Security

Fresh install - cannot login

clempat
New Member

Hi,

I really don't get it. I just install (for the first time) Splunk (Splunk 5.0.4 build 172409) on my debian server. I try to login with username: admin and password: changeme. I always get : Invalid username or password.

if somebody know why ?

Clement

0 Karma
1 Solution

nmistry_splunk
Splunk Employee
Splunk Employee

Should not happen. Can you try deleting $SPLUNK_HOME/etc/passwd and restarting Splunk?

View solution in original post

mjb3677
Explorer

another test, reset /data/opt/splunk/etc/system/default/web.conf back to default of

mgmtHostPort = 127.0.0.1:8089 and I get in, but error out because it's bound to the wrong IP. So is there another file that needs editing to accomodate the web.conf file change?

so saw on the admin docs ( http://docs.splunk.com/Documentation/Splunk/latest/Admin/BindSplunktoanIP ) to also change

To bind the Splunk Web process (splunkweb) to a specific IP, use the server.socket_host setting in web.conf.

did that , restarted, still no login. stumped

mjb3677
Explorer

to follow up, I am starting splunk on an external nic, and have to bind the splunkd to it, so following the admin docs, I edit:

sudo vi /opt/splunk/etc/splunk-launch.conf
and add SPLUNK_BINDIP=67.xx.xx.xx

then add that same IP to:

sudo vi /data/opt/splunk/etc/system/default/web.conf

mgmtHostPort = 67.xx.xx.xx:8089

these are the only changes I made, tried to remove /opt/splunk/etc/passwd and restart, no luck.

will add more here if need be, ty for any responses.

...btw, all perms set according to the admin doc

sudo chown -R splunk:splunk $SPLUNK_HOME

0 Karma

nmistry_splunk
Splunk Employee
Splunk Employee

Should not happen. Can you try deleting $SPLUNK_HOME/etc/passwd and restarting Splunk?

mjb3677
Explorer

had same problem, assumed that it was due to creating the passwd file on initial launch. Removed it, and still cannot get past login screen.

tail -n5 /opt/splunk/var/log/splunk/web_service.log
2014-10-11 17:45:24,422 INFO [5439b30328d68350] root:138 - ENGINE: Bus STARTED
2014-10-11 17:45:27,862 INFO [5439b307da23649d0] root:138 - ENGINE: Started monitor thread 'Monitor'.
2014-10-11 17:45:27,973 INFO [5439b307f82364e10] decorators:332 - require_login - no splunkd sessionKey variable set; cherrypy_session=ae768a79dc5ec4304259c0818b6bfbffc6ddc667 request_path=/en-US/
2014-10-11 17:45:27,973 INFO [5439b307f82364e10] decorators:353 - require_login - redirecting to login
2014-10-11 17:45:36,766 ERROR [5439b310be236fd90] account:242 - user=admin action=login status=failure reason=user-initiated useragent="Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36" clientip=xx.xx.xx.xx ERROR=Client is not authenticated

Please advise, ty.

0 Karma

clempat
New Member

I was asking myself how it cans work I had a clean install. But it works 🙂 thanks

0 Karma
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...