Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Changes to "set admin auth timeout" is ignored if authenticating against External Server

0

0

Article ID: KB11512 KB Last Updated: 19 Jun 2010Version: 3.0
Summary:
Changes to "set admin auth timeout" is ignored if External Server is used.
Symptoms:
Changes to "set admin auth timeout" is not reflected in the config.  However, the value is shown correctly in both the WebUI and "get admin auth".
Solution:
This is by design.

The "set admin auth timeout xxx" config is only valid when authenticating against the firewall's local database. 

If an External server (such as RADIUS or LDAP) is configured, then the command is ignored for the 'set admin auth timeout' portion of the config, but it is changed for the external auth-server timeout.  In other words, changes to "set admin auth timeout xxx" will be reflected in the config in the "set auth-server "External" timeout xxx" command.

For example, in the output below, the admin timeout will be changed to 22 minutes.

1.  These are the default timeout settings in the config:
set auth-server "RADIUS" id 1
set auth-server "RADIUS" server-name "192.168.1.5"
set auth-server "RADIUS" account-type admin
set auth-server "RADIUS" timeout 10
set auth-server "RADIUS" radius secret "secret"
set admin auth timeout 10
set admin auth server "RADIUS"

2.  Then the auth timeout is set to 22.
ns5gt-wlan-> set admin auth timeout 22

3.  The config changes are reflected as follows:
set auth-server "RADIUS" id 1
set auth-server "RADIUS" server-name "192.168.1.5"
set auth-server "RADIUS" account-type admin
set auth-server "RADIUS" timeout 22  <---Note that this timeout setting is changed.
set auth-server "RADIUS" radius secret "secret"
set admin auth timeout 10   <---Note that this is not changed because an external server is configured.
set admin auth server "RADIUS"

 
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search