Re: Getting an error in checking authentication.co...

gekoner · ‎11-29-2012

We are getting the following error on one of our Search Heads.
Splunk ver = 4.2.3
This happens when we run the "splunk btool check --debug" command.
Any ideas what we messed up? I think this is a bug.

Possible typo in stanza [roleMap] in /opt/splunk/etc/.... line **: user = SplunkAdmin

seanwong · ‎11-29-2012

It sounds to me like you have defined a custom group called SplunkAdmin with a specific privilege level that "user" is assigned to.

Can you check your authorize.conf and see if stanza along the lines of
[role_SplunkAdmin]

Did this happen after a splunk upgrade? If it did, you may want to open up a case with splunk and get a splunkdiag going.

gekoner · ‎11-29-2012

I do not have a [role_SplunkAdmin] entry in authorize.conf
This didn't happen after an upgrade perse, but this might have been an issue since we upgraded to 4.2.x

Isn't the issue with the [roleMap] syntax?

Getting an error in checking authentication.conf

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation