Changing per-user idle and absolute timeouts using TACACS+.

andrea.meconi · ‎10-22-2009

I'm using Cisco Secure ACS 4.0 to authenticate outgoing http sessions on PIX running 6.3(5).

Now I need to change the absolute timeout per user using TACACS+.

Thanks for help.

Regards.

Andrea

Jatin Katyal · ‎10-22-2009

Hi Andrea,

The PIX timeout uauth command controls how often re-authentication is required. If TACACS+ authentication/authorization is on, this is controlled on a peruser basis.

To configure timeout and idle timeout on the ACS Server using TACACS+, follow these steps:

Step 1. On CS ACS GUI, from left Menu navigation, click on Group Setup, choose the Group, and click on Edit.

Step 2. On the Group Configuration page, select TACACS+ from the Jump To drop-down menu.

Step 3. Check the Shell (Exec) box.

Step 4. Check Idle time and enter a value of 2.

Step 5. Check the Timeout box and enter a value of 1.

Step 6. Click the Submit+Restart button.

Note: You must have the authorization turned on for timeout and idle timeout to work properly.

HTH

JK

Plz rate helpful posts-

~Jatin

andrea.meconi · ‎10-22-2009

Good! Your answer confirms my ACS setup. Now the real question is "must have authorization with TACACS".

Thanks.

Andrea

Jatin Katyal · ‎10-22-2009

Hi Andrea,

Here is the answer:

Cut-through Proxy for Network Access using TACACS+ and RADIUS Server Configuration Example

Configure TACACS+ Authorization

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807349e7.shtml#configure-tacacs

HTH

JK

Plz rate helpful posts-

~Jatin

andrea.meconi · ‎10-22-2009

Thanks.

Also I need to set a Per Group Command Authorization: permit the http command or permit unmatched Cisco IOS commands.

See attachment please.

Regards.

Andrea