Hello all,
I am having problems logging into Enterprise. I've tried my username and password, admin and changeme after moving the opt/splunk/etc/ passwd file and renaming it. Still won't work. If there's any better way to reset to allow login, i'd appreciate it. It was working just fine yesterday.
Thank You
Did you rename the right passwd file? Is Splunk installed somewhere else?
If you delete or rename the splunk_home/etc/passwd file and restart, it makes the admin password changeme everytime.
The only explanation is if you didn't rename the right file or some symbolic link exists.
jkat54
I believe I renamed the right file. Renamed passwd to passwd.back, a new file was then generated passwd. Did the restart and it won't allow me access. What could the symbolic link be you mentioned?
Do you have another authentication method configured, such as SSO or SAML? If these are enabled, you need to disable them for the local passwords to be used.
@esix is right. Do you have local authentication disabled?
/Applications/splunk/bin/splunk btool authentication list --debug
So once I get to the btool file in the bin, what would I need to do?
That whole line is a command you can run to show what type of authentication you have setup. Post the outputp
Thank you, this was the output
authType = Splunk
passwordHashAlgorithm = SHA512-crypt
[cacheTiming]
getUserInfoTTL = 10s
getUsersTTL = 10s
userLoginTTL = 0
[secrets]
filename =
namespace = splunk
Google says -
Did you restart splunk?
I did do ./splunk restart. No luck.