All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Security Audit issue in Splunk App for Active Directory

Nguyen_Ma
Engager
‎07-11-2012 12:46 AM

Hi all,

When I access to any field of Security -> Audit in Splunk app for Active Directory. I received an error message [command="ldapsearch", IO::Socket::INET: connect: Connection refused]. I don't have much experience with Perl. Anyone help me by any advise?

Thank you so much

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Drainy
Champion
‎07-11-2012 12:49 AM

Have you verified the ldap server details in the config file? If you entered the wrong details then its quite likely you would receive a connection refused. Also if a local firewall is restricting access out of the local machine to the remote ldap server.

View solution in original post

Reply
Solved! Jump to solution

ahall_splunk
Splunk Employee
Splunk Employee
‎07-11-2012 06:57 AM

Following on from the excellent answer from Drainy, it's common to get a message "No matching fields exist" in the Administrator Audit - the page does six searches - if one of the searches has no results, then you get the error.

On your user audit page, it means that it could not find the username that you typed in. Make sure you are typing in the sAMAccountName of the account you want to view.

Reply
Solved! Jump to solution
Solution

Drainy
Champion
‎07-11-2012 12:49 AM

Have you verified the ldap server details in the config file? If you entered the wrong details then its quite likely you would receive a connection refused. Also if a local firewall is restricting access out of the local machine to the remote ldap server.

Reply
Solved! Jump to solution

Drainy
Champion
‎07-11-2012 02:21 AM

You need to verify your object definitions. It sounds like it cannot find them on the remote LDAP server

Reply
Solved! Jump to solution

Nguyen_Ma
Engager
‎07-11-2012 02:08 AM

Thank for your answer, I've just configured activedirectory.conf file and got new issue. I access to Security -> Audit -> Administrator Audit and got a message "No matching fields exist". Then I go to User Audit, I got an error message [command="ldapsearch", No such object]. My config file as below:

[server]
ldapurl=ldap://192.168.81.230
basedn=dc=vsslab,dc=com
bindas=cn=Administrator,cn=Users,dc=vsslab,dc=com
password=*******

My domain is vsslab.com

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...