Splunk Enterprise

After upgrading to 7.1.2, why are users unable to change their passwords?

moorvogi
Path Finder

We upgraded from 7.0.2 to 7.1.2 and now users are unable to change passwords.

splunkd.log =  ERROR AdminHandler:AuthenticaionHandler - Missing old password

The form the user fills out to change the password doesn't present a field for "old password". Then the user submits the form and Splunk gives the error saying the old password is missing.

Is this a known bug? How do we fix it to allow users to change their own passwords like they were able to prior to update?

More info:
the page's source code shows "oldpassword" in the source around line 722 as part of an optional field but isn't defined anywhere else to obtain a value even as a hidden value.

Tags (2)
0 Karma
1 Solution

moorvogi
Path Finder

Co-workers found the issue. Pasting here to share w/ others.

When we upgraded from 7.0.2 to 7.1.2 certain files weren't copied over correctly, specifically "authentication_change_user.password.xml", "authentication_roles.xml", "authentication_users.xml", "server_settings.xml", "data_ui_times.xml", "clustering_push.xml", and "password_management.xml" was missing.

There are 135 files in the path SPLUNK_HOME/etc/apps/search/default/data/ui/manager directory. I've taken the time and compared all the hashes on production to a fresh extracted Splunk instanced. I've updated the production path and this seems to resolve our issue. I'm still testing it, but at the moment I have it working as it should be.

View solution in original post

moorvogi
Path Finder

Co-workers found the issue. Pasting here to share w/ others.

When we upgraded from 7.0.2 to 7.1.2 certain files weren't copied over correctly, specifically "authentication_change_user.password.xml", "authentication_roles.xml", "authentication_users.xml", "server_settings.xml", "data_ui_times.xml", "clustering_push.xml", and "password_management.xml" was missing.

There are 135 files in the path SPLUNK_HOME/etc/apps/search/default/data/ui/manager directory. I've taken the time and compared all the hashes on production to a fresh extracted Splunk instanced. I've updated the production path and this seems to resolve our issue. I'm still testing it, but at the moment I have it working as it should be.

moorvogi
Path Finder

this also fixed the navigation/page issue. We were seeing a list of users instead of the single user. This also got resolved when these files were no longer missing.

0 Karma

moorvogi
Path Finder

Another anomaly is that when you click on the username then go to account settings. It takes you to a list of users that you then search. Very similar to the settings->access controls -> users. HOWEVER the pages are different. One is listed as

USERNAMEHERE
Access controls >> Users >> USERNAMEHERE

the other is
USERNAMEHERE
Users >> USERNAMEHERE

replace w/ an actual user, it's typed that way as a placeholder.

AccessControls->Users has the following row headers -> username, authentication system, full name, email address, time zone, default app, default app inherited from, roles, actions.

Account Settings has the following row headers -> username, fullname, email address, time zone, default app, restart background jobs.

This is for admins as well as non admins. Once selecting a user from the list, neither form presents an option/field for OLDPASSWORD.

0 Karma

renjith_nair
Legend

@moorvogi,
Just tried with 7.1.2 and able to change the password from "Account Settings". What are the options you are getting once selected the "Account Settings" option for the user? Also was there a restart of the web after the upgrade

---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma

moorvogi
Path Finder

i'm able to logon as admin and change the pword for other users, but still not for themselves.

fields for either admin changing other user or user changing self are:
f name
email

pword
pword (2)

timezone
default app
on restart (checkbox)

search options...

0 Karma

renjith_nair
Legend

That's strange. From which version you upgraded ?/

I have got these for a user with role "user" not admin
Full name

Email address

Old password

Set password

Confirm password
---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma

moorvogi
Path Finder

Upgrade from 7.0.2 -> 7.1.2.

To further complicate the problem, if i change the user from the USER group to the ADMIN group, they still can't change their own passwords as it results in the same error. (after logoff and on).

yes; servers were rebooted and new UI is in place.

0 Karma

harsmarvania57
Ultra Champion

Have you tried to clear your browser cache or tried in Incognito Mode ?

0 Karma

moorvogi
Path Finder

Yep, even tried other browsers. FF, Chrome, IE. Same results.

0 Karma
Get Updates on the Splunk Community!

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

Register Join this Tech Talk to learn how unique features like Service Centric Views, Tag Spotlight, and ...