Splunk DB Connect 3: Why am I unable to login usin...

dlovett_umich · ‎07-19-2017

Splunk version 6.6.2
Splunk DB Connect Version 3.1 (Build 19)

I've created an identity to login using the same Windows domain user currently used in Splunk DB Connect 1. I know everything is setup correctly on the remote end because DB Connect 1 is able to access our SQL Servers. However, Splunk DB Connect 3 is unable to connect to these same SQL Servers.

The specific error is a "login failed for user..." and the user is NOT the username in the identity. The domain is correct; however, the user is incorrect. It looks like DB Connect is trying to login using the machine name.

Server Name: WS693

Identity information
================
Identity name:  dlovett
Identity username: dlovett
Use Windows Authentication Domain is checked with correct domain name=DOM.

Connection Information
=====================
identity: dlovett
connection type:  MS-SQL Server Using MS Generic Driver With Windows Authentication

Error Information
======
When I try to save the connection I get a login error for user "DOM\WS693$"

Again, nothing has changed on the remote SQL Server end and our DB Connect V1 connections are working fine using the same domain username credentials to login to the same servers.

As an interim solution, I can login via Splunk DB Connect v3 using SQL Server IDs. However, using local SQL Server ids to connect to DB servers is not the standard where I work. The DBA's prefer we use domain accounts.

I tried following suggestions/answers that address a similar issue for Splunk DB Connect 2; However, none of those worked.

Any help would be greatly appreciated.

dominiqued · ‎12-18-2020

Hello,

Do you remember which log in Splunk gave you these information:

Server Name: WS693

Identity information
================
Identity name:  dlovett
Identity username: dlovett
Use Windows Authentication Domain is checked with correct domain name=DOM.

Connection Information
=====================
identity: dlovett
connection type:  MS-SQL Server Using MS Generic Driver With Windows Authentication

Error Information
======
When I try to save the connection I get a login error for user "DOM\WS693$"
Thanks,

Dom

kmower · ‎08-21-2018

Any Progress on this Splunk People? I have similar issues with DB Connect not working on Windows. Thanks.

abaumbusch · ‎11-02-2018

Anyone ever have any luck with this?

pj · ‎09-15-2017

Ok, so with a windows domain SQL account other than the account being used by Splunk, you have to use: MS-SQL Server Using jTDS Driver with Windows Authentication

Then you must select to use port 1433, then edit the jdbc string to add in the instance and domain.

jdbc:jtds:sqlserver://XXXXXXXXX:1433/master;instance=XXXXX;useCursors=true;domain=XXXXX;useNTLMv2=true

Then it works on both Linux and Windows DB Connect environments.

Shyngys_Bolatbe · ‎02-08-2018

What is instance ?

spayneort · ‎08-21-2017

Since it is using the machine name it seems like the Splunk service is set to log on as the SYSTEM account. When using the MS Generic Driver With Windows Authentication, DB Connect will connect using the account the Splunk service is using. You could change the Splunk service to log on as a domain user and give that user access to the database.

http://docs.splunk.com/Documentation/DBX/3.1.0/DeployDBX/Installdatabasedrivers#Install_the_SQL_Serv...

dlovett_umich · ‎08-22-2017

Thanks for the reply. Unfortunately, I tried that and Splunk (as whole) failed to start.

We are going to stick with version 1 while we work with Splunk to identify a longer term solution.

pj · ‎09-15-2017

I have the same issue at a customer - did you get anywhere with this?

krish3 · ‎08-01-2017

I had the same issue which worked on DB connect 1 but fails on DB connect 3 I used JTDS driver with windows authentication and was able to login successfully using DB connect 3

jplumsdaine22 · ‎08-01-2017

yes on linux you have to use the jTDS driver to use windows auth, NOT the microsoft provided driver.

gjanders · ‎08-02-2017

On Linux I'm using:
MS Generic driver with Kerberos authentication as per the documentation for DB connect

This did involve creating a krb5.conf and I also needed to add a JVM argument of:
-Djava.security.krb5.conf=/.../krb5.conf

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud

dlovett_umich · ‎08-22-2017

Thanks for the reply!

Yes, we are doing the same thing on our Linux instances. This particular issue is occurring on Windows OS which it looks like I failed to mention (my bad).

Before someone responds with the obvious answer, the answer is no--we can't force everybody to use Linux 🙂 Our enterprise has compelling reasons to support multiple OS environments.

jplumsdaine22 · ‎07-25-2017

What values do you have in splunk_app_dbconnect/local/db_connections.conf ?

Splunk DB Connect 3: Why am I unable to login using Windows authentication?

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Adoption of RUM and APM at Splunk