Refine your search:

RADIUS Authentication

2 ratings

Thanks For Downloading!

Review the documentation below and follow any custom installation steps. If no install steps are listed, most Splunk Apps and Add-ons can be installed as follows:

Windows: Decompress the downloaded file using a tool like 7-Zip and place the resulting folder into %PROGRAMFILES%\Splunk\etc\apps. Then restart Splunk using the splunk restart command or the GUI.

Unix/Linux: Decompress the downloaded file using a tool like tar -xvf and place the resulting folder into $SPLUNK_HOME/etc/apps. Then restart Splunk using the splunk restart command or the GUI.

Description

Provides a mechanism for enabling Splunk to authenticate users via a RADIUS server. This app includes a setup page in order to make it easy to configure.

Features:

  • Backup server support: can use a secondary RADIUS server if the primary fails
  • RADIUS-based role assignment: user roles defined on the RADIUS server can be assigned to Splunk users
  • Default role assignment: a default set of roles can be defined or users with no roles defined on the RADIUS server
  • Optional lookup-based role assignment: roles can be defined in a lookup file in order to allow overriding the roles provided by the RADIUS server

More Information:

Versions and Release Notes

Version 1.3.0 (current version - updated Nov 20, 2012)
release notes:

* Added ability to set user roles in a lookup file
* Improved handling of invalid user info files

show older versions »
Version 1.2.0 (updated Oct 10, 2012)
release notes:

* Now supports a backup server that is used if the primary fails (can be added in the setup screen)
* Minor bug fixes

Version 1.0 (updated Oct 10, 2012)
Version 1.1.1 (updated Aug 27, 2012)
release notes:

* The setup screen now allows users to test an account without entering the secret if it is already defined
* Minor bug fixes

Version 1.1 (updated Aug 13, 2012)
release notes:

Release notes:
* Added debug logging of the list of fields provided by the RADIUS server
* Added ability to specify the RADIUS attribute for finding the roles list
* Added ability to define default roles
* Setup now sets the cache timing in order to prevent cases where it may not be set correctly

Version 1.0.1 (updated Jul 30, 2012)
release notes:

Fixed issue where the setup page did not deploy the authentication script correctly

posted 01 May '12, 19:35

LukeMurphey's gravatar image

LukeMurphey
1.3k211
accept rate: 38%

new version 20 Nov '12, 14:52

One Review:
1 review, 2 ratings, average 4.5
oldestnewest

This was easy to install and configure. The only gotcha I ran into was missing the line in the documentation that states that if you have a local account in Splunk, you will authenticate against the local account and not the RADIUS account. A second reading of item #4 cleared up that bit of confusion.

But it would be nice to be able to have a local account that will authenticate against RADIUS, specifically so that the various RADIUS users can have their unique Default App defined.

This is an addendum to my review as a caveat: Because my Local Splunk Username is the same as the username in RADIUS, I created a myusername_local account and deleted myusername local account. The old myusername local account owns a significant number of apps, searches, etc. All my nightly scheduled searches ran, but my real-time searches that are owned my myusername local account for alerts are failing with:

-- Search generated the following messages -- Message Level: FATAL 1. Error in 'search' command: You do not have permission to spawn real-time searches.

comments (1)

reviewed 06 Nov '12, 11:30

RNB's gravatar image

RNB
647
accept rate: 0%

edited 07 Nov '12, 09:59

BTW: I have submitted an enhancement request to the engineering team to allow overriding of role assignments to user accounts. This way, you could modify the RADIUS authenticated accounts in the Manager user interface if you did not want to use the roles provided by RADIUS.

In the meantime, I'm planning on implementing a stop-gap solution that would allow you to override the roles using a lookup file that maps usernames to roles.

(18 Nov '12, 23:21) LukeMurphey
Your review

Did you find this app useful?

Preview toggle preview

Price: Free
Author: LukeMurphey
Version: 1.3.0
Splunk compatibility: 5.x, 4.3, 4.2
Updated:
License: Creative Commons BY 3.0

This app is not covered by any support agreements in place with Splunk. If you have questions about the installation or operation of this app, please contact the author.

Follow this app

Log In to enable email subscriptions

RSS:

Reviews

Reviews + Comments

Ask a Question
Copyright © 2005-2012 Splunk Inc. All rights reserved.