[RADIATOR] TACACS Authentication Expired
hvn at open.com.au
Fri Sep 14 15:26:01 CDT 2012
On 09/14/2012 11:58 AM, Remco van Noorloos wrote:
> The thing I’d like to change is the ‘authorization expired’ messages.
> Authorization works correctly until a logged in user has been idle for
> some time. Radiator logs shows a ‘no context found’ message in this
> case, so it seems that Radiator already flushed the authentication
> cache. I’ve tried to set the ‘idle-time’ and ‘timeout’ values, but this
> doesn’t seem to change a thing. Please note that when this message
> appears Radiator hasn’t been restarted.
You should be able to control expiration time with AuthorizationTimeout.
If it does not work and you get 'no context' message, check that the
TACACS+ connections are coming from the same client interface. If they
are not, see if you can fix the source interface. With cisco you can do
something like 'ip tacacas source-interface ...'. A loopback interface
might be a good choice here.
If the client IP changes and there's a new TCP connection for each
request this can lead to the above problems.
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
More information about the radiator