Security

active directory - how to map user to role ?

konradwawryn
Explorer

Hi Gurus,

I have connected Splunk server to my Active Directory server. I see LDAP groups and everything seems to be fine... but I cant login as user from selected Active Directory group. In the splunkd.log file I see this:

05-08-2013 22:18:12.304 +0200 ERROR AuthenticationManagerLDAP - user="konrad" has matching LDAP groups with strategy="AD", but none are mapped to Splunk roles
05-08-2013 22:18:12.304 +0200 ERROR UserManagerPro - LDAP Login failed, could not find a valid user="konrad" on any configured servers

In my opinion it looks like wrong role mapping. How to configure role mapping in the proper way using Splunk gui ?
In this case Splunk documentation is not perfect for me. Maybe somebody could support me and tell me what to do ?

greetings from Europe

Konrad

0 Karma

bmacias84
Champion

Your mappings seems a little off. Here is a working version of LDAP Authentication that I used for group mappings. Make sure your LDAP mapping is correct by using an LDAP browser. My home lab use Windows 2008 R2 Native DC.

I chose to use user's email address (userPrincipalName) for logins. In AD the dn attribute is actually called distinguishedName. Case sensitivity is important.


[authentication]
authType = LDAP
authSettings = splunk_standarduser
[splunk_standarduser]
host = muppets.net
port = 389
SSLEnabled = 0
bindDN = service_splunk@muppets.net
bindDNpassword = encrypted_password
groupBaseDN = OU=DomainLocalGroups,OU=Groups,DC=muppets,DC=net
groupBaseFilter = (objectclass=*)
groupMappingAttribute = distinguishedName
groupMemberAttribute = member
groupNameAttribute = cn
realNameAttribute = displayName
userBaseDN = OU=ITusers,DC=muppets,DC=net
userBaseFilter = (objectclass=*)
userNameAttribute = userPrincipalName
[roleMap_splunk_standarduser]
admin = serverTeam
user = appTeam

Hope this helps or gets you started. Don't forget to vote and accept answers.

Cheers

jtworzydlo
Path Finder

Hi Konrad!
Pozdrowienia z Polski 🙂

To map the groups to roles go to:
Manager->Access Controls->Authentication method->Configure Splunk to use LDAP and map groups->In the Actions section of your LDAP strategy you'll see "Map groups".
Select the right group and the role you want to match with it.

Hope it helps 🙂
asia

cratoshg
New Member

jtworzydlo,

That's right, great suggestion, solved my problem..

0 Karma

aliimirza
Engager

Perfect, thanks.

0 Karma

konradwawryn
Explorer

thanks for Your feedback. Unfortunately, I`m not able to paste here text... crapy "answers script... "

Here You have a link to my configuration file:

http://justpaste.it/2lec

0 Karma

bmacias84
Champion

Could you post a scrubbed version of your Authentication.conf? I struggled with the first time too.

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...