Splunk Enterprise

Why does Splunk not allow me to create users after upgrade?

mariorodriguez
Engager

Good day friends...


I expose the following issue:

A little over a month ago we upgraded the splunk version from 7.0 to 8.1.7.2, I do not know if because of the upgrade splunk no longer let me create users marking the following error: "In handler 'users': Could not get info for role that does not exist: windows-admin".

I also removed the apps that splunk had and that are compatible, among them "Splunk App for Windows Infrastructure". I don't know if this or the above generated this problem.

Can you help me if anyone has had this happen and how did you solve it?

thanks

Labels (1)
0 Karma
1 Solution

VatsalJagani
SplunkTrust
SplunkTrust

@mariorodriguez - I think you need to remove all occurrences.

(As Splunk error message is saying "passwd file says the windows-admin role is attached to some user but Splunk cannot find that role.")

View solution in original post

0 Karma

VatsalJagani
SplunkTrust
SplunkTrust

@mariorodriguez - I think you have that the role name (windows-admin) is still present in passwd file while the role itself has been removed.

Please find the file $SPLUNK_HOME/etc/passwd, and you need to clean up the "windows-admin" word properly. Please make sure you do not mess with the format of the file. And after the change, restart Splunk. (taking a backup of the file is always a good idea.)

 

I hope this helps!!!

0 Karma

mariorodriguez
Engager

thanks @VatsalJagani but I have a doubt, when opening the password file, the word "windows-admin", do I have to delete it for each user or should it be in a specific line?

0 Karma

VatsalJagani
SplunkTrust
SplunkTrust

@mariorodriguez - I think you need to remove all occurrences.

(As Splunk error message is saying "passwd file says the windows-admin role is attached to some user but Splunk cannot find that role.")

0 Karma

mariorodriguez
Engager

@VatsalJaganiThank you very much, it is already solved as you indicated.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...