All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Auth question

dprince
New Member
‎05-11-2012 01:48 PM

Does this give every valid RADIUS user access to the Splunk server and at what level?

We use Cisco ACS for TACACS and RADIUS service and we have all kinds of options on the ACS server for RADIUS attributes. Does the RADIUS authentication app pay any attention to that?

Tags (1)
0 Karma
Reply

enno
Explorer
‎11-29-2017 01:47 PM

For the most part yes. You could do something special in your radius server to return Access-Denied status for some user/host combination if your server supports policy like that. In our case we defined a new Splunk role called 'nologin' which we can assign to radisu accounts the same way as any other Splunk role. Then we modified the Radius app to check for this role and deny access to any user that has it. (The idea was this would be an analogue of the .nologin file in the home directory behaviour of the UNIX/Linux login process.)

It's a three or four line hack in Splunk Radius app. Happy to share if there's any interest.

E.

0 Karma
Reply

LukeMurphey
Champion
‎09-01-2012 02:20 AM

As of version 1.1, the setup screen allows users to specify which RADIUS attribute the app ought to use to load the user roles from (a comma or colon separated list). You can also specify the default roles that ought to be used if the RADIUS server doesn't specify them.

0 Karma
Reply

LukeMurphey
Champion
‎05-14-2012 11:38 PM

By default, successfully authenticated users are assigned the "user" role. However, this can be overridden by creating a vendor specific attribute with a name of "Vendor Specific" with a vendor code of "RADIUS standard" containing a string. Set the string to a colon separated list of roles (like "admin:can_delete"). The app should begin picking this up and assigning roles accordingly.

This was previously undocumented so I created a page detailing how to do this with IAS here: http://lukemurphey.net/projects/splunk-radius-auth/wiki/Configuring_Roles.

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...