Archive
Highlighted

Splunk Enterprise Login

Explorer

Hello all,

I am having problems logging into Enterprise. I've tried my username and password, admin and changeme after moving the opt/splunk/etc/ passwd file and renaming it. Still won't work. If there's any better way to reset to allow login, i'd appreciate it. It was working just fine yesterday.

Thank You

Tags (1)
0 Karma
Highlighted

Re: Splunk Enterprise Login

Ultra Champion

Google says - alt text

Did you restart splunk?

0 Karma
Highlighted

Re: Splunk Enterprise Login

Explorer

I did do ./splunk restart. No luck.

0 Karma
Highlighted

Re: Splunk Enterprise Login

SplunkTrust
SplunkTrust

Did you rename the right passwd file? Is Splunk installed somewhere else?

If you delete or rename the splunk_home/etc/passwd file and restart, it makes the admin password changeme everytime.

The only explanation is if you didn't rename the right file or some symbolic link exists.

0 Karma
Highlighted

Re: Splunk Enterprise Login

Explorer

jkat54
I believe I renamed the right file. Renamed passwd to passwd.back, a new file was then generated passwd. Did the restart and it won't allow me access. What could the symbolic link be you mentioned?

0 Karma
Highlighted

Re: Splunk Enterprise Login

Splunk Employee
Splunk Employee

Do you have another authentication method configured, such as SSO or SAML? If these are enabled, you need to disable them for the local passwords to be used.

0 Karma
Highlighted

Re: Splunk Enterprise Login

SplunkTrust
SplunkTrust

@esix is right. Do you have local authentication disabled?

/Applications/splunk/bin/splunk btool authentication list --debug

0 Karma
Highlighted

Re: Splunk Enterprise Login

Explorer

So once I get to the btool file in the bin, what would I need to do?

0 Karma
Highlighted

Re: Splunk Enterprise Login

SplunkTrust
SplunkTrust

That whole line is a command you can run to show what type of authentication you have setup. Post the outputp

0 Karma
Highlighted

Re: Splunk Enterprise Login

Explorer

Thank you, this was the output
authType = Splunk
passwordHashAlgorithm = SHA512-crypt
[cacheTiming]
getUserInfoTTL = 10s
getUsersTTL = 10s
userLoginTTL = 0
[secrets]
filename =
namespace = splunk

0 Karma