Install and Configuration » History » Version 10
Luke Murphey, 12/12/2012 05:18 PM
1 | 8 | Luke Murphey | {{>toc}} |
---|---|---|---|
2 | 8 | Luke Murphey | |
3 | 1 | Luke Murphey | h1. Configuring RADIUS Authentication App |
4 | 1 | Luke Murphey | |
5 | 1 | Luke Murphey | Below are the steps for configuring Splunk to use the RADIUS authentication app with a RADIUS server. |
6 | 1 | Luke Murphey | |
7 | 1 | Luke Murphey | h2. Configure Your RADIUS Server |
8 | 1 | Luke Murphey | |
9 | 8 | Luke Murphey | Before you configure Splunk, you'll need to setup your RADIUS server per the vendor's documentation. See [[Configuring_IAS]] if you are using IAS for instructions. |
10 | 1 | Luke Murphey | |
11 | 8 | Luke Murphey | The RADIUS authentication app will load roles from the RADIUS server if you set up an attribute containing a comma or colon list of roles. You'll need to configure the RADIUS authentication app to tell it which attribute it ought to us to find the roles. See [[Configuring_Roles]] for more information. |
12 | 8 | Luke Murphey | |
13 | 5 | Luke Murphey | h2. Configure The RADIUS Authentication Splunk App (using the setup screen) |
14 | 1 | Luke Murphey | |
15 | 1 | Luke Murphey | You'll need the following information from your RADIUS server in order to configure Splunk: |
16 | 1 | Luke Murphey | |
17 | 1 | Luke Murphey | # Shared secret |
18 | 1 | Luke Murphey | # RADIUS server address |
19 | 1 | Luke Murphey | # _(optional)_ username and password of a valid account (so that you can verify the configuration before you save the settings) |
20 | 8 | Luke Murphey | # _(optional)_ the vendor code and attribute ID if loading roles from the RADIUS server |
21 | 1 | Luke Murphey | |
22 | 1 | Luke Murphey | Below are the steps to setup the app: |
23 | 1 | Luke Murphey | |
24 | 1 | Luke Murphey | # Install the "RADIUS Authentication app":http://splunk-base.splunk.com/apps/47339/radius-authentication |
25 | 1 | Luke Murphey | # Open the setup app and configure the RADIUS authentication app (go to Manager » Apps » click "Set up" for the app "RADIUS Authentication" |
26 | 1 | Luke Murphey | # Enter your RADIUS server settings and save the settings. Enter a sample user account in order to verify the configuration. The setup screen will not persist the settings if the test user account fails (which prevents saving a configuration that does not work). |
27 | 1 | Luke Murphey | # Logout and test the configuration by logging into Splunk. Make sure to use an account that does not exist on the local Splunk install (accounts on the local Splunk install will still authenticate locally and thus will not test the RADIUS server configuration). |
28 | 3 | Luke Murphey | |
29 | 5 | Luke Murphey | h2. Configure The RADIUS Authentication Splunk App (manually) |
30 | 1 | Luke Murphey | |
31 | 6 | Luke Murphey | The radius auth script can be configured manually by editing the file *$SPLUNK_HOME/etc/system/local/authentication.conf* with the following: |
32 | 5 | Luke Murphey | |
33 | 1 | Luke Murphey | <pre> |
34 | 5 | Luke Murphey | [radius_auth_script] |
35 | 5 | Luke Murphey | scriptPath = "$SPLUNK_HOME/bin/python" "$SPLUNK_HOME/etc/apps/radius_auth/bin/radius_auth.py" |
36 | 5 | Luke Murphey | scriptSearchFilters = 0 |
37 | 5 | Luke Murphey | |
38 | 5 | Luke Murphey | [authentication] |
39 | 5 | Luke Murphey | authType = Scripted |
40 | 5 | Luke Murphey | authSettings = radius_auth_script |
41 | 5 | Luke Murphey | </pre> |
42 | 5 | Luke Murphey | |
43 | 1 | Luke Murphey | h2. Troubleshooting |
44 | 5 | Luke Murphey | |
45 | 8 | Luke Murphey | h3. User Accounts from the RADIUS Server Cannot Log In |
46 | 1 | Luke Murphey | |
47 | 8 | Luke Murphey | This can be due to a number of issues. View the related logs with the following search to determine why users cannot log in: |
48 | 8 | Luke Murphey | |
49 | 1 | Luke Murphey | <pre> |
50 | 1 | Luke Murphey | index=_internal ( (UserManagerPro OR HTTPAuthManager) AND sourcetype="splunkd" ) OR sourcetype="radius_auth*" |
51 | 8 | Luke Murphey | </pre> |
52 | 8 | Luke Murphey | |
53 | 8 | Luke Murphey | h3. Roles are Not Being Loaded from the RADIUS Server |
54 | 8 | Luke Murphey | |
55 | 8 | Luke Murphey | Incorrect vendor code or attribute ID is the most common reasons for roles not being loaded from the RADIUS server. Use the following search to view the attributes that are loaded when a user successfully authenticates (note that you will need to successfully login using a RADIUS server user to see the attributes): |
56 | 8 | Luke Murphey | |
57 | 8 | Luke Murphey | <pre> |
58 | 8 | Luke Murphey | index=_internal "Received the following fields upon login" sourcetype="radius_auth" |
59 | 4 | Luke Murphey | </pre> |
60 | 9 | Luke Murphey | |
61 | 9 | Luke Murphey | h3. Splunk is Still Using the Credentials from my Local Account |
62 | 9 | Luke Murphey | |
63 | 9 | Luke Murphey | Users will be authenticated via RADIUS _unless_ they have a local account. Splunk gives local accounts priority over scripted auth users and therefore will not use RADIUS for accounts where a local account already exists. |
64 | 10 | Luke Murphey | |
65 | 10 | Luke Murphey | h3. Authentication Test on Setup Screen Fails Indicating "Unable to validate credentials against the server ..." |
66 | 10 | Luke Murphey | |
67 | 10 | Luke Murphey | The logs likely provide more details regarding why the authentication attempt failed. You can see the relevant logs by searching for the sourcetype "radius_auth" in the internal index: |
68 | 10 | Luke Murphey | |
69 | 10 | Luke Murphey | index=_internal sourcetype="radius_auth" |
70 | 10 | Luke Murphey | |
71 | 10 | Luke Murphey | The log message will probably look something like "Exception triggered when attempting to contact the RADIUS server" and should include details regarding why the authentication attempt failed. |