All Apps and Add-ons

Auth question

dprince
New Member

Does this give every valid RADIUS user access to the Splunk server and at what level?

We use Cisco ACS for TACACS and RADIUS service and we have all kinds of options on the ACS server for RADIUS attributes. Does the RADIUS authentication app pay any attention to that?

Tags (1)
0 Karma

enno
Explorer

For the most part yes. You could do something special in your radius server to return Access-Denied status for some user/host combination if your server supports policy like that. In our case we defined a new Splunk role called 'nologin' which we can assign to radisu accounts the same way as any other Splunk role. Then we modified the Radius app to check for this role and deny access to any user that has it. (The idea was this would be an analogue of the .nologin file in the home directory behaviour of the UNIX/Linux login process.)

It's a three or four line hack in Splunk Radius app. Happy to share if there's any interest.

E.

0 Karma

LukeMurphey
Champion

As of version 1.1, the setup screen allows users to specify which RADIUS attribute the app ought to use to load the user roles from (a comma or colon separated list). You can also specify the default roles that ought to be used if the RADIUS server doesn't specify them.

0 Karma

LukeMurphey
Champion

By default, successfully authenticated users are assigned the "user" role. However, this can be overridden by creating a vendor specific attribute with a name of "Vendor Specific" with a vendor code of "RADIUS standard" containing a string. Set the string to a colon separated list of roles (like "admin:can_delete"). The app should begin picking this up and assigning roles accordingly.

This was previously undocumented so I created a page detailing how to do this with IAS here: http://lukemurphey.net/projects/splunk-radius-auth/wiki/Configuring_Roles.

0 Karma
Get Updates on the Splunk Community!

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability As businesses scale ...