: ElasticSearch version 2.3.0 is older than 6.0.0 and is not supported, flavor: 0.
│
│ with module.opensearch.elasticsearch_opensearch_roles_mapping.master_user_arn["all_access"],
│ on .terraform/modules/opensearch/role_mapping.tf line 16, in resource "elasticsearch_opensearch_roles_mapping" "master_user_arn":
│ 16: resource "elasticsearch_opensearch_roles_mapping" "master_user_arn" {
│
╵
╷
│ Error: ElasticSearch version 2.3.0 is older than 6.0.0 and is not supported, flavor: 0.
│
│ with module.opensearch.elasticsearch_opensearch_roles_mapping.master_user_arn["security_manager"],
│ on .terraform/modules/opensearch/role_mapping.tf line 16, in resource "elasticsearch_opensearch_roles_mapping" "master_user_arn":
│ 16: resource "elasticsearch_opensearch_roles_mapping" "master_user_arn" {
│

manually I have to create a user to access for a fix

[ananzh]

@quickbooks2018
Seems there are two issues here in the log:

• Invalid Username or Password: This error is occurring because the username or password you are using to authenticate with AWS is incorrect.
• Version conflict Error: ElasticSearch version 2.3.0 is older than 6.0.0 and is not supported, flavor: 0.. Seems you are using ElasticSearch 2.3.0 or OpenSearch? But ur terraform script suggests that you must use a version of Elasticsearch that is 6.0.0 or newer.

Then you mentioned that the issue can be resolved by manually create a user to access. So it seems to me that the issue is more likely due to the script not working as expected. My guess is that by manually creating a user could be to ensure there's a user with appropriate permissions that can interact with AWS services (in this case, potentially the AWS OpenSearch service). So the issue might with how the terraform script is handling AWS authentication or if there's a problem with the terraform module's handling of IAM roles and permissions.

Since this issue is posted for a while, have you already resolve it? any updates? If not, could you share more about your config especially the terraform script or module you use? Thx.

[feiyu15]

Hi @eogredici,
Tried with opensearch.yml / plugins.security.disabled to:false but not working for me.Any idea, please?

Hello!

Can you confirm if the security dashboards plugin is still enabled or installed?

You will have to make sure to disable it for dashboards and remove any configurations related to it in opensearch_dashboards.yml

REF: https://opensearch.org/docs/latest/security-plugin/configuration/disable

thank you.

I had the same problem and it was resolved.
If the security configuration is not enabled.
Then both opensearch and opensearch dashboard need to turn off security.
opensearch:
plugins.security.disabled: true
opensearch dashboard:
Delete the security plugins folder

https://opensearch.org/docs/latest/security/configuration/disable/
https://opensearch.org/docs/latest/install-and-configure/install-dashboards/plugins/#remove-plugins

[kid1412621]

is there any env var like to config in docker-compose.yml?
OPENSEARCH_USERNAME=admin
OPENSEARCH_PASSWORD=admin

[salamer]

Any Progress?

[Uysim]

Any update about this? I should be the priority one.

[ananzh]

@Uysim @salamer
I think from the previous discussion there are several working options

• [BUG] login failed: Invalid username or password, please try again #1611 (comment) which has a reference docker-compose file.
• [BUG] login failed: Invalid username or password, please try again #1611 (comment)

What are your docker-compose file and errors?

[aleksbal]

I also experience the same problem. Just can't log in with default credentials set in opensearch-dashboards. No Docker, direct installation. In my opinion cluster nodes and their security config has nothing to do with the dashboards which is an application on its own!

[ajbeach2]

I am having the same issue. I am using the docker-compose file provided in the docs, and the dashboard does not allow me to login with admin/password that is set the docker-compose file

[t-morisawa]

I cannot login admin:admin or admin:${OPENSEARCH_INITIAL_ADMIN_PASSWORD} either.
But I was able to login kibanaserver:kibanaserver.
(v2.13.0, docker compose from https://opensearch.org/docs/2.13/install-and-configure/install-opensearch/docker/

there is no admin user.

curl -XGET "https://localhost:9200/_plugins/_security/authinfo" -u 'kibanaserver:kibanaserver' --insecure
{"user":"User [name=kibanaserver, backend_roles=[], requestedTenant=null]","user_name":"kibanaserver","user_requested_tenant":null,"remote_address":"192.168.65.1:40192","backend_roles":[],"custom_attribute_names":[],"roles":["own_index","kibana_server"],"tenants":{"kibanaserver":true},"principal":null,"peer_certificates":"0","sso_logout_url":null}

[Bdthomson]

I can confirm that kibanaserver:kibanaserver on the Opensearch dashboard works. I was following https://opensearch.org/docs/latest/getting-started/quickstart/ and no variation of admin username and admin as the password, or trying my custom admin password would work.

[isliudong]

有人吗，admin 设置密码后无法登录 无语了

[dipanshuchaubey]

username: kibanaserver
password: kibanaserver

worked for me, there is no admin user

[bonanzadigger]

I have installed OS and OSD without Docker as normal installation on Ubuntu 22.04 (installed version of OS and OSD: v2.5.0)

After edited "opensearch.yml" and set "plugins.security.disabled: true" to "plugins.security.disabled: false" it WORKED Like a charm ;-)

P.S. the user/password combination using "kibanaserver" as both values also worked fine in this context. I was not able to define another user/password combination. It was mandatory for me.

I am very confused, that this heavy issue - reported by many users - is still unresolved.
EVEN AFTER 2 YEARS!!!
UNBELIEVABLE - just ignoring!!

[ValfarDeveloper]

Things like this makes me wondering if I'm in the right place, or if I should migrate back to Elastic Search. This is very simple, and hasn't been resolved yet... I don't want to imagine what is happening with bigger/critical issues.