Re: Scripted SSO auth errors on indexer cluster

krisreeves · ‎05-17-2018

We have a clustered setup with server types including an indexer cluster, a search head cluster, and a separate cluster master.

We've implemented SSO with an auth script, but still receive messages from our indexers in splunkd.log to the effect of: ERROR AuthenticationManagerScripted - Script function getUserInfo failed for user: nobody. How can I get rid of this? Is this an indication of failed functionality when searches are executed by the (internal) nobody user?

We also see these for bot users, which are local Splunk accounts in the search head cluster. Do I need to ensure these users exist on the indexer cluster as well?

p_gurav · ‎05-17-2018

Can you test this script:
http://docs.splunk.com/Documentation/Splunk/7.0.3/Security/Createtheauthenticationscript#Test_the_sc...

krisreeves · ‎05-18-2018

The script works fine, but fails for the user "nobody", since that is not a SSO user. It's a special Splunk user / the lack of a user. The docs state that the search heads send the authorization information to the peers at search time, so I'm not expecting this script to be run on search peers at all.

Scripted SSO auth errors on indexer cluster

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Splunk Community Badges!

How to find the worst searches in your Splunk environment and how to fix them

Share Your Feedback: On Admin Config Service (ACS)!

Join the Conversation