- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Authentication Issue
All,
I am having some authentication issue. If I run Splunk command in the Command Prompt, I was able to logon as admin. However, when I tried to logon as admin through the web UI, it failed to authenticate. Also, I am not able to logon using my AD account neither. I tried resetting admin password and new password worked in Command Prompt, but not Web UI.
When I looked at the splunkd.log file, I noticed that it has always tried to forward the username (even admin) to LDAP server and then failed saying invalid username. I haven't changed LDAP settings or AD group name or reset the AD account used to bind LDAP (the account is not locked).
Any idea how to fix this issue?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Have you tried to force the use of Splunk's local authentication? You can do that using the "?loginType=splunk" after the "/login". Example: https://SPLUNK:8000/en-US/account/login?loginType=splunk
Maybe using this endpoint you will be able to login with your admin user.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I tried to force using local admin but it will just clear the username and password fields and nothing happened. If I enter the wrong password, then it said "invalid password". Any other clues? Could changing the NTFS permission on the Splunk caused this issue?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sorry, I meant Splunk folder. There is a STIG setting that locks down the permission for Splunk folder.
