2015-01-21 06:42 AM
On one of our systems (FAS2040, DOT 8.1.3) we started to get errors about missing 'login-ssh' capability. Even if we create new user with administrative privileges we can't connect over SSH. Only 'root' and 'administrator' users are capable of connecting to system.
Here is overview of one of users with which we have problems:
Info: Members can fully administer the filer
Info: Default role for administrator privileges.
Allowed Capabilities: login-*,cli-*,api-*,security-*
Any ideas what could be problem? I tried to manually add 'login-ssh' role to this and other users, but it is the same. I also tried creating new user, but we hit same issue.
On partner node there is the same configuration of users, groups and roles and everything is working ok.
2015-01-23 05:41 AM
It is the same - looks like it doesn't even recognize password. I am 100% sure password entered was correct, because I changed it with 'passwd' 10s before:
[xxx: sshd_2:info]: Failed password for splunkuser from xxxxxxxxxxx port 60446ssh2
And when we have login with key, we got:
[xxx:useradminx.unauthorized.user:warning]: User 'splunkuser' denied access - missing required capability: 'login-ssh'
2015-01-23 07:33 AM
Your splunkuser role is messed up...
You need to follow the splunk document for the app for splunk to make sure that you give it the rights perms for the app to work properly.
2 weeks ago
Noticed the same issue for me too.
User created in administrator group couldn't login while it can on the partner node without issues.
Upon all comparisions, noticed this change in options for 'security.admin.authentication'
Not working : security.admin.authentication nsswitch
working one : security.admin.authentication internal
changed this option to internal and could see user loggin in without any issues and resolves the problem.