Splunk Apps » RADIUS Authentication

{{>toc}}

h1. Configuring Roles

By default, successfully authenticated users are assigned the "user" role. However, this can be overridden by creating a vendor specific attribute. The attribute should contain a string containing a colon or comma separated list of roles (like "admin:can_delete"). Re-run setup on the RADIUS auth app and configure the app to use the vendor code and vendor attribute ID you defined.

If you are not sure what the attribute ID and vendor code being provided by the server is, run the following search after authenticating to see what attributes the app is receiving:

    index=_internal "Received the following fields upon login" sourcetype="radius_auth" 

h1. Configuring IAS (Microsoft Internet Authentication Service)

Below are instructions for configuring IAS.

h2. Open the IAS MMC Snap-In

Start the "mmc"

!Open_mmc_snap_in.png!

h2. Open the Remote Access Policy

Selected "Remote Access Policies" and open the appropriate policy. Then press the "Edit Profile" button and then click the "Advanced" tab.

!Select_policy.png!

h2. Create a New Attribute

Press the "Add" button and create a new attribute with a name of "Vendor-Specific" and a vendor of "RADIUS Standard".

!Select_attribute.png!

Press "Add" under the list of attribute values. Set the vendor code to 27389 and click the radio button for "Yes. It conforms".

!Set_vendor_code.png!

Click "Configure Attribute" to edit the value. Set the "Vendor assigned attribute number" to 1. Select a format of string and set the value to a colon separated list of roles.

!Edit_attribute.png!

The created attribute should look something like this:

!List_attributes.png!