Splunk Version: 6.3.0
Splunk Build: aa7d4b1ccb80
I have cloned the default administrator account, made the clone a named account, logged in with the new named administrator account, and deleted the default administrator account.
I have noticed that when I stop the Splunk Enterprise instance and restart it I am unable to login. The error message is "**Invalid username or password**".
I have to access via SSH and restart the splunk service and then I can login with my named administrator account.
Before restarting, I confirmed that my user account is stored in **/opt/splunk/etc/passwd**
I also took a look at **/opt/splunk/var/log/splunk/web_access.log** and **/opt/splunk/var/log/splunk/audit.log** but did not find any clues as to why this is happening.
Screenshots included - any idea why this happening? Not a big deal I guess since the instance shouldn't be rebooted often but kind of annoying. Note that our team is very small and we don't have enough instances and users to justify a full blown LDAP or AD implementation yet.
![alt text][1]
![alt text][2]
[1]: /storage/temp/125249-cantloginsplunkent.jpg
[2]: /storage/temp/125250-cantloginstepstoremediate.jpg
↧