Install and Configuration » History » Version 12
Luke Murphey, 11/24/2014 10:29 PM
| 1 | 8 | Luke Murphey | {{>toc}} |
|---|---|---|---|
| 2 | 8 | Luke Murphey | |
| 3 | 1 | Luke Murphey | h1. Configuring RADIUS Authentication App |
| 4 | 1 | Luke Murphey | |
| 5 | 1 | Luke Murphey | Below are the steps for configuring Splunk to use the RADIUS authentication app with a RADIUS server. |
| 6 | 1 | Luke Murphey | |
| 7 | 1 | Luke Murphey | h2. Configure Your RADIUS Server |
| 8 | 1 | Luke Murphey | |
| 9 | 12 | Luke Murphey | Before you configure Splunk, you'll need to setup your RADIUS server per the vendor's documentation. Below are some links to information on how to setup some vendors: |
| 10 | 12 | Luke Murphey | |
| 11 | 12 | Luke Murphey | * [[Configuring_IAS|Microsoft IAS]] |
| 12 | 12 | Luke Murphey | * [[Configuring_Cisco_ISE|Cisco ISE]] |
| 13 | 1 | Luke Murphey | |
| 14 | 8 | Luke Murphey | The RADIUS authentication app will load roles from the RADIUS server if you set up an attribute containing a comma or colon list of roles. You'll need to configure the RADIUS authentication app to tell it which attribute it ought to us to find the roles. See [[Configuring_Roles]] for more information. |
| 15 | 8 | Luke Murphey | |
| 16 | 5 | Luke Murphey | h2. Configure The RADIUS Authentication Splunk App (using the setup screen) |
| 17 | 1 | Luke Murphey | |
| 18 | 1 | Luke Murphey | You'll need the following information from your RADIUS server in order to configure Splunk: |
| 19 | 1 | Luke Murphey | |
| 20 | 1 | Luke Murphey | # Shared secret |
| 21 | 1 | Luke Murphey | # RADIUS server address |
| 22 | 1 | Luke Murphey | # _(optional)_ username and password of a valid account (so that you can verify the configuration before you save the settings) |
| 23 | 8 | Luke Murphey | # _(optional)_ the vendor code and attribute ID if loading roles from the RADIUS server |
| 24 | 1 | Luke Murphey | |
| 25 | 1 | Luke Murphey | Below are the steps to setup the app: |
| 26 | 1 | Luke Murphey | |
| 27 | 1 | Luke Murphey | # Install the "RADIUS Authentication app":http://splunk-base.splunk.com/apps/47339/radius-authentication |
| 28 | 1 | Luke Murphey | # Open the setup app and configure the RADIUS authentication app (go to Manager » Apps » click "Set up" for the app "RADIUS Authentication" |
| 29 | 1 | Luke Murphey | # Enter your RADIUS server settings and save the settings. Enter a sample user account in order to verify the configuration. The setup screen will not persist the settings if the test user account fails (which prevents saving a configuration that does not work). |
| 30 | 1 | Luke Murphey | # Logout and test the configuration by logging into Splunk. Make sure to use an account that does not exist on the local Splunk install (accounts on the local Splunk install will still authenticate locally and thus will not test the RADIUS server configuration). |
| 31 | 3 | Luke Murphey | |
| 32 | 5 | Luke Murphey | h2. Configure The RADIUS Authentication Splunk App (manually) |
| 33 | 1 | Luke Murphey | |
| 34 | 6 | Luke Murphey | The radius auth script can be configured manually by editing the file *$SPLUNK_HOME/etc/system/local/authentication.conf* with the following: |
| 35 | 5 | Luke Murphey | |
| 36 | 1 | Luke Murphey | <pre> |
| 37 | 5 | Luke Murphey | [radius_auth_script] |
| 38 | 5 | Luke Murphey | scriptPath = "$SPLUNK_HOME/bin/python" "$SPLUNK_HOME/etc/apps/radius_auth/bin/radius_auth.py" |
| 39 | 5 | Luke Murphey | scriptSearchFilters = 0 |
| 40 | 5 | Luke Murphey | |
| 41 | 5 | Luke Murphey | [authentication] |
| 42 | 5 | Luke Murphey | authType = Scripted |
| 43 | 5 | Luke Murphey | authSettings = radius_auth_script |
| 44 | 5 | Luke Murphey | </pre> |
| 45 | 5 | Luke Murphey | |
| 46 | 1 | Luke Murphey | h2. Troubleshooting |
| 47 | 5 | Luke Murphey | |
| 48 | 11 | Luke Murphey | See [[Troubleshooting]]. |