you can use the SPLUNK_BINDIP to start splunkd on a specific port
export SPLUNK_BINDIP=your-ip-addr
do a splunk start
you should see the splunk services binding to only the above IP
to make it permanent put this in etc/splunk-launch.conf
... View more
This feature is available in 6.2.0 release of the splunk. You can simply set the following property in the server.conf under
[sslConfig]
sslKeysfilePassword = $1$1E552iukpmwZ
sslVersions=*,-ssl2,-ssl3
this will disable ssl2 and sslv3 protocols, of-course you need to set the corresponding property in the indexer side as well to get the forwarder connecting to the indexer
... View more
This is known to work in Splunk 5+. Please refer the attached image
Both in the server.conf and web.conf for the trustedIP property you need to set
trustedIP=::1 NOT trustedIP=[::1] , if you do you would likely see following error in the splunkd.log
-04-2014 21:58:31.362 -0800 ERROR HTTPRestLogin - SSO failed - Given IP '::1' does not match trusted IP '[::1]'
... View more
Are you able to find this user through the ldapsearch filter that you are using in your strategy? Upgrade should not affect your authentication.conf. Not sure what you mean by a sync with AD broke, It appears either your user filter incorrect or the naming attribute is wrong in the strategy config
... View more
It is the authz that require the user to be available in splunk, you can workaround by either
creating a LDAP strategy pointing to your Shibboleth identity store if it is LDAP.
or
duplicating the Shibboleth user identities in the Splunk with proper role mapping
I use a script like this to create a local splunk users
#!/bin/sh
FILE=$HOME/scripts/uids.txt
ACTION=$1
user_add()
{
line1=$1
curl -k -u admin:changeme -X POST -d "name=$line&password=$line&roles=admin" https://localhost:8089/services/authentication/users
#curl -k -u admin:changeme -X POST -d "name=$line&password=$line&roles=splunk_role_edit_tcp" https://localhost:8089/services/authentication/users
echo "Creating User $line"
return 0
}
user_del()
{
line1=$1
curl -k -u admin:changeme -X DELETE https://localhost:8089/services/authentication/users/$line1
echo "Deleting User $line"
return 0
}
user_auth()
{
line1=$1
curl -k -X POST -d "username=$line1&password=$line1" https://localhost:8089/services/auth/login
echo "Authenticating User $line"
return 0
}
cat $FILE|while read line
do
if [ $ACTION = "add" ]
then
user_add $line
elif [ $ACTION = "del" ]
then
user_del $line
else
user_add $line
user_auth $line
user_del $line
fi
done
my uids.txt is something like, I use uid/pwd same but you get the point
Lewis_User0
Cesar_User1
Mark_User2
James_User3
hope this helps
... View more
IPv6 support is available only from Splunk 4.3 release onwards, you should not see this problem in 4.3, if you do, to debug try disabling the referrals it could be the referrals issue
... View more
Can you please elaborate on your problem? OOTB, the nested group support is disabled in the LDAP strategy page, did you check the box labeled "Nested groups" ? If still not working send me a note.
... View more
LDAP nested group support is going to be available in the next release of Splunk, which is currently in beta testing, you can request a copy for evaluation from PMs
... View more