Security

Unable to login to AD Authenticated Web Interface

dalgibbard
Engager

Hello Ladies and Chaps,
I'm having some issues connecting to the web interface for our Splunk search head.
Now i'm pretty certain it's worked previously, and my user has the same Group details and Permissions as the rest of my team (who manage the splunk systems) - and yet, it refuses my login, saying "Invalid username or password."

Now- I've logged on and checked the logs, and each time I attempt to login, the splunkd.log file gets an entry of:

ERROR AuthenticationManagerLDAP - User is not unique. Filter used: (&(samaccountname=firstname.lastname)(objectclass=User))

[ Only, with my actual firstname and lastname 🙂 ]

I can't seem to find any useful information on this error- does anyone have any ideas?

southeringtonp
Motivator

You have more than one object that matches that filter, and Splunk is getting confused when it sees multiple entries returned by LDAP. It doesn't know how to tell which of those entries is actually you.

Usually that happens with computer accounts, since both users and computers have objectclass=user in Active Directory.

Try changing User Base Filter in the manager to:

(&(objectclass=user)(!(objectclass=computer)))

or:

(objectcategory=CN=Person,CN=Schema,CN=Configuration,DC=yourdomain,DC=yourtld)

If those don't solve the problem, you may want to try using ldapsearch at the command line to see if you get more than one result, or just look through AD for multiple entries with the same sAMAccountName (i.e., NetBIOS name).

Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...