Failsafe user working?

hcpr · ‎06-29-2010

Hi folks.

I have a Splunk setup to authenticate by LDAP, and this works reasonably well. Sometimes auth stops working for no apparent reason, and that's when this question becomes interesting.

I can't get the "failsafe" user in LDAP conf to work. Dos this function as intended for anyone? If so, how do i make it work? Currently any attempt to log on as the user listed as failsafe user in the LDAP config just returns the normal authentication failed message.

Any suggestions?

the_wolverine · ‎06-29-2010

If you recently migrated to version 4.1.x, your failsafe user (as configured in authentication.conf) is disabled. The new failsafe user is "admin" and is accessible from the UI:

Manager >> Access Controls >> Users

The default password is "changeme" and can be changed from the UI as well.

Simeon · ‎06-29-2010

Please detail the version of Splunk you are using, as 4.0 differs from 4.1.

Simeon · ‎06-29-2010

You should check the splunkd.log for why the LDAP authentication fails. If all of the LDAP auth fails, then there is likely a problem with your connectivity to the system. You should ensure that you are not using an alias for the LDAP host and that your LDAP server is not returning referrals.

Additionally, if you manually copied the authentication configuration from another machine then you will need to re-enter the passwords so they are encrypted with the correct key.

Another possible condition is that your failsafe username exists in your LDAP system, thus causing a conflict. You should make sure the failsafe username is unique.

treinke · ‎06-29-2010

Which version of Splunk are you using? I am currently on 4.1.2 and you can have both local and ldap users in the Splunk system.

There are no answer without questions

Failsafe user working?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!