All Apps and Add-ons

SA-ldapsearch.log is missing - AD domain not found

New Member

Hi all,
In my test environment,
1 Domain controller windows server 2012 r2 , ip 172.16.1.10 , fqdn=spdc.nwtraders.msft
1 member server(windows server 2008 r2, .net 45 is installed , powershell 3 is installed) which splunk(splunk-6.1.3-220630-x64-release.msi) runs on it.

I have installed universal forwarder(splunkforwarder-6.1.3-220630-x64-release) on domain controller and have copied SA-ModularInput-PowerShell, SplunkTAwindows, TA-DNSServer-NT6, TA-DomainController-2012R2 in C:\Program Files\SplunkUniversalForwarder\etc\apps folder.

powershell app,microsoft windows app,sa-ldapsearch app,windows infrastruce apps are installed on splunk instance which is run on member server.

Splunk has a receiver and listens on tcp 12345 which UF uses to forward data as well

When I try to detect; domain,domain controller,users,computers are not found

The configuration of ldap.conf(Program Files\Splunk\etc\apps\SA-ldapsearch\local) file is shown as below.

[nwtraders.msft]
server = spdc.nwtraders.msft
port = 389
ssl = false
basedn = DC=nwtraders,DC=msft
binddn = cn=Administrator,cn=Users,DC=nwtraders,DC=msft
password = Password1
alternatedomain = NWTRADERS

[default]
server = 172.16.1.10

SA-ldapsearch.log file is also missing! So I could not troubleshoot the issue.
Any help would be nice
Regards

Tags (3)
0 Karma

Path Finder

Hi, can you try to modify your ldap.conf has follow:

[default]
server = spdc.nwtraders.msft
port = 389
ssl = false
basedn = DC=nwtraders,DC=msft
binddn = cn=Administrator,cn=Users,DC=nwtraders,DC=msft
password = Password1
alternatedomain = NWTRADERS

The SA-ldapsearch.log should be in $SPLUNK_HOME/var/log/splunk/SA-ldapsearch.log

Thank you

0 Karma

Explorer

I'm having the same problem. Ever find a solution?

0 Karma

New Member

At least, has anyone got and idea about why sa-ldapsearch.log is missing ?

0 Karma