Splunk Enterprise

Authentication Issue



I am having some authentication issue.  If I run Splunk command in the Command Prompt, I was able to logon as admin.  However, when I tried to logon as admin through the web UI, it failed to authenticate.  Also, I am not able to logon using my AD account neither.   I tried resetting admin password and new password worked in Command Prompt, but not Web UI.

When I looked at the splunkd.log file, I noticed that it has always tried to forward the username (even admin) to LDAP server and then failed saying invalid username.  I haven't changed LDAP settings or AD group name or reset the AD account used to bind LDAP (the account is not locked).  

Any idea how to fix this issue?


Labels (1)
Tags (2)
0 Karma



Have you tried to force the use of Splunk's local authentication? You can do that using the "?loginType=splunk" after the "/login". Example: https://SPLUNK:8000/en-US/account/login?loginType=splunk

Maybe using this endpoint you will be able to login with your admin user.


I tried to force using local admin but it will just clear the username and password fields and nothing happened.  If I enter the wrong password, then it said "invalid password".  Any other clues?  Could changing the NTFS permission on the Splunk caused this issue?

0 Karma


Sorry, I meant Splunk folder.  There is a STIG setting that locks down the permission for Splunk folder.

0 Karma
Get Updates on the Splunk Community!

.conf23 Registration is Now Open!

Time to toss the .conf-etti 🎉 —  .conf23 registration is open!   Join us in Las Vegas July 17-20 for ...

Don't wait! Accept the Mission Possible: Splunk Adoption Challenge Now and Win ...

Attention everyone! We have exciting news to share! We are recruiting new members for the Mission Possible: ...

Unify Your SecOps with Splunk Mission Control

In today’s post, I'm excited to share some recent Splunk Mission Control innovations. With Splunk Mission ...