Hi,
We have updated the password for the service account which we use for LDAP authentication. I have updated the new bindDnpassword in authentication file but when I restarted the splunk service the old password has been restored. After I spent some time I have understood that the splunk.secrete file restoring the old password.
I have followed the below steps and still the issue not fixed
1) Ran powershell command
Get-ChildItem -Recurse *.conf | Select-String -Pattern '\$1\$.' -List
etc\apps\Splunk_TA_windows\default\transforms.conf:807:FORMAT = abc
etc\system\local\authentication.conf:10:bindDNpassword = xyz
etc\system\local\server.conf:2:sslKeysfilePassword = 123
1) Updated the binddnpassword in authentication
bindDNpassword = xyzi bindDNpassword = newpassword
2) Restarted the splunk service - this time the old value not been restored in authentication file. I can see the value for binddnpassword has been encrypted in authentication file
Still the users unable to access splunk.
were you using search query in splunk?
or
were you connecting splunk using the service account?