Steel-Belted Radius

From vwiki
Jump to navigation Jump to search

Server Set-up

Time Synchronisation

In order for replication to be successful between primary and backup Radius servers, their system clocks need to be roughly in sync (max 10mins disparity).

The host server's NTP config in the registry hive HKLM\SYSTEM\CurrentControlSet\Services\W32Time needs to be updated as follows to enable the server's system clock to update via NTP. Restart the NTP service to apply.

Key Name Value (notes)
Parameters Type NTP
Config AnnounceFlags 5
TimeProviders\NtpServer Enabled 1
Parameters NtpServer 192.168.206.25,0x1 192.168.206.26,0x1 192.168.206.27,0x1 192.168.206.28,0x1
TimeProviders\NtpClient SpecialPollInterval 1800 (ie 1800 secs = 30mins)
Config MaxAllowedPhaseOffset 30 (if clock if off by more, its' abruptly set rather than incremented)
Config MaxPosPhaseCorrection 5400
Config MaxNegPhaseCorrection 5400


Router Set-up

RADIUS Return Attributes

Attribute Value Description / Notes
Service-Type Framed
Framed-Protocol PPP
Framed-IP-Netmask 255.255.255.255
Framed-IP-Address 123.123.123.123 Unique for each client
MS-CHAP-MPPE-Keys <none>
MS-CHAP-MPPE-Types 128-Bit
MS-MPPE-Recv-Key <none> Windows 7
MS-MPPE-Send-Key <none> Windows 7

Support Notes

Replication