Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Changing per-user idle and absolute timeouts using TACACS+.

I'm using Cisco Secure ACS 4.0 to authenticate outgoing http sessions on PIX running 6.3(5).

Now I need to change the absolute timeout per user using TACACS+.

Thanks for help.

Regards.

Andrea

4 REPLIES
Cisco Employee

Re: Changing per-user idle and absolute timeouts using TACACS+.

Hi Andrea,

The PIX timeout uauth command controls how often re-authentication is required. If TACACS+ authentication/authorization is on, this is controlled on a peruser basis.

To configure timeout and idle timeout on the ACS Server using TACACS+, follow these steps:

Step 1. On CS ACS GUI, from left Menu navigation, click on Group Setup, choose the Group, and click on Edit.

Step 2. On the Group Configuration page, select TACACS+ from the Jump To drop-down menu.

Step 3. Check the Shell (Exec) box.

Step 4. Check Idle time and enter a value of 2.

Step 5. Check the Timeout box and enter a value of 1.

Step 6. Click the Submit+Restart button.

Note: You must have the authorization turned on for timeout and idle timeout to work properly.

HTH

JK

Plz rate helpful posts-

~BR Jatin Katyal **Do rate helpful posts**
Community Member

Re: Changing per-user idle and absolute timeouts using TACACS+.

Good! Your answer confirms my ACS setup. Now the real question is "must have authorization with TACACS".

Thanks.

Andrea

Cisco Employee

Re: Changing per-user idle and absolute timeouts using TACACS+.

Hi Andrea,

Here is the answer:

Cut-through Proxy for Network Access using TACACS+ and RADIUS Server Configuration Example

Configure TACACS+ Authorization

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807349e7.shtml#configure-tacacs

HTH

JK

Plz rate helpful posts-

~BR Jatin Katyal **Do rate helpful posts**
Community Member

Re: Changing per-user idle and absolute timeouts using TACACS+.

Thanks.

Also I need to set a Per Group Command Authorization: permit the http command or permit unmatched Cisco IOS commands.

See attachment please.

Regards.

Andrea

337
Views
4
Helpful
4
Replies
CreatePlease to create content