Security

Help needed with the user/password logon

damucka
Builder

Hello,

I have really urgent issue:
- We use LDAP authentication in our instance, it worked fine for quite long. Now, there were some maintenance changes on the DLs / LDAP side and since yesterday many important users in my Splunk are just gone. They are in the corresponding DLs, I synchronized the authentication details ... nothing helps.
This issue will be surely solved somehow someday, but if I do not grant back the access to my Splunk to couple of people immediately, I will loose their trust in the solution.
So, I created manually a new user Mickey Mouse and would like him to access the instance by giving the user/password.
- How do I configure it properly?
- Are there any additional parameters to change on the instance in order to make it possible?
- Both LDAP and "manual-Mickey" authentication should be possible in the same time, because strangely most of the users are there, just some are missing, and the rest of them should be able to use LDAP authentication as usual
- What link should the Mickey use to reach the user/password logon page?

Please see also the attached pictures.

Kind Regards,
Kamilalt text

Labels (2)
Tags (1)
0 Karma
1 Solution

harsmarvania57
Ultra Champion

Hi,

To workaround this issue, you can create local user with same userid as their LDAP userid so that hose users can access their Knowledge Objects and any modification in those knowledge objects or creation of new knowledge objects will be available to same user when you restore your LDAP issue.

In Splunk local user has higher precedence then LDAP, have a look at https://docs.splunk.com/Documentation/Splunk/8.0.3/Security/SetupuserauthenticationwithLDAP#Authenti...

View solution in original post

0 Karma

harsmarvania57
Ultra Champion

Hi,

To workaround this issue, you can create local user with same userid as their LDAP userid so that hose users can access their Knowledge Objects and any modification in those knowledge objects or creation of new knowledge objects will be available to same user when you restore your LDAP issue.

In Splunk local user has higher precedence then LDAP, have a look at https://docs.splunk.com/Documentation/Splunk/8.0.3/Security/SetupuserauthenticationwithLDAP#Authenti...

0 Karma

damucka
Builder

Thank you, the workaround sounds good.
However, in the meantime we noticed that the users (there was actually one user who was not able to logon, the rest are missing in the "user" overview, but are able to logon strangely), so this one user had an issue with the browser and also himself can logon.
I interpreted this as an LDAP issue, because the users are missing in the Splunk list so I thought they do not get replicated. But this is not the case. They are able to logon, but their names are not on the users list ....

I found the similar case in the Questions, but unfortunately after commenting out the mentioned parameter and restarting instance, nothing changed:
https://answers.splunk.com/answers/734939/why-are-we-unable-to-retrieve-the-list-of-all-ldap.html

Would you have any idea or should I create a support case?

Kind Regards,
Kamil

0 Karma

harsmarvania57
Ultra Champion

How many users do you have, is it more than 1000? If that is not the case then I'll suggest to go with Splunk Support.

0 Karma

damucka
Builder

We have around 160 users.
Yes, I will open a new support case.
Thank you for the idea with the workaround.

Kind Regards,
Kamil

0 Karma

harsmarvania57
Ultra Champion

Welcome 🙂

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...