On 09/14/2012 11:58 AM, Remco van Noorloos wrote: > The thing I’d like to change is the ‘authorization expired’ messages. > Authorization works correctly until a logged in user has been idle for > some time. Radiator logs shows a ‘no context found’ message in this > case, so it seems that Radiator already flushed the authentication > cache. I’ve tried to set the ‘idle-time’ and ‘timeout’ values, but this > doesn’t seem to change a thing. Please note that when this message > appears Radiator hasn’t been restarted.
You should be able to control expiration time with AuthorizationTimeout. If it does not work and you get 'no context' message, check that the TACACS+ connections are coming from the same client interface. If they are not, see if you can fix the source interface. With cisco you can do something like 'ip tacacas source-interface ...'. A loopback interface might be a good choice here. If the client IP changes and there's a new TCP connection for each request this can lead to the above problems. Thanks, Heikki -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
