cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
extquebec
New Member
Member since: ‎04-09-2020
‎06-05-2020
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎04-09-2020
View All

Re: how to fix "Could not get roles for user that...

by in Security
‎04-11-2020 02:02 AM
‎04-11-2020 02:02 AM
Thank DalJeanis For the first issue. The users from AD are listed in splunkweb and are mapped to the role admin as expected But still cannot log-in with one of those users So I do not get why the user is not found ! Are those users supposed to be defined somewhere else ? Any idea ... View more

Re: how to fix "Could not get roles for user that...

by in Security
‎04-11-2020 01:39 AM
‎04-11-2020 01:39 AM
Thanks for your answer DalJeanis For my first issue : I can see in splunkweb all the users defined in LDAP linked to GROUP1 and mapped to the roles I defined in the authentification.conf file. Tried a lot of things but still get this error when trying to log-in with one of the user listed in splunkweb Am I looking in the wrong direction ... ? ... View more

how to fix "Could not get roles for user that doe...

by in Security
‎04-09-2020 11:00 AM
‎04-09-2020 11:00 AM
hello I am currently configuring SPLUNK with LDAP / AD . Splunk server is installed on a centos 7 . Splunk version 7.1 splunk web must be use by users in GROUP1 only GROUP1 is mapped with admin role minos is existing only in AD , not in Splunk web ... When user minos is not a member of GROUP1 it is not listed and does not appear in the log. As soon as minos has beed added in GROUP1, then it is in the log file . "Found matching group="GROUP1" with mapped roles" . It seems to be working as expected But 1) I have the following error message "Could not get roles for user that does not exist: minos" . What am I doing wrong ? What is missing and where ? Any suggestion ? of course I looked around in the forum ... but nothing obvious 2) There is also a user which is not existing in LDAP. And I am wondering where it does come from before, I removed any reference in the local.meta file user="nobody" was not cached .... Could not find user="nobody" with strategy="advm" Thanks Extract of the log splunk log file [...] 4-09-2020 15:03:45.002 +0000 DEBUG ScopedLDAPConnection - strategy="advm" Initializing with LDAPURL="ldap://:389" 04-09-2020 15:03:45.002 +0000 DEBUG ScopedLDAPConnection - strategy="advm" Attempting bind as DN="cn=administrador,cn=users,dc=XXX,dc=com" 04-09-2020 15:03:45.004 +0000 DEBUG ScopedLDAPConnection - strategy="advm" Bind successful 04-09-2020 15:03:45.004 +0000 DEBUG ScopedLDAPConnection - strategy="advm" Attempting to search subtree at DN="cn=users,dc=XXXX,dc=com" using filter="(&(samaccountname=minos)(memberof=CN=GROUP1,CN=Builtin,DC=XXXX,DC=com)(displayname=*))" 04-09-2020 15:03:45.007 +0000 DEBUG ScopedLDAPConnection - strategy="advm" Search duration="3.220 milliseconds" 04-09-2020 15:03:45.007 +0000 DEBUG ScopedLDAPConnection - strategy="advm" Loading entry attributes for DN="CN=minos,CN=Users,DC=XXX,DC=com" 04-09-2020 15:03:45.007 +0000 DEBUG ScopedLDAPConnection - strategy="advm" Adding attribute="displayName" with value="minos" 04-09-2020 15:03:45.007 +0000 DEBUG AuthenticationManagerLDAP - Attempting to get roles for user="minos" with DN="CN=minos,CN=Users,DC=XXXX,DC=com" in strategy="advm" 04-09-2020 15:03:45.007 +0000 DEBUG ScopedLDAPConnection - strategy="advm" Attempting to search subtree at DN="cn=builtin,dc=XXXX,dc=com" using filter="(&(member=CN=minos,CN=Users,DC=XXXX,DC=com)(cn=*))" 04-09-2020 15:03:45.009 +0000 DEBUG ScopedLDAPConnection - strategy="advm" Search duration="1382 microseconds" 04-09-2020 15:03:45.009 +0000 DEBUG ScopedLDAPConnection - strategy="advm" Loading entry attributes for DN="CN=GROUP1,CN=Builtin,DC=XXX,DC=com" 04-09-2020 15:03:45.009 +0000 DEBUG ScopedLDAPConnection - strategy="advm" Adding attribute="cn" with value="GROUP1" 04-09-2020 15:03:45.009 +0000 DEBUG AuthenticationManagerLDAP - Mapping groups for user="minos" for group DN="CN=GROUP1,CN=Builtin,DC=XXX,DC=com" 04-09-2020 15:03:45.009 +0000 DEBUG AuthenticationManagerLDAP - "Found matching group="GROUP1" with mapped roles" 04-09-2020 15:03:45.009 +0000 DEBUG AuthenticationManagerLDAP - Successfully filled info for user="minos" with realname="minos" and email="" in strategy="advm" 04-09-2020 15:03:45.009 +0000 DEBUG ScopedLDAPConnection - strategy="advm" Successfully performed unbind 04-09-2020 15:03:45.009 +0000 DEBUG AuthenticationManagerLDAP - Caching user="minos" with DN="CN=minos,CN=Users,DC=XXXX,DC=com" 04-09-2020 15:03:45.009 +0000 ERROR AuthenticationManagerSplunk - Could not get roles for user that does not exist: minos 04-09-2020 15:03:45.011 +0000 INFO UserManagerPro - Login failed for user="minos", elapsed time=0.001 seconds [...] here is my authenification.conf file [advm] SSLEnabled = 0 anonymous_referrals = 1 bindDN = cn=administrador,cn=users,dc=XXX,dc=com bindDNpassword = charset = utf8 emailAttribute = mail groupBaseDN = cn=builtin,dc=XXX,dc=com groupMappingAttribute = dn groupMemberAttribute = member groupNameAttribute = cn host = nestedGroups = 0 network_timeout = 20 port = 389 realNameAttribute = displayname sizelimit = 1000 timelimit = 15 userBaseDN = cn=users,dc=XXXX,dc=com userBaseFilter = (memberof=CN=GROUP1,CN=Builtin,DC=XXX,,DC=com) userNameAttribute = samaccountname [authentication] authSettings = advm authType = LDAP [roleMap_advm] admin = GROUP1 ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM