Security

How to permanently remove accounts remaining after removing passwd file?

a212830
Champion

Hi,

I am in the process of rebuilding my dev environment, and am taking over an existing search-head that wasn't being used. I upgraded to 6.1.3, and then renamed the passwd file, so that all the old accounts were removed. However, there are still a number of ldap-based accounts appearing, and if I try to delete them via the gui, a message appears saying that "user account does not exist". Is there another place where they need to be removed from? I looked in the passwd file, and they are not present.

Tags (2)

hsesterhenn_spl
Splunk Employee
Splunk Employee

As far as I understand the docs directories in etc/users are automatically created as long as you can successfully log in via LDAP.

HTH,

Holger

0 Karma
Get Updates on the Splunk Community!

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Your Next Big Security Credential: No Prerequisites Needed We know you’ve got the skills, and now, earning the ...

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

This is the sixth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Answers Content Calendar, July Edition I

Hello Community! Welcome to another month of Community Content Calendar series! For the month of July, we will ...