Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Will I be able to install and run the Splunk App for Enterprise Security on Linux with an LDAP service account?

brent_weaver
Builder
‎08-07-2015 10:40 AM

We are installing Splunk on CentOS Linux in the next week or so. Our service accounts are going to be on an LDAP server. Will I be able to install and run the Splunk App for Enterprise Security with an LDAP service account?

0 Karma
Reply

tskinnerivsec
Contributor
‎08-10-2015 08:09 AM

Since you are referring to an operating system level account and not one within the Splunk application, you will need to use a samba-client component on your Linux server such as winbind. You will install those components and configure it to participate in Active Directory. This will allow you to create an Active Directory synced account on your operating system. Then you can use that account and follow the Splunk installation procedure for installing with a no privileged account.

Reply

tskinnerivsec
Contributor
‎08-07-2015 04:08 PM

yes you will. You will be able to use a combination of two splunk configuration files, authentication.conf and authorization.conf to configure ldap authentication for Splunk and create/map splunk roles to security groups in Active Directory. Here are two good references covering the ways Splunk can integrate with Active Directory/LDAP, all at the application level, so it won't matter what operating system you are running it on.

http://blogs.splunk.com/2009/08/13/ldap-auth-configuration-tips/

http://docs.splunk.com/Documentation/ActiveDirectory/1.2.2/DeployAD/ConfiguretheSA-ldapsearchsupport...

0 Karma
Reply

brent_weaver
Builder
‎08-10-2015 05:38 AM

Hey thank you for your response. I am asking bout the service account at a linux level to install splunk with. So when I install splunk on linux I am not going to use the linux root account, i want to use a splunk account that is on an ldap server. Is this possible and/or even possible?

0 Karma
Reply
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey


Introducing Unified TDIR with the New Enterprise Security 8.2

Read the blog
Get Updates on the Splunk Community!

SOC4Kafka - New Kafka Connector Powered by OpenTelemetry

The new SOC4Kafka connector, built on OpenTelemetry, enables the collection of Kafka messages and forwards ...

Your Voice Matters! Help Us Shape the New Splunk Lantern Experience

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Building Momentum: Splunk Developer Program at .conf25

At Splunk, developers are at the heart of innovation. That’s why this year at .conf25, we officially launched ...