Splunk Enterprise Security
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Will I be able to install and run the Splunk App for Enterprise Security on Linux with an LDAP service account?

brent_weaver
Builder
‎08-07-2015 10:40 AM

We are installing Splunk on CentOS Linux in the next week or so. Our service accounts are going to be on an LDAP server. Will I be able to install and run the Splunk App for Enterprise Security with an LDAP service account?

0 Karma
Reply

tskinnerivsec
Contributor
‎08-10-2015 08:09 AM

Since you are referring to an operating system level account and not one within the Splunk application, you will need to use a samba-client component on your Linux server such as winbind. You will install those components and configure it to participate in Active Directory. This will allow you to create an Active Directory synced account on your operating system. Then you can use that account and follow the Splunk installation procedure for installing with a no privileged account.

Reply

tskinnerivsec
Contributor
‎08-07-2015 04:08 PM

yes you will. You will be able to use a combination of two splunk configuration files, authentication.conf and authorization.conf to configure ldap authentication for Splunk and create/map splunk roles to security groups in Active Directory. Here are two good references covering the ways Splunk can integrate with Active Directory/LDAP, all at the application level, so it won't matter what operating system you are running it on.

http://blogs.splunk.com/2009/08/13/ldap-auth-configuration-tips/

http://docs.splunk.com/Documentation/ActiveDirectory/1.2.2/DeployAD/ConfiguretheSA-ldapsearchsupport...

0 Karma
Reply

brent_weaver
Builder
‎08-10-2015 05:38 AM

Hey thank you for your response. I am asking bout the service account at a linux level to install splunk with. So when I install splunk on linux I am not going to use the linux root account, i want to use a splunk account that is on an ldap server. Is this possible and/or even possible?

0 Karma
Reply
Get Updates on the Splunk Community!

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...

New Splunk Innovations Enhance Performance and Accelerate Troubleshooting

Splunk is excited to announce new releases that empower ITOps and engineering teams to stay ahead in ever ...
Top