by

Configuring Microsoft Nps For Mac-based Radius

  1. Apr 04, 2017 Once you have done so, save the file and import it back to your NPS. Tip: To import/export the configuration file, go to the NPS console in the server, select on NPS, then go to Action on the top bar and click Import/Export Configuration. Problem: An employee is assigned to multiple machines.
  2. @Adam When using Windows NPS for MAC based auth, you actually create AD users for each MAC. The username & password are both set to the MAC address. It's a really odd setup, but it makes sense because NPS uses AD as its auth DB.
  3. Nov 04, 2016 RADIUS (Remote Authentication Dial In User Service) is a popular network protocol that provides for the AAA (Authentication, Authorization, and Accounting) needs of modern IT environments. RADIUS equips administrators with the means to better manage network access by helping to provide a greater degree of security, control and monitoring.
  4. The story I have created this blog to detail and describe how a Network Policy Server (NPS) is used to integrate with an Azure VPN gateway using RADIUS to provide Multi-Factor Authentication (Azure MFA) for point-to-site connections to your Azure environment. The process that will be documented in this blog:- Image Reference: docs.microsoft.com Prerequisites Azure.
  5. Nov 04, 2016  Managing RADIUS Authentication with UniFi. I’ll show you how to do both in detail- through a Windows Server RADIUS Configuration through NPS as well as a Ubuntu Linux Authentication server. Microsoft Windows Server 2012 R2. RADIUS Configurations in Windows can be set up through the Network Policy Server (NPS) which is a feature you can.
-->

Applies to: Windows Server (Semi-Annual Channel), Windows Server 2016

You can use this topic to configure network access servers as RADIUS Clients in NPS.

When you add a new network access server (VPN server, wireless access point, authenticating switch, or dial-up server) to your network, you must add the server as a RADIUS client in NPS, and then configure the RADIUS client to communicate with the NPS.

In this article readers will have an understanding of how to configure access policies (802.1X) on UniFi switches for wired clients. This article includes instructions on how to configure using the RADIUS server built-in to the UniFi Security Gateway and also controller configuration examples to point to your own authentication server.

Important

Client computers and devices, such as laptop computers, tablets, phones, and other computers running client operating systems, are not RADIUS clients. RADIUS clients are network access servers - such as wireless access points, 802.1X-capable switches, virtual private network (VPN) servers, and dial-up servers - because they use the RADIUS protocol to communicate with RADIUS servers, such as Network Policy Server (NPS) servers.

This step is also necessary when your NPS is a member of a remote RADIUS server group that is configured on an NPS proxy. In this circumstance, in addition to performing the steps in this task on the NPS proxy, you must do the following:

  • On the NPS proxy, configure a remote RADIUS server group that contains the NPS.
  • On the remote NPS, configure the NPS proxy as a RADIUS client.

To perform the procedures in this topic, you must have at least one network access server (VPN server, wireless access point, authenticating switch, or dial-up server) or NPS proxy physically installed on your network.

Configure the Network Access Server

Use this procedure to configure network access servers for use with NPS. When you deploy network access servers (NASs) as RADIUS clients, you must configure the clients to communicate with the NPSs where the NASs are configured as clients.

This procedure provides general guidelines about the settings you should use to configure your NASs; for specific instructions on how to configure the device you are deploying on your network, see your NAS product documentation.

To configure the network access server

  1. On the NAS, in RADIUS settings, select RADIUS authentication on User Datagram Protocol (UDP) port 1812 and RADIUS accounting on UDP port 1813.
  2. In Authentication server or RADIUS server, specify your NPS by IP address or fully qualified domain name (FQDN), depending on the requirements of the NAS.
  3. In Secret or Shared secret, type a strong password. When you configure the NAS as a RADIUS client in NPS, you will use the same password, so do not forget it.
  4. If you are using PEAP or EAP as an authentication method, configure the NAS to use EAP authentication.
  5. If you are configuring a wireless access point, in SSID, specify a Service Set Identifier (SSID), which is an alphanumeric string that serves as the network name. This name is broadcast by access points to wireless clients and is visible to users at your wireless fidelity (Wi-Fi) hotspots.
  6. If you are configuring a wireless access point, in 802.1X and WPA, enable IEEE 802.1X authentication if you want to deploy PEAP-MS-CHAP v2, PEAP-TLS, or EAP-TLS.

Add the Network Access Server as a RADIUS Client in NPS

Use this procedure to add a network access server as a RADIUS client in NPS. You can use this procedure to configure a NAS as a RADIUS client by using the NPS console.

To complete this procedure, you must be a member of the Administrators group.

Mac-based

To add a network access server as a RADIUS client in NPS

  1. On the NPS, in Server Manager, click Tools, and then click Network Policy Server. The NPS console opens.
  2. In the NPS console, double-click RADIUS Clients and Servers. Right-click RADIUS Clients, and then click New RADIUS Client.
  3. In New RADIUS Client, verify that the Enable this RADIUS client check box is selected.
  4. In New RADIUS Client, in Friendly name, type a display name for the NAS. In Address (IP or DNS), type the NAS IP address or fully qualified domain name (FQDN). If you enter the FQDN, click Verify if you want to verify that the name is correct and maps to a valid IP address.
  5. In New RADIUS Client, in Vendor, specify the NAS manufacturer name. If you are not sure of the NAS manufacturer name, select RADIUS standard.
  6. In New RADIUS Client, in Shared secret, do one of the following:
    • Ensure that Manual is selected, and then in Shared secret, type the strong password that is also entered on the NAS. Retype the shared secret in Confirm shared secret.
    • Select Generate, and then click Generate to automatically generate a shared secret. Save the generated shared secret for configuration on the NAS so that it can communicate with the NPS.
  7. In New RADIUS Client, in Additional Options, if you are using any authentication methods other than EAP and PEAP, and if your NAS supports use of the message authenticator attribute, select Access Request messages must contain the Message Authenticator attribute.
  8. Click OK. Your NAS appears in the list of RADIUS clients configured on the NPS.

Configure RADIUS Clients by IP Address Range in Windows Server 2016 Datacenter

If you are running Windows Server 2016 Datacenter, you can configure RADIUS clients in NPS by IP address range. This allows you to add a large number of RADIUS clients (such as wireless access points) to the NPS console at one time, rather than adding each RADIUS client individually.

You cannot configure RADIUS clients by IP address range if you are running NPS on Windows Server 2016 Standard.

Use this procedure to add a group of network access servers (NASs) as RADIUS clients that are all configured with IP addresses from the same IP address range.

All of the RADIUS clients in the range must use the same configuration and shared secret.

To complete this procedure, you must be a member of the Administrators group.

To set up RADIUS clients by IP address range

  1. On the NPS, in Server Manager, click Tools, and then click Network Policy Server. The NPS console opens.
  2. In the NPS console, double-click RADIUS Clients and Servers. Right-click RADIUS Clients, and then click New RADIUS Client.
  3. In New RADIUS Client, in Friendly name, type a display name for the collection of NASs.
  4. In Address (IP or DNS), type the IP address range for the RADIUS clients by using Classless Inter-Domain Routing (CIDR) notation. For example, if the IP address range for the NASs is 10.10.0.0, type 10.10.0.0/16.
  5. In New RADIUS Client, in Vendor, specify the NAS manufacturer name. If you are not sure of the NAS manufacturer name, select RADIUS standard.
  6. In New RADIUS Client, in Shared secret, do one of the following:
    • Ensure that Manual is selected, and then in Shared secret, type the strong password that is also entered on the NAS. Retype the shared secret in Confirm shared secret.
    • Select Generate, and then click Generate to automatically generate a shared secret. Save the generated shared secret for configuration on the NAS so that it can communicate with the NPS.
  7. In New RADIUS Client, in Additional Options, if you are using any authentication methods other than EAP and PEAP, and if all of your NASs support use of the message authenticator attribute, select Access Request messages must contain the Message Authenticator attribute.
  8. Click OK. Your NASs appear in the list of RADIUS clients configured on the NPS.

For more information, see RADIUS Clients.

For more information about NPS, see Network Policy Server (NPS).

-->

Applies to: Windows Server (Semi-Annual Channel), Windows Server 2016

When you deploy Network Policy Server (NPS) as a Remote Authentication Dial-In User Service (RADIUS) server, NPS performs authentication, authorization, and accounting for connection requests for the local domain and for domains that trust the local domain. You can use these planning guidelines to simplify your RADIUS deployment.

These planning guidelines do not include circumstances in which you want to deploy NPS as a RADIUS proxy. When you deploy NPS as a RADIUS proxy, NPS forwards connection requests to a server running NPS or other RADIUS servers in remote domains, untrusted domains, or both.

Before you deploy NPS as a RADIUS server on your network, use the following guidelines to plan your deployment.

  • Plan NPS configuration.

  • Plan RADIUS clients.

  • Plan the use of authentication methods.

  • Plan network policies.

  • Plan NPS accounting.

Plan NPS configuration

You must decide in which domain the NPS is a member. For multiple-domain environments, an NPS can authenticate credentials for user accounts in the domain of which it is a member and for all domains that trust the local domain of the NPS. To allow the NPS to read the dial-in properties of user accounts during the authorization process, you must add the computer account of the NPS to the RAS and NPSs group for each domain.

After you have determined the domain membership of the NPS, the server must be configured to communicate with RADIUS clients, also called network access servers, by using the RADIUS protocol. In addition, you can configure the types of events that NPS records in the event log and you can enter a description for the server.

Key steps

During the planning for NPS configuration, you can use the following steps.

  • Determine the RADIUS ports that the NPS uses to receive RADIUS messages from RADIUS clients. The default ports are UDP ports 1812 and 1645 for RADIUS authentication messages and ports 1813 and 1646 for RADIUS accounting messages.

  • If the NPS is configured with multiple network adapters, determine the adapters over which you want RADIUS traffic to be allowed.

  • Determine the types of events that you want NPS to record in the Event Log. You can log rejected authentication requests, successful authentication requests, or both types of requests.

  • Determine whether you are deploying more than one NPS. To provide fault tolerance for RADIUS-based authentication and accounting, use at least two NPSs. One NPS is used as the primary RADIUS server and the other is used as a backup. Each RADIUS client is then configured on both NPSs. If the primary NPS becomes unavailable, RADIUS clients then send Access-Request messages to the alternate NPS.

  • Plan the script used to copy one NPS configuration to other NPSs to save on administrative overhead and to prevent the incorrect cofiguration of a server. NPS provides the Netsh commands that allow you to copy all or part of an NPS configuration for import onto another NPS. You can run the commands manually at the Netsh prompt. However, if you save your command sequence as a script, you can run the script at a later date if you decide to change your server configurations.

Plan RADIUS clients

RADIUS clients are network access servers, such as wireless access points, virtual private network (VPN) servers, 802.1X-capable switches, and dial-up servers. RADIUS proxies, which forward connection request messages to RADIUS servers, are also RADIUS clients. NPS supports all network access servers and RADIUS proxies that comply with the RADIUS protocol as described in RFC 2865, 'Remote Authentication Dial-in User Service (RADIUS),' and RFC 2866, 'RADIUS Accounting.'

Important

Access clients, such as client computers, are not RADIUS clients. Only network access servers and proxy servers that support the RADIUS protocol are RADIUS clients.

In addition, both wireless access points and switches must be capable of 802.1X authentication. If you want to deploy Extensible Authentication Protocol (EAP) or Protected Extensible Authentication Protocol (PEAP), access points and switches must support the use of EAP.

To test basic interoperability for PPP connections for wireless access points, configure the access point and the access client to use Password Authentication Protocol (PAP). Use additional PPP-based authentication protocols, such as PEAP, until you have tested the ones that you intend to use for network access.

Key steps

During the planning for RADIUS clients, you can use the following steps.

  • Document the vendor-specific attributes (VSAs) you must configure in NPS. If your network access servers require VSAs, log the VSA information for later use when you configure your network policies in NPS.

  • Document the IP addresses of RADIUS clients and your NPS to simplify the configuration of all devices. When you deploy your RADIUS clients, you must configure them to use the RADIUS protocol, with the NPS IP address entered as the authenticating server. And when you configure NPS to communicate with your RADIUS clients, you must enter the RADIUS client IP addresses into the NPS snap-in.

  • Create shared secrets for configuration on the RADIUS clients and in the NPS snap-in. You must configure RADIUS clients with a shared secret, or password, that you will also enter into the NPS snap-in while configuring RADIUS clients in NPS.

Plan the use of authentication methods

NPS supports both password-based and certificate-based authentication methods. However, not all network access servers support the same authentication methods. In some cases, you might want to deploy a different authentication method based on the type of network access.

For example, you might want to deploy both wireless and VPN access for your organization, but use a different authentication method for each type of access: EAP-TLS for VPN connections, due to the strong security that EAP with Transport Layer Security (EAP-TLS) provides, and PEAP-MS-CHAP v2 for 802.1X wireless connections.

PEAP with Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP-MS-CHAP v2) provides a feature named fast reconnect that is specifically designed for use with portable computers and other wireless devices. Fast reconnect enables wireless clients to move between wireless access points on the same network without being reauthenticated each time they associate with a new access point. This provides a better experience for wireless users and allows them to move between access points without having to retype their credentials.Because of fast reconnect and the security that PEAP-MS-CHAP v2 provides, PEAP-MS-CHAP v2 is a logical choice as an authentication method for wireless connections.

For VPN connections, EAP-TLS is a certificate-based authentication method that provides strong security that protects network traffic even as it is transmitted across the Internet from home or mobile computers to your organization VPN servers.

Certificate-based authentication methods

Certificate-based authentication methods have the advantage of providing strong security; and they have the disadvantage of being more difficult to deploy than password-based authentication methods.

Both PEAP-MS-CHAP v2 and EAP-TLS are certificate-based authentication methods, but there are many differences between them and the way in which they are deployed.

EAP-TLS

EAP-TLS uses certificates for both client and server authentication, and requires that you deploy a public key infrastructure (PKI) in your organization. Deploying a PKI can be complex, and requires a planning phase that is independent of planning for the use of NPS as a RADIUS server.

With EAP-TLS, the NPS enrolls a server certificate from a certification authority (CA), and the certificate is saved on the local computer in the certificate store. During the authentication process, server authentication occurs when the NPS sends its server certificate to the access client to prove its identity to the access client. The access client examines various certificate properties to determine whether the certificate is valid and is appropriate for use during server authentication. If the server certificate meets the minimum server certificate requirements and is issued by a CA that the access client trusts, the NPS is successfully authenticated by the client.

Similarly, client authentication occurs during the authentication process when the client sends its client certificate to the NPS to prove its identity to the NPS. The NPS examines the certificate, and if the client certificate meets the minimum client certificate requirements and is issued by a CA that the NPS trusts, the access client is successfully authenticated by the NPS.

Configuring microsoft nps for mac-based radius - ms switches

Although it is required that the server certificate is stored in the certificate store on the NPS, the client or user certificate can be stored in either the certificate store on the client or on a smart card.

For this authentication process to succeed, it is required that all computers have your organization's CA certificate in the Trusted Root Certification Authorities certificate store for the Local Computer and the Current User.

PEAP-MS-CHAP v2

PEAP-MS-CHAP v2 uses a certificate for server authentication and password-based credentials for user authentication. Because certificates are used only for server authentication, you are not required to deploy a PKI in order to use PEAP-MS-CHAP v2. When you deploy PEAP-MS-CHAP v2, you can obtain a server certificate for the NPS in one of the following two ways:

  • You can install Active Directory Certificate Services (AD CS), and then autoenroll certificates to NPSs. If you use this method, you must also enroll the CA certificate to client computers connecting to your network so that they trust the certificate issued to the NPS.

  • You can purchase a server certificate from a public CA such as VeriSign. If you use this method, make sure that you select a CA that is already trusted by client computers. To determine whether client computers trust a CA, open the Certificates Microsoft Management Console (MMC) snap-in on a client computer, and then view the Trusted Root Certification Authorities store for the Local Computer and for the Current User. If there is a certificate from the CA in these certificate stores, the client computer trusts the CA and will therefore trust any certificate issued by the CA.

During the authentication process with PEAP-MS-CHAP v2, server authentication occurs when the NPS sends its server certificate to the client computer. The access client examines various certificate properties to determine whether the certificate is valid and is appropriate for use during server authentication. If the server certificate meets the minimum server certificate requirements and is issued by a CA that the access client trusts, the NPS is successfully authenticated by the client.

User authentication occurs when a user attempting to connect to the network types password-based credentials and tries to log on. NPS receives the credentials and performs authentication and authorization. If the user is authenticated and authorized successfully, and if the client computer successfully authenticated the NPS, the connection request is granted.

Key steps

During the planning for the use of authentication methods, you can use the following steps.

  • Identify the types of network access you plan to offer, such as wireless, VPN, 802.1X-capable switch, and dial-up access.

  • Determine the authentication method or methods that you want to use for each type of access. It is recommended that you use the certificate-based authentication methods that provide strong security; however, it might not be practical for you to deploy a PKI, so other authentication methods might provide a better balance of what you need for your network.

  • If you are deploying EAP-TLS, plan your PKI deployment. This includes planning the certificate templates you are going to use for server certificates and client computer certificates. It also includes determining how to enroll certificates to domain member and non-domain member computers, and determining whether you want to use smart cards.

  • If you are deploying PEAP-MS-CHAP v2, determine whether you want to install AD CS to issue server certificates to your NPSs or whether you want to purchase server certificates from a public CA, such as VeriSign.

    It was followed by by.Running Mac OS 7.x requires a Motorola 68000 based Macintosh, a supported model of Power PC based Macintosh (7.1 or later) or one of the following emulators:- Runs MacOS 1.1-7.5.5, emulates a black and white Motorola 68K based Mac Plus- Runs MacOS 7.x-8.1, emulates later color Motorola 68k based Macs.- Runs MacOS 7.5.2-9.0.4, emulates a Power PC based Macintosh. Mac OS 7 7.0Mac OS 7 was a major change from the earlier, introducing integrated multitasking, a revamped desktop, networking, and transitioning the name from 'Macintosh System Software' To 'MacOS'. Microsoft 7 iso for mac.

Plan network policies

Network policies are used by NPS to determine whether connection requests received from RADIUS clients are authorized. NPS also uses the dial-in properties of the user account to make an authorization determination.

Because network policies are processed in the order in which they appear in the NPS snap-in, plan to place your most restrictive policies first in the list of policies. For each connection request, NPS attempts to match the conditions of the policy with the connection request properties. NPS examines each network policy in order until it finds a match. If it does not find a match, the connection request is rejected.

Key steps

During the planning for network policies, you can use the following steps.

  • Determine the preferred NPS processing order of network policies, from most restrictive to least restrictive.

  • Determine the policy state. The policy state can have the value of enabled or disabled. If the policy is enabled, NPS evaluates the policy while performing authorization. If the policy is not enabled, it is not evaluated.

  • Determine the policy type. You must determine whether the policy is designed to grant access when the conditions of the policy are matched by the connection request or whether the policy is designed to deny access when the conditions of the policy are matched by the connection request. For example, if you want to explicitly deny wireless access to the members of a Windows group, you can create a network policy that specifies the group, the wireless connection method, and that has a policy type setting of Deny access.

  • Determine whether you want NPS to ignore the dial-in properties of user accounts that are members of the group on which the policy is based. When this setting is not enabled, the dial-in properties of user accounts override settings that are configured in network policies. For example, if a network policy is configured that grants access to a user but the dial-in properties of the user account for that user are set to deny access, the user is denied access. But if you enable the policy type setting Ignore user account dial-in properties, the same user is granted access to the network.

  • Determine whether the policy uses the policy source setting. This setting allows you to easily specify a source for all access requests. Possible sources are a Terminal Services Gateway (TS Gateway), a remote access server (VPN or dial-up), a DHCP server, a wireless access point, and a Health Registration Authority server. Alternatively, you can specify a vendor-specific source.

  • Determine the conditions that must be matched in order for the network policy to be applied.

  • Determine the settings that are applied if the conditions of the network policy are matched by the connection request.

  • Determine whether you want to use, modify, or delete the default network policies.

Plan NPS accounting

NPS provides the ability to log RADIUS accounting data, such as user authentication and accounting requests, in three formats: IAS format, database-compatible format, and Microsoft SQL Server logging.

IAS format and database-compatible format create log files on the local NPS in text file format.

SQL Server logging provides the ability to log to a SQL Server 2000 or SQL Server 2005 XML-compliant database, extending RADIUS accounting to leverage the advantages of logging to a relational database.

Key steps

During the planning for NPS accounting, you can use the following steps.

  • Determine whether you want to store NPS accounting data in log files or in a SQL Server database.

NPS accounting using local log files

Recording user authentication and accounting requests in log files is used primarily for connection analysis and billing purposes, and is also useful as a security investigation tool, providing you with a method for tracking the activity of a malicious user after an attack.

Key steps

During the planning for NPS accounting using local log files, you can use the following steps.

  • Determine the text file format that you want to use for your NPS log files.

  • Choose the type of information that you want to log. You can log accounting requests, authentication requests, and periodic status.

  • Determine the hard disk location where you want to store your log files.

  • Design your log file backup solution. The hard disk location where you store your log files should be a location that allows you to easily back up your data. In addition, the hard disk location should be protected by configuring the access control list (ACL) for the folder where the log files are stored.

    If the Update option is missing or you're unable to update, try Microsoft Update to install your Office updates through Windows. To download an update manually, see Office Updates. If you would like to update Office but can't open any of your Office apps, try repairing your Office suite: Go to Control Panel Programs Uninstall a program. 2020-3-31  Automatic updating for Microsoft Office is not enabled. To re-enable automatic updates for Office, follow the steps below. Manually configure automatic updates. Go to the Office 2013 Administrative Template files (ADMX/ADML) and Office Customization Tool page. 2016-7-4  Updates for office 365/ 2016 won't download nor install I use Windows 10 Pro and Offie 365/ 2016 Home 'When opening any office program I get the following message: Updates are ready to to be installed, but first we need to close some apps. Mac turn on automatic updates won't go away microsoft office free. Under Important Updates, choose Install updates automatically, and under Microsoft Update check the Give me updates for Microsoft products and check for new optional Microsoft software when I update Windows box to get the Office updates. Your IT department might set automatic updates for you. If they do, you'll see the message in the yellow bar, and you won't be able to use the Important. How to Fix Microsoft Office AutoUpdate for Mac not working. I can’t get updates and so I can’t update at all now! Manual and Automatic options are disabled along with the “Check for.

  • Determine the frequency at which you want new log files to be created. If you want log files to be created based on the file size, determine the maximum file size allowed before a new log file is created by NPS.

  • Determine whether you want NPS to delete older log files if the hard disk runs out of storage space.

  • Determine the application or applications that you want to use to view accounting data and produce reports.

NPS SQL Server logging

NPS SQL Server logging is used when you need session state information, for report creation and data analysis purposes, and to centralize and simplify management of your accounting data.

NPS provides the ability to use SQL Server logging to record user authentication and accounting requests received from one or more network access servers to a data source on a computer running the Microsoft SQL Server Desktop Engine (MSDE 2000), or any version of SQL Server later than SQL Server 2000.

Accounting data is passed from NPS in XML format to a stored procedure in the database, which supports both structured query language (SQL) and XML (SQLXML). Recording user authentication and accounting requests in an XML-compliant SQL Server database enables multiple NPSs to have one data source.

Configuring Microsoft Nps For Mac-based Radius Calculator

Key steps

During the planning for NPS accounting by using NPS SQL Server logging, you can use the following steps.

Microsoft Radius Logs

  • Determine whether you or another member of your organization has SQL Server 2000 or SQL Server 2005 relational database development experience and you understand how to use these products to create, modify, administer, and manage SQL Server databases.

  • Determine whether SQL Server is installed on the NPS or on a remote computer.

  • Design the stored procedure that you will use in your SQL Server database to process incoming XML files that contain NPS accounting data.

  • Design the SQL Server database replication structure and flow.

  • Determine the application or applications that you want to use to view accounting data and produce reports.

  • Plan to use network access servers that send the Class attribute in all accounting-requests. The Class attribute is sent to the RADIUS client in an Access-Accept message, and is useful for correlating Accounting-Request messages with authentication sessions. If the Class attribute is sent by the network access server in the accounting request messages, it can be used to match the accounting and authentication records. The combination of the attributes Unique-Serial-Number, Service-Reboot-Time, and Server-Address must be a unique identification for each authentication that the server accepts.

  • Plan to use network access servers that support interim accounting.

  • Plan to use network access servers that send Accounting-on and Accounting-off messages.

  • Plan to use network access servers that support the storing and forwarding of accounting data. Network access servers that support this feature can store accounting data when the network access server cannot communicate with the NPS. When the NPS is available, the network access server forwards the stored records to the NPS, providing increased reliability in accounting over network access servers that do not provide this feature.

  • Plan to always configure the Acct-Interim-Interval attribute in network policies. The Acct-Interim-Interval attribute sets the interval (in seconds) between each interim update that the network access server sends. According to RFC 2869, the value of the Acct-Interim-Interval attribute must not be smaller than 60 seconds, or one minute, and should not be smaller than 600 seconds, or 10 minutes. For more information, see RFC 2869, 'RADIUS Extensions.'

  • Ensure that logging of periodic status is enabled on your NPSs.