Security

My customer has shared devices and they want to track users connecting to these devices.  Devices are tablets and they want users to authenticate by Captive Portal against AD and re-authenticate every 2 hours. I was able to create required filter in [Time Source] and users get  MAC-Auth Expiry  set correctly, but I am not able to set session timeout to match the same time. I want users to be disconnected at MAC-Auth Expiry time and authenticate by captive portal again.

is there a way to set radius Session-Timeout to be (MAC-Auth Expiry - Current Time) in seconds?

------------------------------
Ahmad Enaya
------------------------------

Create a new filter in Endpoint Repository using the below query:

select (extract(epoch from(to_timestamp(attributes->>'MAC-Auth Expiry','YYYY-MM-DD HH24:MI:SS'))) - extract(epoch from(now())))::int as Remaining from tips_endpoints where mac_address ='%{Connection:Client-Mac-Address-NoDelim}';



Then create an enforcement profile for session timeout


Enable authorization under the service and add Endpoint Repository

And map to the Service which will return the timeout in seconds



------------------------------
SANDEEP YADAV
Global Escalation Center, ACCP
------------------------------

Original Message:
Sent: Sep 22, 2021 06:47 AM
From: Ahmad Enaya
Subject: Calculate radius session timeout based on MAC-Auth Expiry

My customer has shared devices and they want to track users connecting to these devices.  Devices are tablets and they want users to authenticate by Captive Portal against AD and re-authenticate every 2 hours. I was able to create required filter in [Time Source] and users get  MAC-Auth Expiry  set correctly, but I am not able to set session timeout to match the same time. I want users to be disconnected at MAC-Auth Expiry time and authenticate by captive portal again.

is there a way to set radius Session-Timeout to be (MAC-Auth Expiry - Current Time) in seconds?

------------------------------
Ahmad Enaya
------------------------------

Amazing! This worked. Thank you Sandeep

------------------------------
Ahmad Enaya
------------------------------

Original Message:
Sent: Sep 22, 2021 04:09 PM
From: Sandeep Yadav
Subject: Calculate radius session timeout based on MAC-Auth Expiry

Create a new filter in Endpoint Repository using the below query:

select (extract(epoch from(to_timestamp(attributes->>'MAC-Auth Expiry','YYYY-MM-DD HH24:MI:SS'))) - extract(epoch from(now())))::int as Remaining from tips_endpoints where mac_address ='%{Connection:Client-Mac-Address-NoDelim}';



Then create an enforcement profile for session timeout


Enable authorization under the service and add Endpoint Repository

And map to the Service which will return the timeout in seconds



------------------------------
SANDEEP YADAV
Global Escalation Center, ACCP

Original Message:
Sent: Sep 22, 2021 06:47 AM
From: Ahmad Enaya
Subject: Calculate radius session timeout based on MAC-Auth Expiry

My customer has shared devices and they want to track users connecting to these devices.  Devices are tablets and they want users to authenticate by Captive Portal against AD and re-authenticate every 2 hours. I was able to create required filter in [Time Source] and users get  MAC-Auth Expiry  set correctly, but I am not able to set session timeout to match the same time. I want users to be disconnected at MAC-Auth Expiry time and authenticate by captive portal again.

is there a way to set radius Session-Timeout to be (MAC-Auth Expiry - Current Time) in seconds?

------------------------------
Ahmad Enaya
------------------------------