Deployment Architecture

LDAP how to deploy authentication.conf via deployment server

Path Finder

We are on splunk 4.3.2 and have distributed deployment with one of the search head acting as deployment server. I can configure LDAP strategy on the deployment server and connect to LDAP server without any issues ( users can logon as well). I have taken the authentication.conf and packged to my custom app and deployed in the deployment server. When I deploy this file to other user search heads, when users logon with their account, they are unable to logon. I think the issue is that the bind password is encrypted and when it gets pushed to other servers, it doesn't work. What's the correct way to ensure that the file can be added to custom app and pushed to all search heads?

Path Finder

I tried foll to get this working:
1)In each of the search head, entered the password manually ( via GUI) and it saved the password in etc/system/local/authentication.conf. ( this worked, but had to do in each search head).
2)Entered the readable password in the customapp/local/authentication.conf and reload the app to all search heads and deployment server. Then ran the reload auth command. This had ensured that the password is stored in encrypted form in all the SH and in deployment servers' /et/customapp/local/authentication.conf. The issue is though the password remains unencrypted in DS.

0 Karma

Splunk Employee
Splunk Employee

The authorize.conf contains a bind password. (and also ssl password in web.conf, and the passwd files)
The password get's encrypted when the splunk instance restarts using the hash file : $SPLUNK_HOME/etc/auth/splunk.secret (generated the first time splunk starts)

If you want to deploy config file with password to multiple servers, you have to make sure that they all have the same splunk.secret.
Otherwise, the file will be re-encrypted during the restart, and redeployed in loop.

Explorer

So how does the receiving server know that the password it receives is already hashed and doesn't hash the hashed password again.

If I understand the process correctly I should copy the splunk.secret to each server that is going to get the authentication.conf file deployed to it. Then grab a hashed version of the authentication.conf file and add it to the deployment-apps.

0 Karma

Contributor
0 Karma

Path Finder

Thanks.Let me check this and come back.

0 Karma