Testing » History » Version 3
Version 2 (Luke Murphey, 10/28/2016 10:05 PM) → Version 3/4 (Luke Murphey, 10/30/2016 02:31 AM)
h1. Testing
Below is information regarding how to set up a RADIUS server in order to run the unit tests against.
h2. Install a RADIUS server (FreeRADIUS)
Install FreeRADIUS per directions for your OS. On mac, you can install it via brew:
<pre>
brew install freeradius-server
</pre>
h2. Setup a user
Create a user for testing bu adding one to the users config file (raddb/users). The actual path varies. On a Mac with FreeRADIUS 3.0.12, the file is at /usr/local/Cellar/freeradius-server/3.0.12/etc/raddb/.
I usually just use the example that is suggested in the FreeRADIUS docs:
<pre>
bob Cleartext-Password := "hello"
Reply-Message := "Hello, %{User-Name}"
</pre>
h2. Test your RADIUS server with radtest
Start FreeRADIUS in debugging mode:
<pre>
radiusd -X
</pre>
Next, run radtest against the server:
<pre>
radtest bob hello localhost 0 testing123
</pre>
If successful, you should see a message ending with:
<pre>
Received Access-Accept Id 238 from 127.0.0.1:1812 to 0.0.0.0:0 length 32
Reply-Message = "Hello, bob"
</pre>
h2. Setup FreeRADIUS to specify Splunk with the vendor specific roles
h3. Install the vendor specific dictionary for Splunk
Install the Splunk vendor specific dictionary. The dictionary should look something like this:
<pre>
VENDOR Splunk 27389
BEGIN-VENDOR Splunk
ATTRIBUTE Splunk-Roles 1 string
END-VENDOR Splunk
</pre>
This file should be saved to something like "splunk.dictionary" (or see the attached file). This should be included and added to the main dictionary file:
<pre>
$INCLUDE /usr/local/Cellar/freeradius-server/3.0.12/etc/raddb/splunk.dictionary
</pre>
h3. Modify user account to set roles
Modify the users file to return the roles:
<pre>
bob Cleartext-Password := "hello"
Reply-Message := "Hello, %{User-Name}",
Splunk-Roles = "can_delete,admin"
</pre>
Next, run radtest against the server:
<pre>
radtest bob hello localhost 0 testing123
</pre>
If successful, you should see a message with the roles:
<pre>
Received Access-Accept Id 16 from 127.0.0.1:1812 to 0.0.0.0:0 length 56
Reply-Message = "Hello, bob"
Splunk-Roles = "can_delete,admin"
</pre>
h2. Setup Splunk
Install Splunk and the RADIUS authentication app.
To run the tests with the given configuration, use the following local.build.properties file:
<pre>
value.test.radius.server=127.0.0.1
value.test.radius.secret=testing123
value.test.radius.username=bob
value.test.radius.password=hello
value.test.radius.identifier=unit_test
value.test.radius.vendor_code=27389
value.test.radius.roles_attribute_id=1
</pre>
Below is information regarding how to set up a RADIUS server in order to run the unit tests against.
h2. Install a RADIUS server (FreeRADIUS)
Install FreeRADIUS per directions for your OS. On mac, you can install it via brew:
<pre>
brew install freeradius-server
</pre>
h2. Setup a user
Create a user for testing bu adding one to the users config file (raddb/users). The actual path varies. On a Mac with FreeRADIUS 3.0.12, the file is at /usr/local/Cellar/freeradius-server/3.0.12/etc/raddb/.
I usually just use the example that is suggested in the FreeRADIUS docs:
<pre>
bob Cleartext-Password := "hello"
Reply-Message := "Hello, %{User-Name}"
</pre>
h2. Test your RADIUS server with radtest
Start FreeRADIUS in debugging mode:
<pre>
radiusd -X
</pre>
Next, run radtest against the server:
<pre>
radtest bob hello localhost 0 testing123
</pre>
If successful, you should see a message ending with:
<pre>
Received Access-Accept Id 238 from 127.0.0.1:1812 to 0.0.0.0:0 length 32
Reply-Message = "Hello, bob"
</pre>
h2. Setup FreeRADIUS to specify Splunk with the vendor specific roles
h3. Install the vendor specific dictionary for Splunk
Install the Splunk vendor specific dictionary. The dictionary should look something like this:
<pre>
VENDOR Splunk 27389
BEGIN-VENDOR Splunk
ATTRIBUTE Splunk-Roles 1 string
END-VENDOR Splunk
</pre>
This file should be saved to something like "splunk.dictionary" (or see the attached file). This should be included and added to the main dictionary file:
<pre>
$INCLUDE /usr/local/Cellar/freeradius-server/3.0.12/etc/raddb/splunk.dictionary
</pre>
h3. Modify user account to set roles
Modify the users file to return the roles:
<pre>
bob Cleartext-Password := "hello"
Reply-Message := "Hello, %{User-Name}",
Splunk-Roles = "can_delete,admin"
</pre>
Next, run radtest against the server:
<pre>
radtest bob hello localhost 0 testing123
</pre>
If successful, you should see a message with the roles:
<pre>
Received Access-Accept Id 16 from 127.0.0.1:1812 to 0.0.0.0:0 length 56
Reply-Message = "Hello, bob"
Splunk-Roles = "can_delete,admin"
</pre>
h2. Setup Splunk
Install Splunk and the RADIUS authentication app.
To run the tests with the given configuration, use the following local.build.properties file:
<pre>
value.test.radius.server=127.0.0.1
value.test.radius.secret=testing123
value.test.radius.username=bob
value.test.radius.password=hello
value.test.radius.identifier=unit_test
value.test.radius.vendor_code=27389
value.test.radius.roles_attribute_id=1
</pre>