Security

Unable to login to AD Authenticated Web Interface

Engager

Hello Ladies and Chaps,
I'm having some issues connecting to the web interface for our Splunk search head.
Now i'm pretty certain it's worked previously, and my user has the same Group details and Permissions as the rest of my team (who manage the splunk systems) - and yet, it refuses my login, saying "Invalid username or password."

Now- I've logged on and checked the logs, and each time I attempt to login, the splunkd.log file gets an entry of:

ERROR AuthenticationManagerLDAP - User is not unique. Filter used: (&(samaccountname=firstname.lastname)(objectclass=User))

[ Only, with my actual firstname and lastname 🙂 ]

I can't seem to find any useful information on this error- does anyone have any ideas?

Motivator

You have more than one object that matches that filter, and Splunk is getting confused when it sees multiple entries returned by LDAP. It doesn't know how to tell which of those entries is actually you.

Usually that happens with computer accounts, since both users and computers have objectclass=user in Active Directory.

Try changing User Base Filter in the manager to:

(&(objectclass=user)(!(objectclass=computer)))

or:

(objectcategory=CN=Person,CN=Schema,CN=Configuration,DC=yourdomain,DC=yourtld)

If those don't solve the problem, you may want to try using ldapsearch at the command line to see if you get more than one result, or just look through AD for multiple entries with the same sAMAccountName (i.e., NetBIOS name).