Project

General

Profile

Testing » History » Version 4

Luke Murphey, 12/04/2017 06:32 AM

1 1 Luke Murphey
h1. Testing
2 1 Luke Murphey
3 4 Luke Murphey
Below is information regarding how to set up a RADIUS server in order to run the unit tests against. These instructions roughly follow the tutorial found here: http://deployingradius.com/documents/configuration/pap.html.
4 2 Luke Murphey
5 1 Luke Murphey
h2. Install a RADIUS server (FreeRADIUS)
6 1 Luke Murphey
7 1 Luke Murphey
Install FreeRADIUS per directions for your OS. On mac, you can install it via brew:
8 1 Luke Murphey
9 1 Luke Murphey
<pre>
10 1 Luke Murphey
brew install freeradius-server
11 1 Luke Murphey
</pre>
12 1 Luke Murphey
13 1 Luke Murphey
h2. Setup a user
14 1 Luke Murphey
15 4 Luke Murphey
Create a user for testing by adding one to the users config file (raddb/users). The actual path varies. On a Mac with FreeRADIUS 3.0.12, the file is at /usr/local/Cellar/freeradius-server/3.0.12/etc/raddb/users.
16 1 Luke Murphey
17 1 Luke Murphey
I usually just use the example that is suggested in the FreeRADIUS docs:
18 1 Luke Murphey
19 1 Luke Murphey
<pre>
20 1 Luke Murphey
bob    Cleartext-Password := "hello"
21 1 Luke Murphey
       Reply-Message := "Hello, %{User-Name}"
22 4 Luke Murphey
</pre>
23 4 Luke Murphey
24 4 Luke Murphey
h2. Setup server secret
25 4 Luke Murphey
26 4 Luke Murphey
Modify the clients.conf config file (raddb/clients.conf) to set the secret. The actual path varies. On a Mac with FreeRADIUS 3.0.12, the file is at /usr/local/Cellar/freeradius-server/3.0.12/etc/raddb/clients.conf.
27 4 Luke Murphey
28 4 Luke Murphey
<pre>
29 4 Luke Murphey
client localhost {
30 4 Luke Murphey
    proto = *
31 4 Luke Murphey
    ipaddr = 127.0.0.1
32 4 Luke Murphey
    secret = testing123
33 4 Luke Murphey
    require_message_authenticator = no
34 4 Luke Murphey
    nas_type = other
35 4 Luke Murphey
}
36 1 Luke Murphey
</pre>
37 1 Luke Murphey
38 1 Luke Murphey
h2. Test your RADIUS server with radtest
39 1 Luke Murphey
40 2 Luke Murphey
Start FreeRADIUS in debugging mode:
41 1 Luke Murphey
42 1 Luke Murphey
<pre>
43 1 Luke Murphey
radiusd -X
44 1 Luke Murphey
</pre>
45 1 Luke Murphey
46 1 Luke Murphey
Next, run radtest against the server:
47 1 Luke Murphey
48 1 Luke Murphey
<pre>
49 1 Luke Murphey
radtest bob hello localhost 0 testing123
50 1 Luke Murphey
</pre>
51 1 Luke Murphey
52 1 Luke Murphey
If successful, you should see a message ending with:
53 1 Luke Murphey
54 1 Luke Murphey
<pre>
55 1 Luke Murphey
Received Access-Accept Id 238 from 127.0.0.1:1812 to 0.0.0.0:0 length 32
56 1 Luke Murphey
	Reply-Message = "Hello, bob"
57 1 Luke Murphey
</pre>
58 1 Luke Murphey
59 3 Luke Murphey
h2. Setup FreeRADIUS to specify Splunk roles
60 2 Luke Murphey
61 2 Luke Murphey
h3. Install the vendor specific dictionary for Splunk
62 2 Luke Murphey
63 3 Luke Murphey
Install the Splunk vendor specific dictionary. The dictionary should look something like this:
64 1 Luke Murphey
65 2 Luke Murphey
<pre>
66 3 Luke Murphey
VENDOR Splunk 27389
67 2 Luke Murphey
BEGIN-VENDOR Splunk
68 2 Luke Murphey
    ATTRIBUTE Splunk-Roles 1 string
69 1 Luke Murphey
END-VENDOR Splunk
70 2 Luke Murphey
</pre>
71 2 Luke Murphey
72 3 Luke Murphey
This file should be saved to something like "splunk.dictionary" (or see the attached file). This should be included to the main dictionary file:
73 2 Luke Murphey
74 2 Luke Murphey
<pre>
75 2 Luke Murphey
$INCLUDE        /usr/local/Cellar/freeradius-server/3.0.12/etc/raddb/splunk.dictionary
76 2 Luke Murphey
</pre>
77 2 Luke Murphey
78 2 Luke Murphey
h3. Modify user account to set roles
79 2 Luke Murphey
80 2 Luke Murphey
Modify the users file to return the roles:
81 2 Luke Murphey
82 2 Luke Murphey
<pre>
83 2 Luke Murphey
bob    Cleartext-Password := "hello"
84 2 Luke Murphey
       Reply-Message := "Hello, %{User-Name}",
85 2 Luke Murphey
       Splunk-Roles = "can_delete,admin"
86 2 Luke Murphey
</pre>
87 2 Luke Murphey
88 2 Luke Murphey
Next, run radtest against the server:
89 2 Luke Murphey
90 2 Luke Murphey
<pre>
91 2 Luke Murphey
radtest bob hello localhost 0 testing123
92 2 Luke Murphey
</pre>
93 2 Luke Murphey
94 2 Luke Murphey
If successful, you should see a message with the roles:
95 2 Luke Murphey
96 2 Luke Murphey
<pre>
97 2 Luke Murphey
Received Access-Accept Id 16 from 127.0.0.1:1812 to 0.0.0.0:0 length 56
98 2 Luke Murphey
	Reply-Message = "Hello, bob"
99 2 Luke Murphey
	Splunk-Roles = "can_delete,admin"
100 2 Luke Murphey
</pre>
101 2 Luke Murphey
102 1 Luke Murphey
h2. Setup Splunk
103 1 Luke Murphey
104 1 Luke Murphey
Install Splunk and the RADIUS authentication app.
105 2 Luke Murphey
106 2 Luke Murphey
To run the tests with the given configuration, use the following local.build.properties file:
107 2 Luke Murphey
108 2 Luke Murphey
<pre>
109 2 Luke Murphey
value.test.radius.server=127.0.0.1
110 2 Luke Murphey
value.test.radius.secret=testing123
111 2 Luke Murphey
value.test.radius.username=bob
112 2 Luke Murphey
value.test.radius.password=hello
113 2 Luke Murphey
value.test.radius.identifier=unit_test
114 2 Luke Murphey
value.test.radius.vendor_code=27389
115 2 Luke Murphey
value.test.radius.roles_attribute_id=1
116 2 Luke Murphey
</pre>