05.01.2012 03:06:34
kim.dobranski
Posts: 23
|
Question #1
When I set up a radius client the NAS requires an IP address. I am assuming this is the IP address of the device that will request authentication. The problem is many of my devices are wireless routers and if the router reboots sometimes they obtain a new DHCP ip address. What happens now? Do i have to change the NAS IP for the Radius Client?
I have been using the "Default" radiius client for now, but when I try to kill a session the status bar reads "Unknown Radius Client"
Question #2
How can I set up a session timeout limit? I can set up a Time-Limit but it seem to apply to all sessions for a user. I have a generic user for a number of different people and I want thier session to time out after so many minutes of inactivity.
I also need the session to timeout after a set number of minutes regardless of activity.
As an example;
I need a session to disconnect after 10 minutes of no activity, but also disconnect after 24 hours regardless of activity.
Thanks,
Kim
|
|
|
0
• permalink
|
05.01.2012 12:02:35
Admin
Administrator
Posts: 1833
|
Hi,
A #1 I've fixed the problem. Please download and test the latest built which I've posted to TekRADIUS
web site a couple of minutes ago.
A #2 You should use standard RADIUS attribute Session-Timeout. Please see vendor documentation for Idle-Timeout.
Best regards,
Yasin KAPLAN
|
|
|
0
• permalink
|
12.01.2012 13:21:55
samycorps
Posts: 4
|
Hi Admin,
I am a newbie to Radius Servers generally, I have successfully downloaded, installed and configured TekRadius. I have set up users in the default group. I would like to use it for OTP authentication. I have a mobile application already designed to generated OTP (6 digits). I would like to know how I can use the TekRadius to validate the 6 digit pins using the user's details : username, password and secret key. I would appreciate all the help I can get. Thanks
|
|
|
0
• permalink
|
12.01.2012 15:41:56
Admin
Administrator
Posts: 1833
|
Hi,
You should use TekRADIUS's External-Executable attribute. Please see TekRADIUS Manual for details.
Best regards,
Yasin KAPLAN
|
|
|
0
• permalink
|
13.01.2012 12:36:02
samycorps
Posts: 4
|
Hi Admin,
Thanks a lot I got your response and applied it just as you advised and I was able to only test the multiotp separately outside of TekRadius. I need to write a sample client (PHP) that can connect to the TekRadius via socket to test my configuration. I have written a sample PHP Client which tries to connect to the TekRadius on IP: 127.0.0.1, and Port: 1812 as specified on the configuration of my Server. The problem seems to be that I can't establish connection to that service parameters mentioned above even when I try a TELNET to the IP and Port, I also tried running NETSTAT to see if the Port is LISTENING but its not been listed as an OPEN PORT. Is there something am missing and how can I get my sample PHP script to use this service parameter to validate my OTP with the External-Executable already pointed to my multiotp path.
In addition, how can I pass in parameters to my multiotp.exe via the TekRadius Server? Thanks and I await your response soonest.
Admin wrote:
Hi,
You should use TekRADIUS's External-Executable attribute. Please see TekRADIUS Manual for details.
Best regards,
Yasin KAPLAN
|
|
|
0
• permalink
|
13.01.2012 15:56:04
Admin
Administrator
Posts: 1833
|
You need to deploy a PHP based RADIUS client like Pure PHP radius class. You can download it from;
http://developer.sysco.ch/php/
|
|
|
0
• permalink
|
16.01.2012 11:08:24
samycorps
Posts: 4
|
Hi Admin,
Thank you so much for the help thus far, I have download the PHP Radius Script and it worked well. I was able to validate the User's profile with username and password, however, I need to pass in UserToken parameter to the multiotp.exe External-Executable Attribute; what do you advise I do to make this addition work.
Thanks once again.
Admin wrote:
You need to deploy a PHP based RADIUS client like Pure PHP radius class. You can download it from;
http://developer.sysco.ch/php/
|
|
|
0
• permalink
|
16.01.2012 11:48:26
samycorps
Posts: 4
|
Hello Yasin,
Thanks for the clarification. I have been able to get TekRadius server to work now and I am using the PHP Script as my Radius Client, it works fine but the challenge I have now is I need to pass more parameters to the TekRadius Server for a user who has an External-Executable Attribute "C:\Program Files\multiotp\multiotp.exe" -log -debug %ietf|1% %ietf|208%
Note : %ietf|1% - represents the Username and %ietf|208% represents a new attribute (UserOTP) I added to the Dictionary Editor.
The problem is %ietf|208% must be a dynamic parameter which must be passed every time am validating the user and not static like User-Password, so what can I do, I have gone through the manual but can't see how to pass Dynamic Parameter.
I await your response.
Thanks again
Admin wrote:
You need to deploy a PHP based RADIUS client like Pure PHP radius class. You can download it from;
http://developer.sysco.ch/php/
|
|
|
0
• permalink
|