Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Unable to login to AD Authenticated Web Interface

dalgibbard
Engager
‎09-24-2010 05:59 PM

Hello Ladies and Chaps,
I'm having some issues connecting to the web interface for our Splunk search head.
Now i'm pretty certain it's worked previously, and my user has the same Group details and Permissions as the rest of my team (who manage the splunk systems) - and yet, it refuses my login, saying "Invalid username or password."

Now- I've logged on and checked the logs, and each time I attempt to login, the splunkd.log file gets an entry of:

ERROR AuthenticationManagerLDAP - User is not unique. Filter used: (&(samaccountname=firstname.lastname)(objectclass=User))

[ Only, with my actual firstname and lastname 🙂 ]

I can't seem to find any useful information on this error- does anyone have any ideas?

Reply

southeringtonp
Motivator
‎09-24-2010 07:21 PM

You have more than one object that matches that filter, and Splunk is getting confused when it sees multiple entries returned by LDAP. It doesn't know how to tell which of those entries is actually you.

Usually that happens with computer accounts, since both users and computers have objectclass=user in Active Directory.

Try changing User Base Filter in the manager to:

(&(objectclass=user)(!(objectclass=computer)))

or:

(objectcategory=CN=Person,CN=Schema,CN=Configuration,DC=yourdomain,DC=yourtld)

If those don't solve the problem, you may want to try using ldapsearch at the command line to see if you get more than one result, or just look through AD for multiple entries with the same sAMAccountName (i.e., NetBIOS name).

Reply
Get Updates on the Splunk Community!

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...