Hugh,
Can you let me know where I can put Session-Timeout attribute in my radius.cfg
file?
Thank you
Dennis Qiu
Information Systems
Davis Polk & Wardwell LLP
450 Lexington Avenue
New York, NY 10017
212 450 5651 tel
dennis....@davispolk.com
________________________________________________________________________________
Confidentiality Note: This email is intended only for the person or entity to
which it is addressed and may contain information that is privileged,
confidential or otherwise protected from disclosure. Unauthorized use,
dissemination, distribution or copying of this email or the information herein
or taking any action in reliance on the contents of this email or the
information herein, by anyone other than the intended recipient, or an employee
or agent responsible for delivering the message to the intended recipient, is
strictly prohibited. If you have received this email in error, please notify
the sender immediately and destroy the original message, any attachments
thereto and all copies. Please refer to the firm's privacy policy located at
www.davispolk.com for important information on this policy.
-----Original Message-----
From: Qiu, Dennis
Sent: Tuesday, May 06, 2014 9:15 PM
To: 'Hugh Irvine'
Cc: radiator@open.com.au
Subject: RE: [RADIATOR] How to increase session time
Hugh,
I only see sessiontime in my HTTP session. That session is not used by network
device.
I do not see such attribute as "Session-Timeout". Do I need to add this
attribute into radius.cfg file? If I need to add, where I should add.
Following is my radius.cfg. Can you advise?
Thank you
#######################################################################################
# windows.cfg
#
# Example Radiator configuration file.
# This very simple file will allow you to get started with # a simple system on
Windows. You can then add and change features.
# We suggest you start simple, prove to yourself that it # works and then
develop a more complicated configuration.
#
# This example is expected to be installed in
# c:\Program Files\Radiator\radius.cfg
# It will authenticate from a standard users file in
# c:\Program Files\Radiator\users
# it will log debug and other messages to
# c:\Program Files\Radiator\logfile
# and log accounting to a file in
# c:\Program Files\Radiator\detail
# (of course you can change all these by editing this config file if you wish)
# # It will accept requests from any client and try to handle requests # for
any realm.
# And it will print out what its doing in great detail to the log file.
#
# See radius.cfg for more complete examples of features and # syntax, and refer
to the reference manual for a complete description # of all the features and
syntax.
#
# You should consider this file to be a starting point only # $Id:
windows.cfg,v 1.1 2003/03/27 09:41:28 mikem Exp $
AcctPort 1646,1813
AuthPort 1645,1812
BindAddress 144.211.2.97
#BindAddress 0.0.0.0
DbDir c:/Program Files/Radiator
DictionaryFile %D/dictionary
Foreground 1
LogDir c:/Program Files/Radiator/Logs
#LogFile logfile
LogStdout 1
MaxChildren 0
PidFile %L/radiusd.pid
PmwhoProg /usr/local/sbin/pmwho
SnmpNASErrorTimeout 60
SnmpgetProg /usr/bin/snmpget
SnmpsetProg /usr/bin/snmpset
SnmpwalkProg /usr/bin/snmpwalk
Trace 4
<Client DEFAULT>
DupInterval 0
FramedGroupMaxPortsPerClassC 255
LivingstonHole 2
LivingstonOffs 29
NasType unknown
SNMPCommunity 450dpw$
Secret mysecret
</Client>
<Handler NAS-Identifier=TACACS>
AuthByPolicy ContinueWhileIgnore
<AuthBy GROUP>
AuthByPolicy ContinueUntilAccept
CachePasswordExpiry 86400
EAPAnonymous anonymous
EAPContextTimeout 1000
EAPFAST_PAC_Lifetime 7776000
EAPFAST_PAC_Reprovision 2592000
EAPTLS_MaxFragmentSize 2048
EAPTLS_PEAPVersion 0
EAPTLS_SessionResumption 1
EAPTLS_SessionResumptionLimit 43200
EAPTLS_VerifyDepth 1
Identifier GetUser
PasswordPrompt password
SIPDigestRealm DefaultSipRealm
<AuthBy LSA>
AddToReply tacacsgroup = netadmin
CachePasswordExpiry 86400
Domain ad.dpw.com
DomainController server1
EAPAnonymous anonymous
EAPContextTimeout 1000
EAPFAST_PAC_Lifetime 7776000
EAPFAST_PAC_Reprovision 2592000
EAPTLS_MaxFragmentSize 2048
EAPTLS_PEAPVersion 0
EAPTLS_SessionResumption 1
EAPTLS_SessionResumptionLimit 43200
EAPTLS_VerifyDepth 1
EAPType MSCHAP-V2
Group networking_staff
NoDefault 1
Origin Radiator
PasswordPrompt password
ProcessName IAS
SIPDigestRealm DefaultSipRealm
Source Radiator
UsernameMatchesWithoutRealm 1
Workstation
</AuthBy>
<AuthBy LSA>
AddToReply tacacsgroup = users
CachePasswordExpiry 86400
Domain ad.dpw.com
DomainController dcny003
EAPAnonymous anonymous
EAPContextTimeout 1000
EAPFAST_PAC_Lifetime 7776000
EAPFAST_PAC_Reprovision 2592000
EAPTLS_MaxFragmentSize 2048
EAPTLS_PEAPVersion 0
EAPTLS_SessionResumption 1
EAPTLS_SessionResumptionLimit 43200
EAPTLS_VerifyDepth 1
EAPType MSCHAP-V2
Group networking_guest
NoDefault 1
Origin Radiator
PasswordPrompt password
ProcessName IAS
SIPDigestRealm DefaultSipRealm
Source Radiator
UsernameMatchesWithoutRealm 1
Workstation
</AuthBy>
</AuthBy>
</Handler>
<ServerHTTP >
AuditTrail %D/audit.txt
AuthByPolicy ContinueWhileIgnore
BindAddress 144.211.2.97
DefaultPrivilegeLevel 15
LogMaxLines 500
MaxBufferSize 10000000
Password xxxxxxxxxx
Port 9048
Protocol tcp
SessionTimeout 3600
TLS_ExpectedPeerName .+
Trace 3
Username administrator
<AuthLog FILE>
FailureFormat %l:%U:%P:FAIL
Filename %L/weblog
LogFailure 1
LogSuccess 0
SuccessFormat %l:%U:%P:OK
</AuthLog>
</ServerHTTP>
<Realm DEFAULT>
PreProcessingHook file:"c:\program files\radiator\createavpairs.pl"
#<AuthBy INTERNAL>
# DefaultResult REJECT
# AcctResult ACCEPT
#</AuthBy>
# AcctLogFileName accounting-log
AcctLogFileName %L/%d%m%Ylogfile
AcctLogFileFormat %l:%{User-Name}:%{cisco-cmd}
#AddToRequest Request-Type=Accounting-Request
#AcctLogFileName %D/acct.log
AuthByPolicy ContinueWhileIgnore
AuthBy GetUser
<AuthBy FILE>
CachePasswordExpiry 86400
EAPAnonymous anonymous
EAPContextTimeout 1000
EAPFAST_PAC_Lifetime 7776000
EAPFAST_PAC_Reprovision 2592000
EAPTLS_MaxFragmentSize 2048
EAPTLS_PEAPVersion 0
EAPTLS_SessionResumption 1
EAPTLS_SessionResumptionLimit 43200
EAPTLS_VerifyDepth 1
Filename %D/users
PasswordPrompt password
SIPDigestRealm DefaultSipRealm
</AuthBy>
</Realm>
<ServerTACACSPLUS >
AddToRequest NAS-Identifier=TACACS
AuthorizationTimeout 1200
AuthorizeGroup netadmin permit service=shell cmd\* {priv-lvl=15}
AuthorizeGroup netadmin permit .*
AuthorizeGroup users permit service=shell cmd\* {priv-lvl=1}
AuthorizeGroup users permit .*
AuthorizeGroup guest permit service=shell cmd\* {priv-lvl=0}
AuthorizeGroup DEFAULT deny .*
BindAddress 144.211.2.97
GroupCacheFile %L/radiator-tacacs-usergroup.cache
GroupMemberAttr tacacsgroup
IdleTimeout 1200
MaxBufferSize 100000
PasswordPrompt Password:
Port 49
SingleSession 1
UsernamePrompt Username:
<Log FILE>
Filename %L/tacacs.log
Trace 4
</Log>
</ServerTACACSPLUS>
Dennis Qiu
Information Systems
Davis Polk & Wardwell LLP
450 Lexington Avenue
New York, NY 10017
212 450 5651 tel
dennis....@davispolk.com
________________________________________________________________________________
Confidentiality Note: This email is intended only for the person or entity to
which it is addressed and may contain information that is privileged,
confidential or otherwise protected from disclosure. Unauthorized use,
dissemination, distribution or copying of this email or the information herein
or taking any action in reliance on the contents of this email or the
information herein, by anyone other than the intended recipient, or an employee
or agent responsible for delivering the message to the intended recipient, is
strictly prohibited. If you have received this email in error, please notify
the sender immediately and destroy the original message, any attachments
thereto and all copies. Please refer to the firm's privacy policy located at
www.davispolk.com for important information on this policy.
-----Original Message-----
From: Hugh Irvine [mailto:h...@open.com.au]
Sent: Tuesday, May 06, 2014 9:05 PM
To: Qiu, Dennis
Cc: radiator@open.com.au
Subject: Re: [RADIATOR] How to increase session time
Hello Dennis -
The attribute you want is "Session-Timeout", although you will need to do some
testing to verify that your network devices support it.
regards
Hugh
On 7 May 2014, at 08:02, Qiu, Dennis <dennis....@davispolk.com> wrote:
> Support,
>
> Our networking devices use Radiator for authentication. Many times, guys are
> working on the network devices and they are prompted to authenticate again.
> It becomes very annoying.
>
> I am wondering what is the value of variables I can adjust to increase the
> session time.
>
> Thank you
>
> Dennis Qiu
> Information Systems
> Davis Polk & Wardwell LLP
> 450 Lexington Avenue
> New York, NY 10017
> 212 450 5651 tel
> dennis....@davispolk.com
> <image001.jpg>
> Confidentiality Note: This email is intended only for the person or entity to
> which it is addressed and may contain information that is privileged,
> confidential or otherwise protected from disclosure. Unauthorized use,
> dissemination, distribution or copying of this email or the information
> herein or taking any action in reliance on the contents of this email or the
> information herein, by anyone other than the intended recipient, or an
> employee or agent responsible for delivering the message to the intended
> recipient, is strictly prohibited. If you have received this email in error,
> please notify the sender immediately and destroy the original message, any
> attachments thereto and all copies. Please refer to the firm's privacy policy
> located at www.davispolk.com for important information on this policy.
>
>
> _______________________________________________
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
--
Hugh Irvine
h...@open.com.au
Radiator: the most portable, flexible and configurable RADIUS server anywhere.
SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside,
TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX,
RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc.
Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
