Solved: Fresh install - cannot login

clempat · ‎09-03-2013

Hi,

I really don't get it. I just install (for the first time) Splunk (Splunk 5.0.4 build 172409) on my debian server. I try to login with username: admin and password: changeme. I always get : Invalid username or password.

if somebody know why ?

Clement

nmistry_splunk · ‎09-03-2013

Should not happen. Can you try deleting $SPLUNK_HOME/etc/passwd and restarting Splunk?

View solution in original post

mjb3677 · ‎10-11-2014

another test, reset /data/opt/splunk/etc/system/default/web.conf back to default of

mgmtHostPort = 127.0.0.1:8089 and I get in, but error out because it's bound to the wrong IP. So is there another file that needs editing to accomodate the web.conf file change?

so saw on the admin docs ( http://docs.splunk.com/Documentation/Splunk/latest/Admin/BindSplunktoanIP ) to also change

To bind the Splunk Web process (splunkweb) to a specific IP, use the server.socket_host setting in web.conf.

did that , restarted, still no login. stumped

mjb3677 · ‎10-11-2014

to follow up, I am starting splunk on an external nic, and have to bind the splunkd to it, so following the admin docs, I edit:

sudo vi /opt/splunk/etc/splunk-launch.conf
and add SPLUNK_BINDIP=67.xx.xx.xx

then add that same IP to:

sudo vi /data/opt/splunk/etc/system/default/web.conf

mgmtHostPort = 67.xx.xx.xx:8089

these are the only changes I made, tried to remove /opt/splunk/etc/passwd and restart, no luck.

will add more here if need be, ty for any responses.

...btw, all perms set according to the admin doc

sudo chown -R splunk:splunk $SPLUNK_HOME

nmistry_splunk · ‎09-03-2013

Should not happen. Can you try deleting $SPLUNK_HOME/etc/passwd and restarting Splunk?

mjb3677 · ‎10-11-2014

had same problem, assumed that it was due to creating the passwd file on initial launch. Removed it, and still cannot get past login screen.

tail -n5 /opt/splunk/var/log/splunk/web_service.log
2014-10-11 17:45:24,422 INFO [5439b30328d68350] root:138 - ENGINE: Bus STARTED
2014-10-11 17:45:27,862 INFO [5439b307da23649d0] root:138 - ENGINE: Started monitor thread 'Monitor'.
2014-10-11 17:45:27,973 INFO [5439b307f82364e10] decorators:332 - require_login - no splunkd sessionKey variable set; cherrypy_session=ae768a79dc5ec4304259c0818b6bfbffc6ddc667 request_path=/en-US/
2014-10-11 17:45:27,973 INFO [5439b307f82364e10] decorators:353 - require_login - redirecting to login
2014-10-11 17:45:36,766 ERROR [5439b310be236fd90] account:242 - user=admin action=login status=failure reason=user-initiated useragent="Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36" clientip=xx.xx.xx.xx ERROR=Client is not authenticated

Please advise, ty.

clempat · ‎09-03-2013

I was asking myself how it cans work I had a clean install. But it works 🙂 thanks

Fresh install - cannot login

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation