Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Failsafe user working?

hcpr
Path Finder
‎06-29-2010 02:13 PM

Hi folks.

I have a Splunk setup to authenticate by LDAP, and this works reasonably well. Sometimes auth stops working for no apparent reason, and that's when this question becomes interesting.

I can't get the "failsafe" user in LDAP conf to work. Dos this function as intended for anyone? If so, how do i make it work? Currently any attempt to log on as the user listed as failsafe user in the LDAP config just returns the normal authentication failed message.

Any suggestions?

Tags (2)
Reply

the_wolverine
Champion
‎06-29-2010 05:41 PM

If you recently migrated to version 4.1.x, your failsafe user (as configured in authentication.conf) is disabled. The new failsafe user is "admin" and is accessible from the UI:

Manager >> Access Controls >> Users

The default password is "changeme" and can be changed from the UI as well.

Reply

Simeon
Splunk Employee
Splunk Employee
‎06-29-2010 05:31 PM

Please detail the version of Splunk you are using, as 4.0 differs from 4.1.

0 Karma
Reply

Simeon
Splunk Employee
Splunk Employee
‎06-29-2010 05:31 PM

You should check the splunkd.log for why the LDAP authentication fails. If all of the LDAP auth fails, then there is likely a problem with your connectivity to the system. You should ensure that you are not using an alias for the LDAP host and that your LDAP server is not returning referrals.

Additionally, if you manually copied the authentication configuration from another machine then you will need to re-enter the passwords so they are encrypted with the correct key.

Another possible condition is that your failsafe username exists in your LDAP system, thus causing a conflict. You should make sure the failsafe username is unique.

Reply

treinke
Builder
‎06-29-2010 05:09 PM

Which version of Splunk are you using? I am currently on 4.1.2 and you can have both local and ldap users in the Splunk system.

There are no answer without questions
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Painting a Clearer Picture: Creating Cross-Domain Visibility with AI Canvas

    Thursday, June 25, 2026  |  11AM PDT / 2PM EDT  Duration: 1 Hour (Includes live Q&A) Register to ...

Analytics Workspace deprecation

As of Splunk Cloud Platform 10.4.2604 and Splunk Enterprise 10.4, Analytics Workspace is now deprecated. ...

Splunk Developer Day Recap: Building, Publishing, and Growing on the Splunk Platform

Splunk Developer Day brought the Splunk developer community together for a practical look at what it means to ...