Security

Unable to login to AD Authenticated Web Interface

dalgibbard
Engager

Hello Ladies and Chaps,
I'm having some issues connecting to the web interface for our Splunk search head.
Now i'm pretty certain it's worked previously, and my user has the same Group details and Permissions as the rest of my team (who manage the splunk systems) - and yet, it refuses my login, saying "Invalid username or password."

Now- I've logged on and checked the logs, and each time I attempt to login, the splunkd.log file gets an entry of:

ERROR AuthenticationManagerLDAP - User is not unique. Filter used: (&(samaccountname=firstname.lastname)(objectclass=User))

[ Only, with my actual firstname and lastname 🙂 ]

I can't seem to find any useful information on this error- does anyone have any ideas?

southeringtonp
Motivator

You have more than one object that matches that filter, and Splunk is getting confused when it sees multiple entries returned by LDAP. It doesn't know how to tell which of those entries is actually you.

Usually that happens with computer accounts, since both users and computers have objectclass=user in Active Directory.

Try changing User Base Filter in the manager to:

(&(objectclass=user)(!(objectclass=computer)))

or:

(objectcategory=CN=Person,CN=Schema,CN=Configuration,DC=yourdomain,DC=yourtld)

If those don't solve the problem, you may want to try using ldapsearch at the command line to see if you get more than one result, or just look through AD for multiple entries with the same sAMAccountName (i.e., NetBIOS name).

Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...