Splunk version 6.6.2
Splunk DB Connect Version 3.1 (Build 19)
I've created an identity to login using the same Windows domain user currently used in Splunk DB Connect 1. I know everything is setup correctly on the remote end because DB Connect 1 is able to access our SQL Servers. However, Splunk DB Connect 3 is unable to connect to these same SQL Servers.
The specific error is a "login failed for user..." and the user is NOT the username in the identity. The domain is correct; however, the user is incorrect. It looks like DB Connect is trying to login using the machine name.
Server Name: WS693
Identity information
================
Identity name: dlovett
Identity username: dlovett
Use Windows Authentication Domain is checked with correct domain name=DOM.
Connection Information
=====================
identity: dlovett
connection type: MS-SQL Server Using MS Generic Driver With Windows Authentication
Error Information
======
When I try to save the connection I get a login error for user "DOM\WS693$"
Again, nothing has changed on the remote SQL Server end and our DB Connect V1 connections are working fine using the same domain username credentials to login to the same servers.
As an interim solution, I can login via Splunk DB Connect v3 using SQL Server IDs. However, using local SQL Server ids to connect to DB servers is not the standard where I work. The DBA's prefer we use domain accounts.
I tried following suggestions/answers that address a similar issue for Splunk DB Connect 2; However, none of those worked.
Any help would be greatly appreciated.
Hello,
Do you remember which log in Splunk gave you these information:
Server Name: WS693 Identity information ================ Identity name: dlovett Identity username: dlovett Use Windows Authentication Domain is checked with correct domain name=DOM. Connection Information ===================== identity: dlovett connection type: MS-SQL Server Using MS Generic Driver With Windows Authentication Error Information ====== When I try to save the connection I get a login error for user "DOM\WS693$"
Thanks,
Dom
Any Progress on this Splunk People? I have similar issues with DB Connect not working on Windows. Thanks.
Anyone ever have any luck with this?
Ok, so with a windows domain SQL account other than the account being used by Splunk, you have to use: MS-SQL Server Using jTDS Driver with Windows Authentication
Then you must select to use port 1433, then edit the jdbc string to add in the instance and domain.
jdbc:jtds:sqlserver://XXXXXXXXX:1433/master;instance=XXXXX;useCursors=true;domain=XXXXX;useNTLMv2=true
Then it works on both Linux and Windows DB Connect environments.
What is instance ?
Since it is using the machine name it seems like the Splunk service is set to log on as the SYSTEM account. When using the MS Generic Driver With Windows Authentication, DB Connect will connect using the account the Splunk service is using. You could change the Splunk service to log on as a domain user and give that user access to the database.
Thanks for the reply. Unfortunately, I tried that and Splunk (as whole) failed to start.
We are going to stick with version 1 while we work with Splunk to identify a longer term solution.
I have the same issue at a customer - did you get anywhere with this?
I had the same issue which worked on DB connect 1 but fails on DB connect 3 I used JTDS driver with windows authentication and was able to login successfully using DB connect 3
yes on linux you have to use the jTDS driver to use windows auth, NOT the microsoft provided driver.
On Linux I'm using:
MS Generic driver with Kerberos authentication as per the documentation for DB connect
This did involve creating a krb5.conf and I also needed to add a JVM argument of:
-Djava.security.krb5.conf=/.../krb5.conf
Thanks for the reply!
Yes, we are doing the same thing on our Linux instances. This particular issue is occurring on Windows OS which it looks like I failed to mention (my bad).
Before someone responds with the obvious answer, the answer is no--we can't force everybody to use Linux 🙂 Our enterprise has compelling reasons to support multiple OS environments.
What values do you have in splunk_app_dbconnect/local/db_connections.conf ?