Security

Cannot login - already tried the admin/changeme thing!

manfrmuncle
New Member

Installed today.

The first time I went to login, I got the error message. I did the admin/changeme dance - got in no problem.

Worked great.

Timed out and Splunk said I need to log in again.

I have made several attempts to log in but cannot. I tried the admin/changeme dance again - NO LUCK!

SO - I went to the website, splunk.com and was able to log in with my user name and password on the website.

I STILL CANNOT LOG INTO MY SPLUNK SERVER ON MY LAPTOP.

Whats up with that?

Any good, quick solutions would be greatly appreciated.

Tags (1)
0 Karma

SteveKihiu
New Member

@Mus where do i type those commands?

Its really hard to understand why they have not fixed this issue already. It has been bugging me for 2 days and i have been completely unable to proceed. I am new user and i have a very bad experience already.

0 Karma

mwant
Explorer

Worked for me thanks. I upgraded from free to Enterprise and couldn't log in for some reason.

0 Karma

SteveKihiu
New Member

What exactly does the second command entail? What exactly is the next step after stopping splunk?

0 Karma

MuS
SplunkTrust
SplunkTrust

Hi manfrmuncle,

THIS IS DANGER ZONE, FOLLOW THIS ON YOUR OWN RISK!!! You will loose all users and passwords!!!

If you are really lost and Damien's answer didn't help, then here is a way to go:

stop splunk - move your passwd file - start splunk

this way you will get back default passwd file and therefore get back default password for user admin.

So if you really want to do this and restore default password for admin proceed like this:

  • $SPLUNK_HOME/bin/splunk stop
  • mv $SPLUNK_HONE/etc/passwd $SPLUNK_HOME/etc/myOldPasswd
  • $SPLUNK_HOME/bin/splunk start
  • login as admin/changeme

hope this helps and don't blame me if you lost all your users....I warned you before.

cheers, MuS

jtough1985
New Member

I can not find the option to stop Splunk under the /bin/ directory. I'm using windows 7 64x and have the free trial installed if that helps at all. Thanks

0 Karma

MuS
SplunkTrust
SplunkTrust

In the splunk/bin directory simply run splunk.exe stop ...

0 Karma

JensT
Communicator

Hi,

following MuS' suggestion is a valid workaround - if your're using username/password 😉

If you have multiple users, you can actually copy them from your old passwd file, into the new.

kind regards,

Jens

SteveKihiu
New Member

@Mus please be a bit clear on the second command.

0 Karma

MuS
SplunkTrust
SplunkTrust

@SteveKihiu, the second command simply moves the user file in Splunk which is $SPLUNK_HOME/etc/passwd to a different file $SPLUNK_HOME/etc/myOldPasswd in this case.
After the next restart of Splunk, Splunk will re-create a default $SPLUNK_HOME/etc/passwd which only contains the admin user with the default changeme password.

0 Karma

Damien_Dallimor
Ultra Champion

Have you tried the admin/whatyouchangedthechangemepasswordto dance 🙂