Project

General

Profile

Troubleshooting » History » Version 1

Luke Murphey, 08/01/2014 04:57 PM

1 1 Luke Murphey
h1. Troubleshooting
2 1 Luke Murphey
3 1 Luke Murphey
h2. User Accounts from the RADIUS Server Cannot Log In
4 1 Luke Murphey
5 1 Luke Murphey
This can be due to a number of issues. View the related logs with the following search to determine why users cannot log in:
6 1 Luke Murphey
7 1 Luke Murphey
<pre>
8 1 Luke Murphey
index=_internal ( (UserManagerPro OR HTTPAuthManager) AND sourcetype="splunkd" ) OR sourcetype="radius_auth*"
9 1 Luke Murphey
</pre>
10 1 Luke Murphey
11 1 Luke Murphey
h2. Roles are Not Being Loaded from the RADIUS Server
12 1 Luke Murphey
13 1 Luke Murphey
Incorrect vendor code or attribute ID is the most common reasons for roles not being loaded from the RADIUS server. Use the following search to view the attributes that are loaded when a user successfully authenticates (note that you will need to successfully login using a RADIUS server user to see the attributes):
14 1 Luke Murphey
15 1 Luke Murphey
<pre>
16 1 Luke Murphey
index=_internal "Received the following fields upon login" sourcetype="radius_auth"
17 1 Luke Murphey
</pre>
18 1 Luke Murphey
19 1 Luke Murphey
h2. Splunk is Still Using the Credentials from my Local Account
20 1 Luke Murphey
21 1 Luke Murphey
Users will be authenticated via RADIUS _unless_ they have a local account. Splunk gives local accounts priority over scripted auth users and therefore will not use RADIUS for accounts where a local account already exists.
22 1 Luke Murphey
23 1 Luke Murphey
h2. Authentication Test on Setup Screen Fails Indicating "Unable to validate credentials against the server ..."
24 1 Luke Murphey
25 1 Luke Murphey
The logs likely provide more details regarding why the authentication attempt failed. You can see the relevant logs by searching for the sourcetype "radius_auth" in the internal index:
26 1 Luke Murphey
27 1 Luke Murphey
    index=_internal sourcetype="radius_auth"
28 1 Luke Murphey
29 1 Luke Murphey
The log message will probably look something like "Exception triggered when attempting to contact the RADIUS server" and should include details regarding why the authentication attempt failed.
30 1 Luke Murphey
31 1 Luke Murphey
h2. The Setup Screen Fails Indicating That The REST Handler Failed (on Splunk 6.0)
32 1 Luke Murphey
33 1 Luke Murphey
This is due to a bug in Splunk which causes it to no longer tell users that the input was invalid. Most likely, something is wrong with the input. Likely problems are: the test user account information could not validate (if provided) or the attribute ID for getting the roles information is incorrect.