Project

General

Profile

History

Intro » Development Environment »

Testing

Below is information regarding how to set up a RADIUS server in order to run the unit tests against. These instructions roughly follow the tutorial found here: http://deployingradius.com/documents/configuration/pap.html.

Install a RADIUS server (FreeRADIUS)

Install FreeRADIUS per directions for your OS. On mac, you can install it via brew:

brew install freeradius-server

Setup a user

Create a user for testing by adding one to the users config file (raddb/users). The actual path varies. On a Mac with FreeRADIUS 3.0.12, the file is at /usr/local/Cellar/freeradius-server/3.0.12/etc/raddb/users.

I usually just use the example that is suggested in the FreeRADIUS docs:

bob    Cleartext-Password := "hello" 
       Reply-Message := "Hello, %{User-Name}"

Setup server secret

Modify the clients.conf config file (raddb/clients.conf) to set the secret. The actual path varies. On a Mac with FreeRADIUS 3.0.12, the file is at /usr/local/Cellar/freeradius-server/3.0.12/etc/raddb/clients.conf.

client localhost {
    proto = *
    ipaddr = 127.0.0.1
    secret = testing123
    require_message_authenticator = no
    nas_type = other
}

Test your RADIUS server with radtest

Start FreeRADIUS in debugging mode:

radiusd -X

Next, run radtest against the server:

radtest bob hello localhost 0 testing123

If successful, you should see a message ending with:

Received Access-Accept Id 238 from 127.0.0.1:1812 to 0.0.0.0:0 length 32
    Reply-Message = "Hello, bob"

Setup FreeRADIUS to specify Splunk roles

Install the vendor specific dictionary for Splunk

Install the Splunk vendor specific dictionary. The dictionary should look something like this:

VENDOR Splunk 27389
BEGIN-VENDOR Splunk
    ATTRIBUTE Splunk-Roles 1 string
END-VENDOR Splunk

This file should be saved to something like "splunk.dictionary" (or see the attached file). This should be included to the main dictionary file:

$INCLUDE        /usr/local/Cellar/freeradius-server/3.0.12/etc/raddb/splunk.dictionary

Modify user account to set roles

Modify the users file to return the roles:

bob    Cleartext-Password := "hello" 
       Reply-Message := "Hello, %{User-Name}",
       Splunk-Roles = "can_delete,admin"

Next, run radtest against the server:

radtest bob hello localhost 0 testing123

If successful, you should see a message with the roles:

Received Access-Accept Id 16 from 127.0.0.1:1812 to 0.0.0.0:0 length 56
    Reply-Message = "Hello, bob" 
    Splunk-Roles = "can_delete,admin"

Setup Splunk

Install Splunk and the RADIUS authentication app.

To run the tests with the given configuration, use the following local.build.properties file:

value.test.radius.server=127.0.0.1
value.test.radius.secret=testing123
value.test.radius.username=bob
value.test.radius.password=hello
value.test.radius.identifier=unit_test
value.test.radius.vendor_code=27389
value.test.radius.roles_attribute_id=1

splunk.dictionary (94 Bytes) Luke Murphey, 10/30/2016 02:31 AM