https://community.splunk.com/t5/Security/Scripted-SSO-auth-errors-on-indexer-cluster/m-p/403534#M9759 <P>We have a clustered setup with server types including an indexer cluster, a search head cluster, and a separate cluster master.</P> <P>We've implemented SSO with an auth script, but still receive messages from our indexers in splunkd.log to the effect of: <CODE>ERROR AuthenticationManagerScripted - Script function getUserInfo failed for user: nobody</CODE>. How can I get rid of this? Is this an indication of failed functionality when searches are executed by the (internal) <CODE>nobody</CODE> user?</P> <P>We also see these for bot users, which are local Splunk accounts in the search head cluster. Do I need to ensure these users exist on the indexer cluster as well?</P> Fri, 18 May 2018 02:51:14 GMT krisreeves 2018-05-18T02:51:14Z https://community.splunk.com/t5/Security/Scripted-SSO-auth-errors-on-indexer-cluster/m-p/403534#M9759 <P>We have a clustered setup with server types including an indexer cluster, a search head cluster, and a separate cluster master.</P> <P>We've implemented SSO with an auth script, but still receive messages from our indexers in splunkd.log to the effect of: <CODE>ERROR AuthenticationManagerScripted - Script function getUserInfo failed for user: nobody</CODE>. How can I get rid of this? Is this an indication of failed functionality when searches are executed by the (internal) <CODE>nobody</CODE> user?</P> <P>We also see these for bot users, which are local Splunk accounts in the search head cluster. Do I need to ensure these users exist on the indexer cluster as well?</P> Fri, 18 May 2018 02:51:14 GMT https://community.splunk.com/t5/Security/Scripted-SSO-auth-errors-on-indexer-cluster/m-p/403534#M9759 krisreeves 2018-05-18T02:51:14Z https://community.splunk.com/t5/Security/Scripted-SSO-auth-errors-on-indexer-cluster/m-p/403535#M9760 <P>Can you test this script:<BR /> <A href="http://docs.splunk.com/Documentation/Splunk/7.0.3/Security/Createtheauthenticationscript#Test_the_script">http://docs.splunk.com/Documentation/Splunk/7.0.3/Security/Createtheauthenticationscript#Test_the_script</A></P> Fri, 18 May 2018 03:58:16 GMT https://community.splunk.com/t5/Security/Scripted-SSO-auth-errors-on-indexer-cluster/m-p/403535#M9760 p_gurav 2018-05-18T03:58:16Z https://community.splunk.com/t5/Security/Scripted-SSO-auth-errors-on-indexer-cluster/m-p/403536#M9761 <P>The script works fine, but fails for the user "nobody", since that is not a SSO user. It's a special Splunk user / the lack of a user. <A href="http://docs.splunk.com/Documentation/Splunk/6.5.4/DistSearch/Whatsearchheadssend#User_authorization">The docs</A> state that the search heads send the authorization information to the peers at search time, so I'm not expecting this script to be run on search peers at all.</P> Fri, 18 May 2018 15:11:40 GMT https://community.splunk.com/t5/Security/Scripted-SSO-auth-errors-on-indexer-cluster/m-p/403536#M9761 krisreeves 2018-05-18T15:11:40Z