I am having problems logging into Enterprise. I've tried my username and password, admin and changeme after moving the opt/splunk/etc/ passwd file and renaming it. Still won't work. If there's any better way to reset to allow login, i'd appreciate it. It was working just fine yesterday.
Did you rename the right passwd file? Is Splunk installed somewhere else?
If you delete or rename the splunk_home/etc/passwd file and restart, it makes the admin password changeme everytime.
The only explanation is if you didn't rename the right file or some symbolic link exists.
I believe I renamed the right file. Renamed passwd to passwd.back, a new file was then generated passwd. Did the restart and it won't allow me access. What could the symbolic link be you mentioned?
Do you have another authentication method configured, such as SSO or SAML? If these are enabled, you need to disable them for the local passwords to be used.
Thank you, this was the output
authType = Splunk
passwordHashAlgorithm = SHA512-crypt
getUserInfoTTL = 10s
getUsersTTL = 10s
userLoginTTL = 0
namespace = splunk