Project

General

Profile

Testing » History » Version 3

Luke Murphey, 10/30/2016 02:31 AM

1 1 Luke Murphey
h1. Testing
2 1 Luke Murphey
3 2 Luke Murphey
Below is information regarding how to set up a RADIUS server in order to run the unit tests against.
4 2 Luke Murphey
5 1 Luke Murphey
h2. Install a RADIUS server (FreeRADIUS)
6 1 Luke Murphey
7 1 Luke Murphey
Install FreeRADIUS per directions for your OS. On mac, you can install it via brew:
8 1 Luke Murphey
9 1 Luke Murphey
<pre>
10 1 Luke Murphey
brew install freeradius-server
11 1 Luke Murphey
</pre>
12 1 Luke Murphey
13 1 Luke Murphey
h2. Setup a user
14 1 Luke Murphey
15 1 Luke Murphey
Create a user for testing bu adding one to the users config file (raddb/users). The actual path varies. On a Mac with FreeRADIUS 3.0.12, the file is at /usr/local/Cellar/freeradius-server/3.0.12/etc/raddb/.
16 1 Luke Murphey
17 1 Luke Murphey
I usually just use the example that is suggested in the FreeRADIUS docs:
18 1 Luke Murphey
19 1 Luke Murphey
<pre>
20 1 Luke Murphey
bob    Cleartext-Password := "hello"
21 1 Luke Murphey
       Reply-Message := "Hello, %{User-Name}"
22 1 Luke Murphey
</pre>
23 1 Luke Murphey
24 1 Luke Murphey
h2. Test your RADIUS server with radtest
25 1 Luke Murphey
26 2 Luke Murphey
Start FreeRADIUS in debugging mode:
27 1 Luke Murphey
28 1 Luke Murphey
<pre>
29 1 Luke Murphey
radiusd -X
30 1 Luke Murphey
</pre>
31 1 Luke Murphey
32 1 Luke Murphey
Next, run radtest against the server:
33 1 Luke Murphey
34 1 Luke Murphey
<pre>
35 1 Luke Murphey
radtest bob hello localhost 0 testing123
36 1 Luke Murphey
</pre>
37 1 Luke Murphey
38 1 Luke Murphey
If successful, you should see a message ending with:
39 1 Luke Murphey
40 1 Luke Murphey
<pre>
41 1 Luke Murphey
Received Access-Accept Id 238 from 127.0.0.1:1812 to 0.0.0.0:0 length 32
42 1 Luke Murphey
	Reply-Message = "Hello, bob"
43 1 Luke Murphey
</pre>
44 1 Luke Murphey
45 3 Luke Murphey
h2. Setup FreeRADIUS to specify Splunk roles
46 2 Luke Murphey
47 2 Luke Murphey
h3. Install the vendor specific dictionary for Splunk
48 2 Luke Murphey
49 3 Luke Murphey
Install the Splunk vendor specific dictionary. The dictionary should look something like this:
50 1 Luke Murphey
51 2 Luke Murphey
<pre>
52 3 Luke Murphey
VENDOR Splunk 27389
53 2 Luke Murphey
BEGIN-VENDOR Splunk
54 2 Luke Murphey
    ATTRIBUTE Splunk-Roles 1 string
55 1 Luke Murphey
END-VENDOR Splunk
56 2 Luke Murphey
</pre>
57 2 Luke Murphey
58 3 Luke Murphey
This file should be saved to something like "splunk.dictionary" (or see the attached file). This should be included to the main dictionary file:
59 2 Luke Murphey
60 2 Luke Murphey
<pre>
61 2 Luke Murphey
$INCLUDE        /usr/local/Cellar/freeradius-server/3.0.12/etc/raddb/splunk.dictionary
62 2 Luke Murphey
</pre>
63 2 Luke Murphey
64 2 Luke Murphey
h3. Modify user account to set roles
65 2 Luke Murphey
66 2 Luke Murphey
Modify the users file to return the roles:
67 2 Luke Murphey
68 2 Luke Murphey
<pre>
69 2 Luke Murphey
bob    Cleartext-Password := "hello"
70 2 Luke Murphey
       Reply-Message := "Hello, %{User-Name}",
71 2 Luke Murphey
       Splunk-Roles = "can_delete,admin"
72 2 Luke Murphey
</pre>
73 2 Luke Murphey
74 2 Luke Murphey
Next, run radtest against the server:
75 2 Luke Murphey
76 2 Luke Murphey
<pre>
77 2 Luke Murphey
radtest bob hello localhost 0 testing123
78 2 Luke Murphey
</pre>
79 2 Luke Murphey
80 2 Luke Murphey
If successful, you should see a message with the roles:
81 2 Luke Murphey
82 2 Luke Murphey
<pre>
83 2 Luke Murphey
Received Access-Accept Id 16 from 127.0.0.1:1812 to 0.0.0.0:0 length 56
84 2 Luke Murphey
	Reply-Message = "Hello, bob"
85 2 Luke Murphey
	Splunk-Roles = "can_delete,admin"
86 2 Luke Murphey
</pre>
87 2 Luke Murphey
88 1 Luke Murphey
h2. Setup Splunk
89 1 Luke Murphey
90 1 Luke Murphey
Install Splunk and the RADIUS authentication app.
91 2 Luke Murphey
92 2 Luke Murphey
To run the tests with the given configuration, use the following local.build.properties file:
93 2 Luke Murphey
94 2 Luke Murphey
<pre>
95 2 Luke Murphey
value.test.radius.server=127.0.0.1
96 2 Luke Murphey
value.test.radius.secret=testing123
97 2 Luke Murphey
value.test.radius.username=bob
98 2 Luke Murphey
value.test.radius.password=hello
99 2 Luke Murphey
value.test.radius.identifier=unit_test
100 2 Luke Murphey
value.test.radius.vendor_code=27389
101 2 Luke Murphey
value.test.radius.roles_attribute_id=1
102 2 Luke Murphey
</pre>