Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Scripted SSO auth errors on indexer cluster

krisreeves
Path Finder
‎05-17-2018 07:51 PM

We have a clustered setup with server types including an indexer cluster, a search head cluster, and a separate cluster master.

We've implemented SSO with an auth script, but still receive messages from our indexers in splunkd.log to the effect of: ERROR AuthenticationManagerScripted - Script function getUserInfo failed for user: nobody. How can I get rid of this? Is this an indication of failed functionality when searches are executed by the (internal) nobody user?

We also see these for bot users, which are local Splunk accounts in the search head cluster. Do I need to ensure these users exist on the indexer cluster as well?

0 Karma
Reply

p_gurav
Champion
‎05-17-2018 08:58 PM

Can you test this script:
http://docs.splunk.com/Documentation/Splunk/7.0.3/Security/Createtheauthenticationscript#Test_the_sc...

0 Karma
Reply

krisreeves
Path Finder
‎05-18-2018 08:11 AM

The script works fine, but fails for the user "nobody", since that is not a SSO user. It's a special Splunk user / the lack of a user. The docs state that the search heads send the authorization information to the peers at search time, so I'm not expecting this script to be run on search peers at all.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

Data Management Digest – May 2026

Welcome to the May 2026 edition of Data Management Digest!   As your trusted partner in data innovation, the ...