Security

Fresh install - cannot login

clempat
New Member

Hi,

I really don't get it. I just install (for the first time) Splunk (Splunk 5.0.4 build 172409) on my debian server. I try to login with username: admin and password: changeme. I always get : Invalid username or password.

if somebody know why ?

Clement

0 Karma
1 Solution

nmistry_splunk
Splunk Employee
Splunk Employee

Should not happen. Can you try deleting $SPLUNK_HOME/etc/passwd and restarting Splunk?

View solution in original post

mjb3677
Explorer

another test, reset /data/opt/splunk/etc/system/default/web.conf back to default of

mgmtHostPort = 127.0.0.1:8089 and I get in, but error out because it's bound to the wrong IP. So is there another file that needs editing to accomodate the web.conf file change?

so saw on the admin docs ( http://docs.splunk.com/Documentation/Splunk/latest/Admin/BindSplunktoanIP ) to also change

To bind the Splunk Web process (splunkweb) to a specific IP, use the server.socket_host setting in web.conf.

did that , restarted, still no login. stumped

mjb3677
Explorer

to follow up, I am starting splunk on an external nic, and have to bind the splunkd to it, so following the admin docs, I edit:

sudo vi /opt/splunk/etc/splunk-launch.conf
and add SPLUNK_BINDIP=67.xx.xx.xx

then add that same IP to:

sudo vi /data/opt/splunk/etc/system/default/web.conf

mgmtHostPort = 67.xx.xx.xx:8089

these are the only changes I made, tried to remove /opt/splunk/etc/passwd and restart, no luck.

will add more here if need be, ty for any responses.

...btw, all perms set according to the admin doc

sudo chown -R splunk:splunk $SPLUNK_HOME

0 Karma

nmistry_splunk
Splunk Employee
Splunk Employee

Should not happen. Can you try deleting $SPLUNK_HOME/etc/passwd and restarting Splunk?

mjb3677
Explorer

had same problem, assumed that it was due to creating the passwd file on initial launch. Removed it, and still cannot get past login screen.

tail -n5 /opt/splunk/var/log/splunk/web_service.log
2014-10-11 17:45:24,422 INFO [5439b30328d68350] root:138 - ENGINE: Bus STARTED
2014-10-11 17:45:27,862 INFO [5439b307da23649d0] root:138 - ENGINE: Started monitor thread 'Monitor'.
2014-10-11 17:45:27,973 INFO [5439b307f82364e10] decorators:332 - require_login - no splunkd sessionKey variable set; cherrypy_session=ae768a79dc5ec4304259c0818b6bfbffc6ddc667 request_path=/en-US/
2014-10-11 17:45:27,973 INFO [5439b307f82364e10] decorators:353 - require_login - redirecting to login
2014-10-11 17:45:36,766 ERROR [5439b310be236fd90] account:242 - user=admin action=login status=failure reason=user-initiated useragent="Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36" clientip=xx.xx.xx.xx ERROR=Client is not authenticated

Please advise, ty.

0 Karma

clempat
New Member

I was asking myself how it cans work I had a clean install. But it works 🙂 thanks

0 Karma
Get Updates on the Splunk Community!

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...

Edge Processor Scaling, Energy & Manufacturing Use Cases, and More New Articles on ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Get More Out of Your Security Practice With a SIEM

Get More Out of Your Security Practice With a SIEMWednesday, July 31, 2024  |  11AM PT / 2PM ETREGISTER ...