I am setting up a new indexer in our corporate splunk cluster. I am planning to use the identical version of splunk enterprise that we currently are using on other host members of the cluster.
I have the splunk installer .rpm I believe was used to set up other hosts previously.
I want to make sure it is a valid .rpm as downloaded from splunk.com
I was unable to find a reference list for MD5 sums of earlier releases of splunk on the splunk.com website.
Here is what I have and the MD5 sum of the installer file.
Can anyone tell me if the MD5 sum above suggests that the installer file is legitimate?
... View more
Anthony, and others who may stumble into this.
It does not look like a splunk issue to me....
I have been dealing with the same issue and did a wireshark of the LDAP exchange to help understand what is going on here. The UK user you added to your US domain group is not picked up by splunk authorization "map group" because Windows server is sending it only the SID value for that user with a common name of "ForeignSecurityPrincipals". I am not sure why Windows server would not send it the full DN of the UK user you have added into the US domain group. I my case what is sent by the Windows DC to represent the externally referenced user looks like this:
Frame 398 includes an unspecified "ForeignSecurityPrincipals" account which is identified by only the SID as follows:
...This is basically useless information to splunk. It looks like a Windows server issue to me. I would expect the full CN representing the inserted user to be sent. After all the foreign user ~was~ added successfully to the group.
What we need sent by Windows server is something that looks like the following, which is the form sent for local users placed into the group of interest. It looks like this:
Again, from my perspective it looks like a Windows 2012R2 DC LDAP issue. Your UK user foreign security principal is not being identified as proper "CN" even though Windows is aware of exactly who this principal is. It is sending only SID and "ForeignSecurityPrincipals".
... View more