Splunk Search

After configuring LDAP authentication with AD groups. Few users are unable to login although they belong to same AD group.

shashwatsandeep
New Member

We have newly setup the Splunk Environment in AWS platform where we have used LDAP authentication method and created AD groups to determine permission to users and login to Splunk Web.
The issue we are facing is some of the users can login into Splunk who belongs to the AD group and some are unable to login although they belong to the same AD group with same permissions.
We are in Splunk Enterprise version 7.3.0
Can someone please suggest a possible solution for this.

Tags (1)
0 Karma

Wcd4v
New Member

So, with the users that cannot login, can you see their accounts in Splunk? If not, then the problem is with Splunk syncing with AD to create those accounts. I have seen before where if there aren't certain fields filled out in AD for users then their accounts won't sync, thus not be created in Splunk (maybe the Full Name field?). I would just compare one user that is working and one that isn't in AD and see if there are any empty field values.

0 Karma
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.