Authentication Issue

kchongMITRE · ‎06-19-2020

All,

I am having some authentication issue. If I run Splunk command in the Command Prompt, I was able to logon as admin. However, when I tried to logon as admin through the web UI, it failed to authenticate. Also, I am not able to logon using my AD account neither. I tried resetting admin password and new password worked in Command Prompt, but not Web UI.

When I looked at the splunkd.log file, I noticed that it has always tried to forward the username (even admin) to LDAP server and then failed saying invalid username. I haven't changed LDAP settings or AD group name or reset the AD account used to bind LDAP (the account is not locked).

Any idea how to fix this issue?

alonsocaio · ‎06-19-2020

Hi,

Have you tried to force the use of Splunk's local authentication? You can do that using the "?loginType=splunk" after the "/login". Example: https://SPLUNK:8000/en-US/account/login?loginType=splunk

Maybe using this endpoint you will be able to login with your admin user.

kchongMITRE · ‎06-22-2020

I tried to force using local admin but it will just clear the username and password fields and nothing happened. If I enter the wrong password, then it said "invalid password". Any other clues? Could changing the NTFS permission on the Splunk caused this issue?

kchongMITRE · ‎06-22-2020

Sorry, I meant Splunk folder. There is a STIG setting that locks down the permission for Splunk folder.

Authentication Issue

troubleshooting

Developer Spotlight with Paul Stout

Preparing your Splunk Environment for OpenSSL3

Deprecation of Splunk Observability Kubernetes “Classic Navigator” UI starting ...