Steel-Belted Radius
Jump to navigation
Jump to search
Server Set-up
Time Synchronisation
In order for replication to be successful between primary and backup Radius servers, their system clocks need to be roughly in sync (max 10mins disparity).
The host server's NTP config in the registry hive HKLM\SYSTEM\CurrentControlSet\Services\W32Time needs to be updated as follows to enable the server's system clock to update via NTP. Restart the NTP service to apply.
| Key | Name | Value (notes) |
|---|---|---|
| Parameters | Type | NTP |
| Config | AnnounceFlags | 5 |
| TimeProviders\NtpServer | Enabled | 1 |
| Parameters | NtpServer | 192.168.206.25,0x1 192.168.206.26,0x1 192.168.206.27,0x1 192.168.206.28,0x1 |
| TimeProviders\NtpClient | SpecialPollInterval | 1800 (ie 1800 secs = 30mins) |
| Config | MaxAllowedPhaseOffset | 30 (if clock if off by more, its' abruptly set rather than incremented) |
| Config | MaxPosPhaseCorrection | 5400 |
| Config | MaxNegPhaseCorrection | 5400 |
Router Set-up
RADIUS Return Attributes
| Attribute | Value | Description / Notes |
|---|---|---|
| Service-Type | Framed | |
| Framed-Protocol | PPP | |
| Framed-IP-Netmask | 255.255.255.255 | |
| Framed-IP-Address | 123.123.123.123 | Unique for each client |
| MS-CHAP-MPPE-Keys | <none> | |
| MS-CHAP-MPPE-Types | 128-Bit | |
| MS-MPPE-Recv-Key | <none> | Windows 7 |
| MS-MPPE-Send-Key | <none> | Windows 7 |