Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why does Splunk not allow me to create users after upgrade?

mariorodriguez
Engager
‎07-08-2022 01:40 PM

Good day friends...


I expose the following issue:

A little over a month ago we upgraded the splunk version from 7.0 to 8.1.7.2, I do not know if because of the upgrade splunk no longer let me create users marking the following error: "In handler 'users': Could not get info for role that does not exist: windows-admin".

I also removed the apps that splunk had and that are compatible, among them "Splunk App for Windows Infrastructure". I don't know if this or the above generated this problem.

Can you help me if anyone has had this happen and how did you solve it?

thanks

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

VatsalJagani
SplunkTrust
SplunkTrust
‎07-11-2022 07:09 AM

@mariorodriguez - I think you need to remove all occurrences.

(As Splunk error message is saying "passwd file says the windows-admin role is attached to some user but Splunk cannot find that role.")

View solution in original post

0 Karma
Reply
Solved! Jump to solution

VatsalJagani
SplunkTrust
SplunkTrust
‎07-09-2022 07:12 AM

@mariorodriguez - I think you have that the role name (windows-admin) is still present in passwd file while the role itself has been removed.

Please find the file $SPLUNK_HOME/etc/passwd, and you need to clean up the "windows-admin" word properly. Please make sure you do not mess with the format of the file. And after the change, restart Splunk. (taking a backup of the file is always a good idea.)

 

I hope this helps!!!

0 Karma
Reply
Solved! Jump to solution

mariorodriguez
Engager
‎07-11-2022 06:24 AM

thanks @VatsalJagani but I have a doubt, when opening the password file, the word "windows-admin", do I have to delete it for each user or should it be in a specific line?

0 Karma
Reply
Solved! Jump to solution
Solution

VatsalJagani
SplunkTrust
SplunkTrust
‎07-11-2022 07:09 AM

@mariorodriguez - I think you need to remove all occurrences.

(As Splunk error message is saying "passwd file says the windows-admin role is attached to some user but Splunk cannot find that role.")

0 Karma
Reply
Solved! Jump to solution

mariorodriguez
Engager
‎07-11-2022 03:46 PM

@VatsalJaganiThank you very much, it is already solved as you indicated.

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...