Re: ISA RADIUS Authentication per-request -> per-session
- From: "Jim Harrison \(MSFT\)" <jmharr@xxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 31 May 2006 11:55:36 -0700
The concept of "session" is somewhat misleading.
What ISA interprets as a "session" is defined as a single TCP connection.
What the user calls an OWA "session" is actually made up of 4 or more concurrent TCP connections to the server (ISA, in this case).
When that property is set to "false", ISA will authenticate each request sent on a particular TCP session.
When that property is set to "true", ISA will authenticate only the first request on each TCP session.
Because the OWA (and RPC/HTTP) client makes / breaks TCP sessions quite frequently during a single user "session", ISA is forced to
authenticate each new TCP session.
In other words, with that property set to "true", the overall authentication load is decreased, but because the actual TCP
connections are changing frequently, the load is not completely eliminated for each OWA "session". You can validate this by
observing the RADIUS server logs for the number of auth requests from ISA for a single user session with that property set to "true"
vs. what you observe when that property is set to "false".
--
--
Jim Harrison [ISA SE]
Read the help, books and articles!
This posting is provided "AS IS" with no warranties, and confers no rights.
"hschlecht" <hschlecht@xxxxxxxxx> wrote in message news:1149018687.414016.83240@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I have installed i new ISA 2004 SP2 server for Web Proxy with RADIUS
authentication for the users.
I see that the server send RADIUS authentication for each request.
I have found that that we can change SingleRadiusServerAuthPerSession
entry for the WebListener, in my case I mean the Internal network
object. For this thing I have write script (see below) that change the
value from Flase to True for the fpcInternalNetwork object.
After the change and the reboot of the server nothing change and the
server contnue to generate high rate RADIUS request to the RADIUS
Server.
Something wrong ?
Some Idea, because I mean I'm not the only how have this problem ?
' Declare the other objects needed.
Dim root ' The FPCLib.FPC root object
Dim isaArray ' An FPCArray object
Dim listener ' An FPCNetwork object
Dim currentValue ' A Boolean
' Pass WebListener to change.
Set Args = WScript.Arguments
NewValue = Args(0)
WScript.Echo "New Value " & NewValue
' Create the root object.
Set root = CreateObject("FPC.Root")
' Get references to the array object
' and the Web listener object.
Set isaArray = root.GetContainingArray()
Set networks = isaArray.NetworkConfiguration.Networks
For Each network In networks
'WScript.Echo "Network ID "& network
If network.NetworkType = 4 Then '4 = fpcInternalNetwork
CurrentValue =
network.WebListenerProperties.SingleRadiusServerAuthPerSession
WScript.Echo "Network: " & network.NetworkType
WScript.Echo "Current value: " & CurrentValue
If NewValue <> CurrentValue Then
network.WebListenerProperties.SingleRadiusServerAuthPerSession =
NewValue
WScript.Echo "New value: " &
network.WebListenerProperties.SingleRadiusServerAuthPerSession
network.Save
End If
End If
Next
.
- Follow-Ups:
- Re: ISA RADIUS Authentication per-request -> per-session
- From: Jim Harrison \(MSFT\)
- Re: ISA RADIUS Authentication per-request -> per-session
- References:
- ISA RADIUS Authentication per-request -> per-session
- From: hschlecht
- ISA RADIUS Authentication per-request -> per-session
- Prev by Date: Re: AVG Network Edition with ISA 2000
- Next by Date: Re: ISA RADIUS Authentication per-request -> per-session
- Previous by thread: ISA RADIUS Authentication per-request -> per-session
- Next by thread: Re: ISA RADIUS Authentication per-request -> per-session
- Index(es):
Relevant Pages
|
