![]() ![]() The tutorial for the installation of SSL certificates can be found here and here. Now, you can log off from Splunk as admin and log in as the configured AD user. OK, so click on Splunk Power Users for example and click on power on the left side. Make sure you have at least one member in the group, otherwise it won’t show up. If you don’t see any groups, you have something misconfigured or most likely you don’t have any members. Now, we have to tell Splunk to map those AD groups with Splunk’s internal roles. Once completed, you’ll get back to this screen. The Group name attribute is sAMAccountName and the Static member attribute is member. So, under Group settings and Group base DN, I have to specify that OU as OU=Groups,DC=andreev,DC=local. In AD I have my three Splunk groups defined in an OU called Groups. For the User name attribute use sAMAccountName and for the Real name attribute use displayName. If you have one single OU for the users and thousands of users there, you might want to do some filtering, otherwise the LDAP queries will take some time. Check the User base filter and the description. For the User base DN, enter the OU where you have your users defined. The next section is for the User settings. Use adsiedit.msc find the user in question and check the distinguished name property.įor Bind DN Password, enter the password for the svc_splunk user. As I said, I have a user called svc_splunk that does this for me. The Bind DN is the distinguished name for the user that will do the LDAP queries. For the port enter 389 which is the standard LDAP port. So, use the domain name here and make sure it resolves to an IP of a domain controller. , but if that hosts goes down, LDAP won’t work. This is not actually my host, it’s my domain that resolves to one of the hosts. For LDAP connection settings, I have andreev.local for the host. First, enter the LDAP strategy name, in my case is AD Integration with andreev.local. I’ll describe what you have to enter here section by section. ![]() You’ll see a new screen, just click New LDAP in the upper right corner. Select LDAP and click to Configure Splunk to use LDAP. When the new screen appears, click the Authentication method. Go to Splunk logged as admin and under Settings from the main menu, look at the lower right corner and you’ll see the Access controls. Also, I have an OU called Groups and I have three groups there, Splunk Admins, Splunk Users and Splunk Power Users. In my case, I have a user called svc_splunk that will do the LDAP queries for the Splunk server. But, let’s check the AD first and see what do we have there. Most likely, you’ll want to integrate Splunk with your corporate Active Directory. Once you see the login page, you can log in as admin and the password you chose when you installed Splunk. If you are getting time-out, make sure that port 8000 is open on the firewall.įirewall-cmd -zone=public -permanent -add-port=8000/tcp If you go to your Splunk server now by visiting you’ll see the login page. ![]() If you want to start Splunk on each boot, you’ll have to type. Once completed in 10-20 seconds, you’ll get a message that “The Splunk web interface is at ” or whatever you named your server. ![]() You’ll be prompted to accept the license and enter the admin password. Make sure you disable SELinux by editing /etc/selinux/config and change SELINUX=enforcing to SELINUX=permissive. Log as root and put the tarball under /tmp on the Splunk server and extract it under /opt. Once you create an account and log in, you can download the Linux installer. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |