We are using scripted authentication in Splunk using credentials of a central system. This works fine for 4 users out of 5 who have same role, same privileges and same index assigned.
However for one user, splunk web throws *500 Internal Server Error *. After enabling the debug, the scripted authentication is 'successful' including all three functions ie; userLogin,getUserInfo,getUsers. However, once its submitted to splunkd, it throws the error AdminHandler:AuthenticationHandler - Insufficient permissions to list user:<username>
The user has exactly same privileges as others.
Please share if you have experienced same issue and a possible solution if any.
Thanks
... View more