Splunk Enterprise

Why does Splunk not allow me to create users after upgrade?

mariorodriguez
Engager

Good day friends...


I expose the following issue:

A little over a month ago we upgraded the splunk version from 7.0 to 8.1.7.2, I do not know if because of the upgrade splunk no longer let me create users marking the following error: "In handler 'users': Could not get info for role that does not exist: windows-admin".

I also removed the apps that splunk had and that are compatible, among them "Splunk App for Windows Infrastructure". I don't know if this or the above generated this problem.

Can you help me if anyone has had this happen and how did you solve it?

thanks

Labels (1)
0 Karma
1 Solution

VatsalJagani
SplunkTrust
SplunkTrust

@mariorodriguez - I think you need to remove all occurrences.

(As Splunk error message is saying "passwd file says the windows-admin role is attached to some user but Splunk cannot find that role.")

View solution in original post

0 Karma

VatsalJagani
SplunkTrust
SplunkTrust

@mariorodriguez - I think you have that the role name (windows-admin) is still present in passwd file while the role itself has been removed.

Please find the file $SPLUNK_HOME/etc/passwd, and you need to clean up the "windows-admin" word properly. Please make sure you do not mess with the format of the file. And after the change, restart Splunk. (taking a backup of the file is always a good idea.)

 

I hope this helps!!!

0 Karma

mariorodriguez
Engager

thanks @VatsalJagani but I have a doubt, when opening the password file, the word "windows-admin", do I have to delete it for each user or should it be in a specific line?

0 Karma

VatsalJagani
SplunkTrust
SplunkTrust

@mariorodriguez - I think you need to remove all occurrences.

(As Splunk error message is saying "passwd file says the windows-admin role is attached to some user but Splunk cannot find that role.")

0 Karma

mariorodriguez
Engager

@VatsalJaganiThank you very much, it is already solved as you indicated.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...