Solved: Re: Splunk DB Connect 2.4 refuses to Validate and ...

michaelba · ‎01-25-2017

Splunk Community,

Before we raise a support ticket, can someone else confirm this bug in Splunk DB Connect 2.4? If there's a more appropriate place to file this, please let me know and I'll resubmit.

Expected Behavior: Splunk DB Connect should validate the connection with the domain account used by splunkd service. The UI smart enough to know the Identity field is not needed for this type of database connection.

Actual Behavior: Splunk DB Connect refuses to Validate and Save the connection and presents error: "Identity field missing". Moreover, even if we manually edit the db_connections.conf file to not specify any Identity, Splunk DB Connect refuses to use this connection.

Bug: Splunk DB Connect 2.4 validation logic needs to be enhanced to make the Identity field optional for this type of Database Connection ("MS-SQL Server Using MS Generic Driver With Windows Authentication").

Repo Steps:
1. Click (+) button to add a new Connection.
2. Enter hostname 'foo.com'
3. Select the Database Type to be 'MS-SQL Server Using MS Generic Driver With Windows Authentication'.
4. Observe the Identity field is now disabled and does not have any value selected.
5. Click Validate.
6. Observe error message: "Identity field is missing."

Requested Fix: When selecting Database Types like 'MS-SQL Server Using MS Generic Driver With Windows Authentication', which do NOT require an explicitly passed user credential, allow the Identity field to be optional.

Temporary Workaround:
Add a sentinel 'fake' identity with bogus username and password data.
When creating a new connection, first select the fake identity, then select the database connection type.
The selected identity is ignored when the connection is validated.

michaelba · ‎01-30-2017

I downvoted this post because no.

when you select a connection-type of "ms-sql server using ms generic driver with windows authentication", the identity field is completely ignored during validation. i create a 'fakeuser' identity just to trick the ui to proceed with validation. my connection was validated using the security context of the service account used by splunkd.

fyi - splunk support has already acknowledged this is a bug.

View solution in original post

michaelba · ‎01-30-2017

I downvoted this post because no.

when you select a connection-type of "ms-sql server using ms generic driver with windows authentication", the identity field is completely ignored during validation. i create a 'fakeuser' identity just to trick the ui to proceed with validation. my connection was validated using the security context of the service account used by splunkd.

fyi - splunk support has already acknowledged this is a bug.

jplumsdaine22 · ‎01-30-2017

Great - do you mind accepting your own answer so the question is marked as complete?

Cheers

jplumsdaine22 · ‎01-30-2017

I imagine this is a feature rather than a bug.

The service account running splunkd may not be a valid domain account for the connection target. For example, it may be in a non federated domain, splunkd may not be running as a domain account, dbconnect may be running on linux and not even be domain joined, etc. I would think it is reasonable that an identity field needs to be selected.

I do see your point, that you don't want to have to enter service account credentials twice, but I don't think there is any bug here.

You can raise feature enhancement requests through the support portal on splunk.com.

Splunk DB Connect 2.4 refuses to Validate and Save a database connection, presenting "Identity field missing error". Is this a bug?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases