Splunk Enterprise

Authentication Issue

kchongMITRE
Observer

All,

I am having some authentication issue.  If I run Splunk command in the Command Prompt, I was able to logon as admin.  However, when I tried to logon as admin through the web UI, it failed to authenticate.  Also, I am not able to logon using my AD account neither.   I tried resetting admin password and new password worked in Command Prompt, but not Web UI.

When I looked at the splunkd.log file, I noticed that it has always tried to forward the username (even admin) to LDAP server and then failed saying invalid username.  I haven't changed LDAP settings or AD group name or reset the AD account used to bind LDAP (the account is not locked).  

Any idea how to fix this issue?

 

Labels (1)
Tags (2)
0 Karma

alonsocaio
Contributor

Hi,

Have you tried to force the use of Splunk's local authentication? You can do that using the "?loginType=splunk" after the "/login". Example: https://SPLUNK:8000/en-US/account/login?loginType=splunk

Maybe using this endpoint you will be able to login with your admin user.

kchongMITRE
Observer

I tried to force using local admin but it will just clear the username and password fields and nothing happened.  If I enter the wrong password, then it said "invalid password".  Any other clues?  Could changing the NTFS permission on the Splunk caused this issue?

0 Karma

kchongMITRE
Observer

Sorry, I meant Splunk folder.  There is a STIG setting that locks down the permission for Splunk folder.

0 Karma
Get Updates on the Splunk Community!

.conf23 Registration is Now Open!

Time to toss the .conf-etti 🎉 —  .conf23 registration is open!   Join us in Las Vegas July 17-20 for ...

Don't wait! Accept the Mission Possible: Splunk Adoption Challenge Now and Win ...

Attention everyone! We have exciting news to share! We are recruiting new members for the Mission Possible: ...

Unify Your SecOps with Splunk Mission Control

In today’s post, I'm excited to share some recent Splunk Mission Control innovations. With Splunk Mission ...