Splunk Search

After configuring LDAP authentication with AD groups. Few users are unable to login although they belong to same AD group.

shashwatsandeep
New Member

We have newly setup the Splunk Environment in AWS platform where we have used LDAP authentication method and created AD groups to determine permission to users and login to Splunk Web.
The issue we are facing is some of the users can login into Splunk who belongs to the AD group and some are unable to login although they belong to the same AD group with same permissions.
We are in Splunk Enterprise version 7.3.0
Can someone please suggest a possible solution for this.

Tags (1)
0 Karma

Wcd4v
New Member

So, with the users that cannot login, can you see their accounts in Splunk? If not, then the problem is with Splunk syncing with AD to create those accounts. I have seen before where if there aren't certain fields filled out in AD for users then their accounts won't sync, thus not be created in Splunk (maybe the Full Name field?). I would just compare one user that is working and one that isn't in AD and see if there are any empty field values.

0 Karma
Get Updates on the Splunk Community!

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Hey Splunky People! We are excited to share the latest updates in Splunk Enterprise 9.4. In this release we ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...