Hi splunkers,
We are having multisite architecture in our organization which is running on splunk version 7.3.6. This version ig going to end of support after 22 october 2021. We are upgrading version to 8.1 but after upgrade are not able to login into splunk through web. Even in internal logs are seeing this error message "ERROR [614c8c71667f891f364ad0] config:140 - [HTTP 401] Client is not authenticated Traceback (most recent call last):".
But on test environemnt we haven't got this issue. For login into splunk having facility of LDAP and IDM . All IDM roles are mapping and working fine with existing version and also working on test environment with version 8.1.
This could be a couple of issues. First to check would be that all your $SPLUNK_HOME directories/configs are still owned by your Splunk user (splunk:splunk e.g.) and didn't change to root during your upgrade.
Also, I think the password hashing algorithm was changed between those two versions. So you may need to reset the admin password via the cmd line and do the same for your bindDN user account if LDAP is not working.
Admin password change would require cycling Splunk, bindDN account password change would not require cycling Splunk if you use the web UI. Don't forget to verify user:group ownership on both configs if you modify them as root.
hello codebuilder,
I have upgraded version on cluster master only and trying to login but no luck . Should I need to upgrade complete infra first (including Indexer, SH, Deployer and Deployment server) and then try to login.Please assist.