Security

Fresh install - cannot login

clempat
New Member

Hi,

I really don't get it. I just install (for the first time) Splunk (Splunk 5.0.4 build 172409) on my debian server. I try to login with username: admin and password: changeme. I always get : Invalid username or password.

if somebody know why ?

Clement

0 Karma
1 Solution

nmistry_splunk
Splunk Employee
Splunk Employee

Should not happen. Can you try deleting $SPLUNK_HOME/etc/passwd and restarting Splunk?

View solution in original post

mjb3677
Explorer

another test, reset /data/opt/splunk/etc/system/default/web.conf back to default of

mgmtHostPort = 127.0.0.1:8089 and I get in, but error out because it's bound to the wrong IP. So is there another file that needs editing to accomodate the web.conf file change?

so saw on the admin docs ( http://docs.splunk.com/Documentation/Splunk/latest/Admin/BindSplunktoanIP ) to also change

To bind the Splunk Web process (splunkweb) to a specific IP, use the server.socket_host setting in web.conf.

did that , restarted, still no login. stumped

mjb3677
Explorer

to follow up, I am starting splunk on an external nic, and have to bind the splunkd to it, so following the admin docs, I edit:

sudo vi /opt/splunk/etc/splunk-launch.conf
and add SPLUNK_BINDIP=67.xx.xx.xx

then add that same IP to:

sudo vi /data/opt/splunk/etc/system/default/web.conf

mgmtHostPort = 67.xx.xx.xx:8089

these are the only changes I made, tried to remove /opt/splunk/etc/passwd and restart, no luck.

will add more here if need be, ty for any responses.

...btw, all perms set according to the admin doc

sudo chown -R splunk:splunk $SPLUNK_HOME

0 Karma

nmistry_splunk
Splunk Employee
Splunk Employee

Should not happen. Can you try deleting $SPLUNK_HOME/etc/passwd and restarting Splunk?

mjb3677
Explorer

had same problem, assumed that it was due to creating the passwd file on initial launch. Removed it, and still cannot get past login screen.

tail -n5 /opt/splunk/var/log/splunk/web_service.log
2014-10-11 17:45:24,422 INFO [5439b30328d68350] root:138 - ENGINE: Bus STARTED
2014-10-11 17:45:27,862 INFO [5439b307da23649d0] root:138 - ENGINE: Started monitor thread 'Monitor'.
2014-10-11 17:45:27,973 INFO [5439b307f82364e10] decorators:332 - require_login - no splunkd sessionKey variable set; cherrypy_session=ae768a79dc5ec4304259c0818b6bfbffc6ddc667 request_path=/en-US/
2014-10-11 17:45:27,973 INFO [5439b307f82364e10] decorators:353 - require_login - redirecting to login
2014-10-11 17:45:36,766 ERROR [5439b310be236fd90] account:242 - user=admin action=login status=failure reason=user-initiated useragent="Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36" clientip=xx.xx.xx.xx ERROR=Client is not authenticated

Please advise, ty.

0 Karma

clempat
New Member

I was asking myself how it cans work I had a clean install. But it works 🙂 thanks

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...