Install and Configuration » History » Version 7
Version 6 (Luke Murphey, 07/27/2012 07:03 PM) → Version 7/12 (Luke Murphey, 07/31/2012 10:56 PM)
h1. Configuring RADIUS Authentication App
Below are the steps for configuring Splunk to use the RADIUS authentication app with a RADIUS server.
h2. Configure Your RADIUS Server
Before you configure Splunk, you'll need to setup your RADIUS server per the vendor's documentation. See [[Configuring_IAS]] if you are using IAS for instructions.
h2. Configure The RADIUS Authentication Splunk App (using the setup screen)
You'll need the following information from your RADIUS server in order to configure Splunk:
# Shared secret
# RADIUS server address
# _(optional)_ username and password of a valid account (so that you can verify the configuration before you save the settings)
Below are the steps to setup the app:
# Install the "RADIUS Authentication app":http://splunk-base.splunk.com/apps/47339/radius-authentication
# Open the setup app and configure the RADIUS authentication app (go to Manager » Apps » click "Set up" for the app "RADIUS Authentication"
# Enter your RADIUS server settings and save the settings. Enter a sample user account in order to verify the configuration. The setup screen will not persist the settings if the test user account fails (which prevents saving a configuration that does not work).
# Logout and test the configuration by logging into Splunk. Make sure to use an account that does not exist on the local Splunk install (accounts on the local Splunk install will still authenticate locally and thus will not test the RADIUS server configuration).
h2. Configure The RADIUS Authentication Splunk App (manually)
The radius auth script can be configured manually by editing the file *$SPLUNK_HOME/etc/system/local/authentication.conf* with the following:
<pre>
[radius_auth_script]
scriptPath = "$SPLUNK_HOME/bin/python" "$SPLUNK_HOME/etc/apps/radius_auth/bin/radius_auth.py"
scriptSearchFilters = 0
[authentication]
authType = Scripted
authSettings = radius_auth_script
</pre>
h2. Troubleshooting
View You can view the related logs with from the following search: RADIUS server app logs by searching logs matching the sourcetype "radius_auth" and "radius_auth_rest_handler":
<pre>
index=_internal ( (UserManagerPro sourcetype="radius_auth" OR HTTPAuthManager) AND sourcetype="radius_auth_rest_handler"
</pre>
Alternatively, you can view the logs from Splunk itself as it attempts to use scripted authentication:
<pre>
index=_internal sourcetype="splunkd" ) OR sourcetype="radius_auth*" AuthenticationManagerScripted
</pre>
Below are the steps for configuring Splunk to use the RADIUS authentication app with a RADIUS server.
h2. Configure Your RADIUS Server
Before you configure Splunk, you'll need to setup your RADIUS server per the vendor's documentation. See [[Configuring_IAS]] if you are using IAS for instructions.
h2. Configure The RADIUS Authentication Splunk App (using the setup screen)
You'll need the following information from your RADIUS server in order to configure Splunk:
# Shared secret
# RADIUS server address
# _(optional)_ username and password of a valid account (so that you can verify the configuration before you save the settings)
Below are the steps to setup the app:
# Install the "RADIUS Authentication app":http://splunk-base.splunk.com/apps/47339/radius-authentication
# Open the setup app and configure the RADIUS authentication app (go to Manager » Apps » click "Set up" for the app "RADIUS Authentication"
# Enter your RADIUS server settings and save the settings. Enter a sample user account in order to verify the configuration. The setup screen will not persist the settings if the test user account fails (which prevents saving a configuration that does not work).
# Logout and test the configuration by logging into Splunk. Make sure to use an account that does not exist on the local Splunk install (accounts on the local Splunk install will still authenticate locally and thus will not test the RADIUS server configuration).
h2. Configure The RADIUS Authentication Splunk App (manually)
The radius auth script can be configured manually by editing the file *$SPLUNK_HOME/etc/system/local/authentication.conf* with the following:
<pre>
[radius_auth_script]
scriptPath = "$SPLUNK_HOME/bin/python" "$SPLUNK_HOME/etc/apps/radius_auth/bin/radius_auth.py"
scriptSearchFilters = 0
[authentication]
authType = Scripted
authSettings = radius_auth_script
</pre>
h2. Troubleshooting
View You can view the related logs with from the following search: RADIUS server app logs by searching logs matching the sourcetype "radius_auth" and "radius_auth_rest_handler":
<pre>
index=_internal ( (UserManagerPro sourcetype="radius_auth" OR HTTPAuthManager) AND sourcetype="radius_auth_rest_handler"
</pre>
Alternatively, you can view the logs from Splunk itself as it attempts to use scripted authentication:
<pre>
index=_internal sourcetype="splunkd" ) OR sourcetype="radius_auth*" AuthenticationManagerScripted
</pre>