Splunk Apps » RADIUS Authentication

h1. Configuring Roles

By default, successfully authenticated users are assigned the "user" role. However, this can be overridden by creating a vendor specific attribute. The attribute should contain a string containing a colon or comma separated list of roles (like "admin:can_delete"). Re-run setup on the RADIUS auth app and configure the app to use the vendor code and vendor attribute ID you defined.

Below are instructions for configuring IAS:

h2. Open the IAS MMC Snap-In

Start the "mmc"

!Open_mmc_snap_in.png!

h2. Open the Remote Access Policy

Selected "Remote Access Policies" and open the appropriate policy. Then press the "Edit Profile" button and then click the "Advanced" tab.

!Select_policy.png!

h2. Create a New Attribute

Press the "Add" button and create a new attribute with a name of "Vendor-Specific" and a vendor of "RADIUS Standard".

!Select_attribute.png!

Press "Add" under the list of attribute values. Set the vendor code to 27389 and click the radio button for "Yes. It conforms".

!Set_vendor_code.png!

Click "Configure Attribute" to edit the value. Set the "Vendor assigned attribute number" to 0. Select a format of string and set the value to a colon separated list of roles.

!Edit_attribute.png!

The created attribute should look something like this:

!List_attributes.png!