Is it possible to use an AD service account instea...

bmileitch · ‎01-16-2013

Part of the install guide requires us to create a local account on each ESX host named splunkadmin, through the logincreator.pl script.

Instead of using a local account, is it possible to set the account name to an AD service account name we specify?

This would be a tremendous help to reduce deployment costs.

tfletcher_splun · ‎01-30-2013

Yes you can use AD accounts. The first thing you need to do is ensure that your hosts are joined to the domain already. Assuming that is done you can still use the logincreator.pl tool to create the roles necessary for the active directory user.

To permission an existing active directory user on a single host:

./logincreator.pl --target esxhost1.splunk.com --ad esxhostadmin --adpwd esxhostadminpwd123 --newuser MYDOMAIN\MYDOMAINUSER --newpwd DomainUserPassword

To permission an existing active directory user on all hosts for a particular vCenter:

./logincreator.pl --target vcenter.splunk.com --ad vcadmin --adpwd vcadminpassword --newuser MYDOMAIN\MYDOMAINUSER --newpwd DomainUserPassword --allhosts

That should get your active directory users permissioned correctly. Then you just specify them in your engine.conf or credential.conf just like any other user, though you must include the domain.

Is it possible to use an AD service account instead of local account?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!