- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Tryign to Setup RADIUS Authentication
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I was not able to do a succesful test but I decided to save the configurations anyways.
I am seeing the following in the logs:
08-22-2013 16:16:32.299 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/etc/apps/radius_auth/bin/radius_auth.py': Traceback (most recent call last):
08-22-2013 16:16:32.299 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/etc/apps/radius_auth/bin/radius_auth.py': File "/opt/splunk/etc/apps/radius_auth/bin/radius_auth.py", line 1333, in <module>
08-22-2013 16:16:32.299 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/etc/apps/radius_auth/bin/radius_auth.py': getUserInfo( args )
08-22-2013 16:16:32.299 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/etc/apps/radius_auth/bin/radius_auth.py': File "/opt/splunk/etc/apps/radius_auth/bin/radius_auth.py", line 1284, in getUserInfo
08-22-2013 16:16:32.300 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/etc/apps/radius_auth/bin/radius_auth.py': user = UserInfo.load(username, directory)
08-22-2013 16:16:32.300 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/etc/apps/radius_auth/bin/radius_auth.py': File "/opt/splunk/etc/apps/radius_auth/bin/radius_auth.py", line 578, in load
08-22-2013 16:16:32.300 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/etc/apps/radius_auth/bin/radius_auth.py': return UserInfo.loadFile(path)
08-22-2013 16:16:32.300 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/etc/apps/radius_auth/bin/radius_auth.py': File "/opt/splunk/etc/apps/radius_auth/bin/radius_auth.py", line 539, in loadFile
08-22-2013 16:16:32.300 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/etc/apps/radius_auth/bin/radius_auth.py': fp = open(path)
08-22-2013 16:16:32.300 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/etc/apps/radius_auth/bin/radius_auth.py': IOError: [Errno 2] No such file or directory: '/opt/splunk/etc/apps/radius_auth/local/user_info/a93e8289e00a4606117ae3df95bee69d.json'
Any ideas on what might be going on? Oh, sniffing on the line I can see the Access-Request going out, but it is receiving an Access-Reject. Testing with radclient produces the Access-Request/Access-Accept.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I found the cause of the exception. Basically, the authentication doesn't gracefully handle situations where a request is made a user's info and the app is incapable of finding out the necessary user information (see this bug for details).
I just pushed out a new version with the fix (version 1.3.1).
However, I have a suspicion that the inability to authenticate has nothing to do with this exception (it is otherwise benign). Let me know what you find out after you install the update.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I found the cause of the exception. Basically, the authentication doesn't gracefully handle situations where a request is made a user's info and the app is incapable of finding out the necessary user information (see this bug for details).
I just pushed out a new version with the fix (version 1.3.1).
However, I have a suspicion that the inability to authenticate has nothing to do with this exception (it is otherwise benign). Let me know what you find out after you install the update.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It is working now. My password had expired in the process of troubleshooting.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the quick response. I installed the new version and it looks like the issue from above is gone.
Now I only have INFO messages like the following:
INFO RadiusAuth - function=getUserInfo called, user 'myusername' not found, username=myusername
INFO RadiusAuth - function=getUsers called, '0' users found, users=0
INFO RadiusAuth - function=userLogin called, user 'myusername' authenticated action=fail, username=myusername
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What version of RADIUS auth are you using?
Detecting Remote Code Executions With the Splunk Threat Research Team
Observability | Use Synthetic Monitoring for Website Metadata Verification
More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk
