Splunk Apps » RADIUS Authentication

h1. Testing

Below is information regarding how to set up a RADIUS server in order to run the unit tests against. These instructions roughly follow the tutorial found here: http://deployingradius.com/documents/configuration/pap.html.

h2. Install a RADIUS server (FreeRADIUS)

Install FreeRADIUS per directions for your OS. On mac, you can install it via brew:

<pre>

brew install freeradius-server

</pre>

h2. Setup a user

Create a user for testing by adding one to the users config file (raddb/users). The actual path varies. On a Mac with FreeRADIUS 3.0.12, the file is at /usr/local/Cellar/freeradius-server/3.0.12/etc/raddb/users.

I usually just use the example that is suggested in the FreeRADIUS docs:

<pre>

bob    Cleartext-Password := "hello"

       Reply-Message := "Hello, %{User-Name}"

</pre>

h2. Setup server secret

Modify the clients.conf config file (raddb/clients.conf) to set the secret. The actual path varies. On a Mac with FreeRADIUS 3.0.12, the file is at /usr/local/Cellar/freeradius-server/3.0.12/etc/raddb/clients.conf.

<pre>

client localhost {

    proto = *

    ipaddr = 127.0.0.1

    secret = testing123

    require_message_authenticator = no

    nas_type = other

}

</pre>

h2. Test your RADIUS server with radtest

Start FreeRADIUS in debugging mode:

<pre>

radiusd -X

</pre>

Next, run radtest against the server:

<pre>

radtest bob hello localhost 0 testing123

</pre>

If successful, you should see a message ending with:

<pre>

Received Access-Accept Id 238 from 127.0.0.1:1812 to 0.0.0.0:0 length 32

	Reply-Message = "Hello, bob"

</pre>

h2. Setup FreeRADIUS to specify Splunk roles

h3. Install the vendor specific dictionary for Splunk

Install the Splunk vendor specific dictionary. The dictionary should look something like this:

<pre>

VENDOR Splunk 27389

BEGIN-VENDOR Splunk

    ATTRIBUTE Splunk-Roles 1 string

END-VENDOR Splunk

</pre>

This file should be saved to something like "splunk.dictionary" (or see the attached file). This should be included to the main dictionary file:

<pre>

$INCLUDE        /usr/local/Cellar/freeradius-server/3.0.12/etc/raddb/splunk.dictionary

</pre>

h3. Modify user account to set roles

Modify the users file to return the roles:

<pre>

bob    Cleartext-Password := "hello"

       Reply-Message := "Hello, %{User-Name}",

       Splunk-Roles = "can_delete,admin"

</pre>

Next, run radtest against the server:

<pre>

radtest bob hello localhost 0 testing123

</pre>

If successful, you should see a message with the roles:

<pre>

Received Access-Accept Id 16 from 127.0.0.1:1812 to 0.0.0.0:0 length 56

	Reply-Message = "Hello, bob"

	Splunk-Roles = "can_delete,admin"

</pre>

h2. Setup Splunk

Install Splunk and the RADIUS authentication app.

To run the tests with the given configuration, use the following local.build.properties file:

<pre>

value.test.radius.server=127.0.0.1

value.test.radius.secret=testing123

value.test.radius.username=bob

value.test.radius.password=hello

value.test.radius.identifier=unit_test

value.test.radius.vendor_code=27389

value.test.radius.roles_attribute_id=1

</pre>