Splunk Enterprise
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Authentication Issue

kchongMITRE
Observer
‎06-19-2020 09:17 AM

All,

I am having some authentication issue.  If I run Splunk command in the Command Prompt, I was able to logon as admin.  However, when I tried to logon as admin through the web UI, it failed to authenticate.  Also, I am not able to logon using my AD account neither.   I tried resetting admin password and new password worked in Command Prompt, but not Web UI.

When I looked at the splunkd.log file, I noticed that it has always tried to forward the username (even admin) to LDAP server and then failed saying invalid username.  I haven't changed LDAP settings or AD group name or reset the AD account used to bind LDAP (the account is not locked).  

Any idea how to fix this issue?

 

Labels (1)
Labels
Tags (2)
0 Karma
Reply

alonsocaio
Contributor
‎06-19-2020 11:52 AM

Hi,

Have you tried to force the use of Splunk's local authentication? You can do that using the "?loginType=splunk" after the "/login". Example: https://SPLUNK:8000/en-US/account/login?loginType=splunk

Maybe using this endpoint you will be able to login with your admin user.

Reply

kchongMITRE
Observer
‎06-22-2020 05:55 AM

I tried to force using local admin but it will just clear the username and password fields and nothing happened.  If I enter the wrong password, then it said "invalid password".  Any other clues?  Could changing the NTFS permission on the Splunk caused this issue?

0 Karma
Reply

kchongMITRE
Observer
‎06-22-2020 05:55 AM

Sorry, I meant Splunk folder.  There is a STIG setting that locks down the permission for Splunk folder.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

Data Management Digest – May 2026

Welcome to the May 2026 edition of Data Management Digest!   As your trusted partner in data innovation, the ...