Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk Auth with Radius and Vendor-Specific attribute for role-mapping

sdwilkerson
Contributor
‎04-13-2010 08:54 PM

Does anyone have experience or code they can share configuring Splunk to authenticate via radiusScripted to Radius but leverage the "Vendor-Specific Attribute" (VSA) field allowing radius to return a "Vendor ID" (VID) and "Vendor Data" to have Splunk identify the user's group without a userMapping pre-seed file?

Some info on VSA from Cisco

Splunk's VID according to iana
27389
Splunk, Inc.
Carl Jackson
carl&splunk.com

TIA, Sean

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

LukeMurphey
Champion
‎03-01-2013 12:21 PM

There is an app on Splunk-base which will allow authentication via RADIUS and incorporation of roles from the server. See radius-authentication.

The setup screen will allow you to select the vendor-specific attribute that contains the user roles. You can also map the roles using a lookup file if you want to override the server provided roles.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

LukeMurphey
Champion
‎03-01-2013 12:21 PM

There is an app on Splunk-base which will allow authentication via RADIUS and incorporation of roles from the server. See radius-authentication.

The setup screen will allow you to select the vendor-specific attribute that contains the user roles. You can also map the roles using a lookup file if you want to override the server provided roles.

0 Karma
Reply
Solved! Jump to solution

sdwilkerson
Contributor
‎03-04-2013 06:15 PM

LukeMurphey
Thanks! I wrote a ScriptedInput where I did all of this a few years ago and have used it twice since then, but what you referenced is much easier to implement and for the customer to manage. Thanks for pointing it out.

0 Karma
Reply
Solved! Jump to solution

sdwilkerson
Contributor
‎04-20-2010 05:10 AM

Josh,
It has two parts:
1. Use extended attributes in radius to return "more" to the requesting radius client. In this case, return fields that can be used to signify role such as "Splunk-Role = 'power'"
2. Modify the radiusScripted.py to accomodate the additional info returned from radius.
Sean

0 Karma
Reply
Solved! Jump to solution

jrodman
Splunk Employee
Splunk Employee
‎04-16-2010 11:55 PM

Is this a matter of having the radius request provide more data, or a matter of having the radius response handler make decisions on more data, or something else?

0 Karma
Reply
Get Updates on the Splunk Community!

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

Agent Saturation What and Whys In application performance monitoring, saturation is defined as the total load ...