Steel-Belted Radius: Difference between revisions

From vwiki
Jump to navigation Jump to search
m (Added section's)
m (→‎RADIUS Return Attributes: Added table of attributes)
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
== Server Set-up ==
== Server Set-up ==
 
=== Time Synchronisation ===
Host server's NTP config in the registry hive <code>HKLM\SYSTEM\CurrentControlSet\Services\W32Time</code> needs to be updated as follows to enable the server's system clock to update via NTP.  Restart the NTP service to apply.
In order for replication to be successful between primary and backup Radius servers, their system clocks need to be roughly in sync (max 10mins disparity).
The host server's NTP config in the registry hive <code>HKLM\SYSTEM\CurrentControlSet\Services\W32Time</code> needs to be updated as follows to enable the server's system clock to update via NTP.  Restart the NTP service to apply.


{|cellpadding="4" cellspacing="0" border="1"
{|cellpadding="4" cellspacing="0" border="1"
Line 30: Line 32:
== RADIUS Return Attributes ==
== RADIUS Return Attributes ==


{|cellpadding="4" cellspacing="0" border="1"
|- style="background-color:#bbddff;"
! Attribute                !! Value                || Description / Notes
|-
| Service-Type            || Framed                ||
|-
| Framed-Protocol          || PPP                  ||
|-
| Framed-IP-Netmask        || 255.255.255.255      ||
|-
| Framed-IP-Address        || 123.123.123.123      || Unique for each client
|-
| MS-CHAP-MPPE-Keys        || <none>                ||
|-
| MS-CHAP-MPPE-Types      || 128-Bit              ||
|-
| MS-MPPE-Recv-Key        || <none>                || Windows 7
|-
| MS-MPPE-Send-Key        || <none>                || Windows 7
|-
|}


== Support Notes ==
== Support Notes ==


=== Replication ===
=== Replication ===

Latest revision as of 10:08, 12 January 2010

Server Set-up

Time Synchronisation

In order for replication to be successful between primary and backup Radius servers, their system clocks need to be roughly in sync (max 10mins disparity).

The host server's NTP config in the registry hive HKLM\SYSTEM\CurrentControlSet\Services\W32Time needs to be updated as follows to enable the server's system clock to update via NTP. Restart the NTP service to apply.

Key Name Value (notes)
Parameters Type NTP
Config AnnounceFlags 5
TimeProviders\NtpServer Enabled 1
Parameters NtpServer 192.168.206.25,0x1 192.168.206.26,0x1 192.168.206.27,0x1 192.168.206.28,0x1
TimeProviders\NtpClient SpecialPollInterval 1800 (ie 1800 secs = 30mins)
Config MaxAllowedPhaseOffset 30 (if clock if off by more, its' abruptly set rather than incremented)
Config MaxPosPhaseCorrection 5400
Config MaxNegPhaseCorrection 5400


Router Set-up

RADIUS Return Attributes

Attribute Value Description / Notes
Service-Type Framed
Framed-Protocol PPP
Framed-IP-Netmask 255.255.255.255
Framed-IP-Address 123.123.123.123 Unique for each client
MS-CHAP-MPPE-Keys <none>
MS-CHAP-MPPE-Types 128-Bit
MS-MPPE-Recv-Key <none> Windows 7
MS-MPPE-Send-Key <none> Windows 7

Support Notes

Replication