All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Auth question

dprince
New Member
‎05-11-2012 01:48 PM

Does this give every valid RADIUS user access to the Splunk server and at what level?

We use Cisco ACS for TACACS and RADIUS service and we have all kinds of options on the ACS server for RADIUS attributes. Does the RADIUS authentication app pay any attention to that?

Tags (1)
0 Karma
Reply

enno
Explorer
‎11-29-2017 01:47 PM

For the most part yes. You could do something special in your radius server to return Access-Denied status for some user/host combination if your server supports policy like that. In our case we defined a new Splunk role called 'nologin' which we can assign to radisu accounts the same way as any other Splunk role. Then we modified the Radius app to check for this role and deny access to any user that has it. (The idea was this would be an analogue of the .nologin file in the home directory behaviour of the UNIX/Linux login process.)

It's a three or four line hack in Splunk Radius app. Happy to share if there's any interest.

E.

0 Karma
Reply

LukeMurphey
Champion
‎09-01-2012 02:20 AM

As of version 1.1, the setup screen allows users to specify which RADIUS attribute the app ought to use to load the user roles from (a comma or colon separated list). You can also specify the default roles that ought to be used if the RADIUS server doesn't specify them.

0 Karma
Reply

LukeMurphey
Champion
‎05-14-2012 11:38 PM

By default, successfully authenticated users are assigned the "user" role. However, this can be overridden by creating a vendor specific attribute with a name of "Vendor Specific" with a vendor code of "RADIUS standard" containing a string. Set the string to a colon separated list of roles (like "admin:can_delete"). The app should begin picking this up and assigning roles accordingly.

This was previously undocumented so I created a page detailing how to do this with IAS here: http://lukemurphey.net/projects/splunk-radius-auth/wiki/Configuring_Roles.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Boston may be buzzing this September with Splunk University and .conf25, but you don’t have to pack a bag to ...

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Unlock What’s Next: The Splunk Cloud Platform at .conf25

In just a few days, Boston will be buzzing as the Splunk team and thousands of community members come together ...