Testing » History » Version 4
Luke Murphey, 12/04/2017 06:32 AM
1 | 1 | Luke Murphey | h1. Testing |
---|---|---|---|
2 | 1 | Luke Murphey | |
3 | 4 | Luke Murphey | Below is information regarding how to set up a RADIUS server in order to run the unit tests against. These instructions roughly follow the tutorial found here: http://deployingradius.com/documents/configuration/pap.html. |
4 | 2 | Luke Murphey | |
5 | 1 | Luke Murphey | h2. Install a RADIUS server (FreeRADIUS) |
6 | 1 | Luke Murphey | |
7 | 1 | Luke Murphey | Install FreeRADIUS per directions for your OS. On mac, you can install it via brew: |
8 | 1 | Luke Murphey | |
9 | 1 | Luke Murphey | <pre> |
10 | 1 | Luke Murphey | brew install freeradius-server |
11 | 1 | Luke Murphey | </pre> |
12 | 1 | Luke Murphey | |
13 | 1 | Luke Murphey | h2. Setup a user |
14 | 1 | Luke Murphey | |
15 | 4 | Luke Murphey | Create a user for testing by adding one to the users config file (raddb/users). The actual path varies. On a Mac with FreeRADIUS 3.0.12, the file is at /usr/local/Cellar/freeradius-server/3.0.12/etc/raddb/users. |
16 | 1 | Luke Murphey | |
17 | 1 | Luke Murphey | I usually just use the example that is suggested in the FreeRADIUS docs: |
18 | 1 | Luke Murphey | |
19 | 1 | Luke Murphey | <pre> |
20 | 1 | Luke Murphey | bob Cleartext-Password := "hello" |
21 | 1 | Luke Murphey | Reply-Message := "Hello, %{User-Name}" |
22 | 4 | Luke Murphey | </pre> |
23 | 4 | Luke Murphey | |
24 | 4 | Luke Murphey | h2. Setup server secret |
25 | 4 | Luke Murphey | |
26 | 4 | Luke Murphey | Modify the clients.conf config file (raddb/clients.conf) to set the secret. The actual path varies. On a Mac with FreeRADIUS 3.0.12, the file is at /usr/local/Cellar/freeradius-server/3.0.12/etc/raddb/clients.conf. |
27 | 4 | Luke Murphey | |
28 | 4 | Luke Murphey | <pre> |
29 | 4 | Luke Murphey | client localhost { |
30 | 4 | Luke Murphey | proto = * |
31 | 4 | Luke Murphey | ipaddr = 127.0.0.1 |
32 | 4 | Luke Murphey | secret = testing123 |
33 | 4 | Luke Murphey | require_message_authenticator = no |
34 | 4 | Luke Murphey | nas_type = other |
35 | 4 | Luke Murphey | } |
36 | 1 | Luke Murphey | </pre> |
37 | 1 | Luke Murphey | |
38 | 1 | Luke Murphey | h2. Test your RADIUS server with radtest |
39 | 1 | Luke Murphey | |
40 | 2 | Luke Murphey | Start FreeRADIUS in debugging mode: |
41 | 1 | Luke Murphey | |
42 | 1 | Luke Murphey | <pre> |
43 | 1 | Luke Murphey | radiusd -X |
44 | 1 | Luke Murphey | </pre> |
45 | 1 | Luke Murphey | |
46 | 1 | Luke Murphey | Next, run radtest against the server: |
47 | 1 | Luke Murphey | |
48 | 1 | Luke Murphey | <pre> |
49 | 1 | Luke Murphey | radtest bob hello localhost 0 testing123 |
50 | 1 | Luke Murphey | </pre> |
51 | 1 | Luke Murphey | |
52 | 1 | Luke Murphey | If successful, you should see a message ending with: |
53 | 1 | Luke Murphey | |
54 | 1 | Luke Murphey | <pre> |
55 | 1 | Luke Murphey | Received Access-Accept Id 238 from 127.0.0.1:1812 to 0.0.0.0:0 length 32 |
56 | 1 | Luke Murphey | Reply-Message = "Hello, bob" |
57 | 1 | Luke Murphey | </pre> |
58 | 1 | Luke Murphey | |
59 | 3 | Luke Murphey | h2. Setup FreeRADIUS to specify Splunk roles |
60 | 2 | Luke Murphey | |
61 | 2 | Luke Murphey | h3. Install the vendor specific dictionary for Splunk |
62 | 2 | Luke Murphey | |
63 | 3 | Luke Murphey | Install the Splunk vendor specific dictionary. The dictionary should look something like this: |
64 | 1 | Luke Murphey | |
65 | 2 | Luke Murphey | <pre> |
66 | 3 | Luke Murphey | VENDOR Splunk 27389 |
67 | 2 | Luke Murphey | BEGIN-VENDOR Splunk |
68 | 2 | Luke Murphey | ATTRIBUTE Splunk-Roles 1 string |
69 | 1 | Luke Murphey | END-VENDOR Splunk |
70 | 2 | Luke Murphey | </pre> |
71 | 2 | Luke Murphey | |
72 | 3 | Luke Murphey | This file should be saved to something like "splunk.dictionary" (or see the attached file). This should be included to the main dictionary file: |
73 | 2 | Luke Murphey | |
74 | 2 | Luke Murphey | <pre> |
75 | 2 | Luke Murphey | $INCLUDE /usr/local/Cellar/freeradius-server/3.0.12/etc/raddb/splunk.dictionary |
76 | 2 | Luke Murphey | </pre> |
77 | 2 | Luke Murphey | |
78 | 2 | Luke Murphey | h3. Modify user account to set roles |
79 | 2 | Luke Murphey | |
80 | 2 | Luke Murphey | Modify the users file to return the roles: |
81 | 2 | Luke Murphey | |
82 | 2 | Luke Murphey | <pre> |
83 | 2 | Luke Murphey | bob Cleartext-Password := "hello" |
84 | 2 | Luke Murphey | Reply-Message := "Hello, %{User-Name}", |
85 | 2 | Luke Murphey | Splunk-Roles = "can_delete,admin" |
86 | 2 | Luke Murphey | </pre> |
87 | 2 | Luke Murphey | |
88 | 2 | Luke Murphey | Next, run radtest against the server: |
89 | 2 | Luke Murphey | |
90 | 2 | Luke Murphey | <pre> |
91 | 2 | Luke Murphey | radtest bob hello localhost 0 testing123 |
92 | 2 | Luke Murphey | </pre> |
93 | 2 | Luke Murphey | |
94 | 2 | Luke Murphey | If successful, you should see a message with the roles: |
95 | 2 | Luke Murphey | |
96 | 2 | Luke Murphey | <pre> |
97 | 2 | Luke Murphey | Received Access-Accept Id 16 from 127.0.0.1:1812 to 0.0.0.0:0 length 56 |
98 | 2 | Luke Murphey | Reply-Message = "Hello, bob" |
99 | 2 | Luke Murphey | Splunk-Roles = "can_delete,admin" |
100 | 2 | Luke Murphey | </pre> |
101 | 2 | Luke Murphey | |
102 | 1 | Luke Murphey | h2. Setup Splunk |
103 | 1 | Luke Murphey | |
104 | 1 | Luke Murphey | Install Splunk and the RADIUS authentication app. |
105 | 2 | Luke Murphey | |
106 | 2 | Luke Murphey | To run the tests with the given configuration, use the following local.build.properties file: |
107 | 2 | Luke Murphey | |
108 | 2 | Luke Murphey | <pre> |
109 | 2 | Luke Murphey | value.test.radius.server=127.0.0.1 |
110 | 2 | Luke Murphey | value.test.radius.secret=testing123 |
111 | 2 | Luke Murphey | value.test.radius.username=bob |
112 | 2 | Luke Murphey | value.test.radius.password=hello |
113 | 2 | Luke Murphey | value.test.radius.identifier=unit_test |
114 | 2 | Luke Murphey | value.test.radius.vendor_code=27389 |
115 | 2 | Luke Murphey | value.test.radius.roles_attribute_id=1 |
116 | 2 | Luke Murphey | </pre> |