Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

New Install - Default Credentials Invalid

m314219
Explorer
‎04-08-2017 12:32 PM

I installed Splunk Enterprise 6.5.3 on a new WS2012R2 Core VM. I completed the install, changed the services to use a gMSA account and setup relevant groups and GPO settings. I set the services to logon with the gMSA account and started Splunkd and opened http://splunk:8000.

After getting to the webpage, I attempted to login with 'admin' and 'changeme'. The login attempt failed and I tried it a few more times, to make sure it wasn't me. After that I tried IE, thinking that there could be an issue with Firefox, but the login failed there as well. I did some searching on the Internet and noted mentions of the /etc/passwd file within $splunk_home. I went to the /etc folder on my system and found that it does not have the passwd file.

Any ideas as to what the issue is? Is there a way I can change the password though the CLI? I ran splunk edit user admin -password changeme -role admin -auth admin:password and the command is sitting there without completing or erroring out.

0 Karma
Reply

woodcock
Esteemed Legend
‎04-09-2017 12:02 PM

To reset the admin password you will need to have access to the file system. Rename/move the $SPLUNK_HOME/etc/passwd and restart splunk and the passwd file will be recreated with one login as admin and PW changeme.

0 Karma
Reply

m314219
Explorer
‎06-03-2017 07:43 AM

The passwd file did not exist. I'm thinking something went wrong with the install, as a new install worked fine.

Reply

pradeepkumarg
Influencer
‎04-08-2017 10:25 PM

Did you manually check the splunkd.log for any clues ?

0 Karma
Reply

cfonmedig
New Member
‎04-26-2018 06:54 AM

I just installed and instance of Splunk on Windows and the default ID and PSSWD says invalid even after I rename the passwd file and restart splunk. When i start splunk it is showing the user id and password that i used to download the software.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

AI is changing how teams investigate incidents, detect threats, automate workflows, and build intelligent ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...