Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

splunk forwarder : Remote login has been disabled for 'admin' with the default password. How to login or reset password?

mikki
Explorer
‎06-13-2024 02:47 PM

Upgraded universal splunk universal forwarder from 9.0.2 to 9.1.0. 

./splunk list monitor gives me the following error with default password : "Remote login has been disabled for 'admin' with the default password. Either set the password, or override by changing the 'allowRemoteLogin' setting in your server.conf file." for the first time.

./splunk edit user admin -password <newpassword> -auth admin:changeme

tried above command to reset default password: still gives me : "Remote login has been disabled for 'admin' with the default password. Either set the password, or override by changing the 'allowRemoteLogin' setting in your server.conf file."

Looking for any answers.

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

P_vandereerden
Splunk Employee
Splunk Employee
‎06-13-2024 04:18 PM

Have you tried the second option (allowRemoteLogin)? I can't say I've seen this myself, but it could be that you need to temporarily change that setting to get around the default password problem. If that works, then once you've changed your password, you should be able to revert the allowRemoteLogin setting.

The following should help for values:

# The following 'allowRemoteLogin' setting controls remote management of your splunk instance.
#  - If set to 'always', all remote logins are allowed.
#  - If set to 'never', only local logins to splunkd will be allowed. Note that this will still allow
#    remote management through splunkweb if splunkweb is on the same server.
#  - If set to 'requireSetPassword' (default behavior):
#     1. In the free license, remote login is disabled.
#     2. In the pro license, remote login is only disabled for the admin user that has not changed their default password
Paul van der Eerden,
Breaking software for over 20 years.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

mikki
Explorer
‎06-13-2024 08:37 PM

setting "allowRemoteLogin" in server.conf did allow default password and then I changed the password using above ./splunk edit user ...

Thanks.

0 Karma
Reply
Solved! Jump to solution
Solution

P_vandereerden
Splunk Employee
Splunk Employee
‎06-13-2024 04:18 PM

Have you tried the second option (allowRemoteLogin)? I can't say I've seen this myself, but it could be that you need to temporarily change that setting to get around the default password problem. If that works, then once you've changed your password, you should be able to revert the allowRemoteLogin setting.

The following should help for values:

# The following 'allowRemoteLogin' setting controls remote management of your splunk instance.
#  - If set to 'always', all remote logins are allowed.
#  - If set to 'never', only local logins to splunkd will be allowed. Note that this will still allow
#    remote management through splunkweb if splunkweb is on the same server.
#  - If set to 'requireSetPassword' (default behavior):
#     1. In the free license, remote login is disabled.
#     2. In the pro license, remote login is only disabled for the admin user that has not changed their default password
Paul van der Eerden,
Breaking software for over 20 years.
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...