Differences

This shows you the differences between two versions of the page.

Link to this comparison view

netserver_appendix_1_6.0.0 [2014/06/11 17:28]
ybarajas
netserver_appendix_1_6.0.0 [2014/06/13 20:34] (current)
bbullock
Line 1: Line 1:
 +====== Sample ipassNS.properties File ======
  
 +<code>
 +# File: ipassNS.properties.example
 +
 +# Description: iPass NetServer configuration file.
 +
 +# Blank lines and lines beginning with # ignored.
 +
 +
 +
 +# This file contains a subset of the most commonly used properties.
 +
 +# For a complete listing of all available properties,
 +# go to the directory <ns-home>/bin/ and execute the
 +# command: "ipassconfig.csh -listall"
 +
 +# For a detailed description of a particular property,
 +# go to the directory <ns-home>/bin/ and execute the
 +# command: "ipassconfig.csh -help <property name>"
 +
 +
 +# Your iPass Customer ID
 +
 +CustomerId=1
 +
 +
 +
 +# Configure RadiusClients
 +
 +###RadiusClient1=ipaddress=10.10.6.2,sharedsecret=testkey
 +###RadiusClient2=ipaddress=10.10.50.19,sharedsecret=testkey
 +
 +
 +
 +# Configure MultiProvider
 +# Determines if MultiProvider functionality is enabled.
 +# If enabled, the CustomerId sent to iPass will be that of the RadiusClient
 +# that the request came from.
 +# If the CustomerId is not set in the RadiusClient info, the main
 +# CustomerId of this server is used.
 +# Eg: to set a customerId for a client using RadiusClient settings:
 +# RadiusClient1=ipaddress=10.10.6.2,sharedsecret=testkey,CustomerId=111
 +
 +###MultiProvider=Yes
 +
 +
 +# Mapping Realm to ProxyServer(s)
 +
 +
 +RoutingRealm1=realm=IPASS,AuthServer=IpassServer,AcctServer=IpassServer,Strip=Yes
 +RoutingRealm2=realm=IPASV,AuthServer=IpassServer,AcctServer=IpassServer,Strip=Yes
 +##RoutingRealm3=realm=DEFAULT,AuthServer=IpassServer,AcctServer=IpassServer
 +##RoutingRealm4=realm=NOREALM,AuthServer=ProxyAuthServer1,AcctServer=ProxyAcctServer1
 +
 +
 +
 +# Proxy Server settings
 +# Protocol should be defaulted to Radius
 +
 +###ProxyAuthServer1=protocol=RADIUSProxy,ipaddress=127.0.0.1,port=1812,
 +IdleTimeout=15000,sharedsecret=testkey
 +###ProxyAcctServer1=protocol=RADIUSProxy,ipaddress=127.0.0.1,port=1813,
 +IdleTimeout=15000,sharedsecret=testkey
 +
 +
 +
 +# Ipass Server (Transaction Server List)
 +
 +IpassServer1=IpAddress=auth7.ipass.com,Port=9101,KeyStoreProperty=KeyStore2
 +IpassServer2=IpAddress=auth8.ipass.com,Port=9101,KeyStoreProperty=KeyStore2
 +IpassServer3=IpAddress=auth-apac.ipass.com,Port=9101,KeyStoreProperty=KeyStore2
 +IpassServer4=IpAddress=auth-sjc.ipass.com,Port=9101,KeyStoreProperty=KeyStore2
 +
 +
 +
 +
 +# Auth, Acct, and Proxy Listener information.
 +
 +# Sample line:
 +# Listener1= Port=<value>
 +# Port - Port number to listen for iPass requests from.
 +# Default is UDP port 11812/11813.
 +
 +
 +
 +Listener1=Type=Radius,Port=11812
 +Listener2=Type=RadiusProxy,Port=11817
 +Listener3=Type=SSLPost,Port=11811
 +
 +
 +
 +# IP Addresses, in X.X.X.X format, permitted to send control messages (such as
 +#    shutdown and restart) to this server. Multiple IPs can be specified. All
 +#    must be unique and contain the prefix ControlMessageIp.
 +#    By default, the local host and iPass Transaction Servers IP address
 +#    are already included.
 +
 +# Sample format:
 +# ControlMessageIp1=555.555.555.555
 +#
 +
 +
 +
 +# Debug level determines if debug and error messages are logged
 +# to the event table.
 +#   Debug Level 0 - Only severe messages are logged
 +#   Debug Level 1 - Error messages are logged
 +#   Debug Level 2 - Error and Debug messages are logged
 +#   Debug Level 3 - Error, Debug, and Packet parsing information is logged
 +#   Debug Level 4 - Error, Debug, Packet parsing, and Packet dumping is logged
 +#   Debug Level 5 - Detailed Packet and debug information is logged
 +
 +# Note: Production servers should normally run with debug level 0 or 1.
 +
 +DebugLevel=0
 +
 +AutoUpload=yes
 +UploadAtStartup=yes
 +AutoUpdate=no
 +
 +# Allow Accounting Update Messages to Pass-through to TS
 +AllowAcctUpdate=yes
 +
 +
 +
 +
 +# EapMode determines if the NetServer will do early-termination
 +# of EAP-TTLS requests. Primarily EAP-TTLS/PAP.
 +# All other EAP types will be blocked unless otherwise configured to do so.
 +# Default setting is: yes or true.
 +
 +EapMode=YES
 +
 +
 +# EapNotification determines if the NetServer will send back
 +# the Reply-Message(s) in EAP-Notification Requests prior to
 +# sending back the final Radius Access-Accept/Access-Reject.
 +# Default setting is: true
 +
 +EapNotification=NO
 +
 +
 +# This feature is used in conjuction with the EapNotification feature.
 +# It is used to filter which Reply-Message(s) can get sent back
 +# as EAP-Notifications. It will check if any Reply-Messages begin
 +# with the given FilterPrefix string.
 +# FilterPrefix: The string to match at the beginning of the Reply-Message.
 +#               It is case insensitive.
 +# KeepPrefix: Whether to keep that prefix attached to the Reply-Message
 +#             when sending back as an EAP-Notification.
 +
 +
 +EapNotificationFilter1= FilterPrefix="Location=",KeepPrefix=YES
 +
 +# Tunneled EAP NAI Check
 +# This function ensures the declared EAP Identity of an EAP-TTLS
 +# request used in accounting without CUI, eventually contains within
 +# the username@domain NAI of the Authorized Account negotiated with iPass
 +# during secondary authentication phase.  Prevents Tunnel Fraud.
 +
 +EapNaiCheck=true
 +
 +
 +# EAP Early Termination
 +# With EapMode enabled, the netserver offers native EAP-TTLS tunneling to
 +# the iPass AAA fabric.  The tunnel is protected by 2048-bit RSA encryption
 +# secured by Thawte global.  This provides a single trust point, EAP-Identity
 +# Token and Authentication Method for a connection profile on any iPass enabled network.
 +# The "inside" secondary auth method is performed with the Home AAA via the
 +# TCP/SSL iPass Transaction Network (PAP, MSHCAPv2, GTC, TLS, EAP-SIM) by
 +# support or preference behind the Roamserver. Suitable for fast roaming.
 +
 +
 +
 +EapEarlyTerminate=21
 +
 +# EAP Pass-Through Filters
 +# If EapMode is yes, TTLS will never pass-through the Netserver.  For default
 +# pass-through, set EapMode=no. With EapMode Enabled, EapPassThroughAllow
 +# specifies the EAP Protocol Id which are allowed to transact end-to-end
 +# via the iPass Transaction Network.  Additional Network Policies Apply.
 +# End-to-end EAP Authentication methods can be prohibitively slow.
 +
 +
 +# EapPassThroughAllow=4,6,13,23,25,43
 +# EapPassThroughAllow=all
 +# EapPassThroughDeny=nothing
 +
 +
 +
 +# CUI SETTINGS
 +#
 +# If EapNaiCheck is false, a supplier must support attribute 89
 +# in all Radius Accounting.  These settings enable reflection of
 +# Chargeable-User-Identity Attribute 89 in all Access-Accept.
 +# The value of the attribute is the accepted userid negotiated with iPass
 +# Transaction Centers unless a CUI is returned by the Home AAA.
 +
 +
 +CuiEnable=yes
 +
 +#
 +# CuiHasEnable encodes the value of the CUI returned in an Access-Accept to
 +# create a unique and anonymous identity hash of the user portion of the NAI.
 +# This hash is reversable by iPass for billing correlation.
 +
 +CuiHashEnable=no
 +
 +
 +#
 +# CuiHashingStrategy sets the type of hashing strategy to be performed
 +# on CUI hashing. That is, either the complete NAI or just the USER_NAME
 +# in an NAI to be hashed.
 +
 +
 +CuiHashingStrategy=USER_NAME
 +
 +# CuiAcctUserReplace retrieves the CUI from all Accounting messages and
 +# replaces the Anonymous EAP Identity token used for routing the transaction in
 +# the User-Name with the value of the CUI returned in the Access-Accept.
 +# If CuiHashEnable is yes, CuiAcctUserReplace can optionally leave the User-Name
 +# encoded for transmission to iPass for correlation by the Home AAA without CUI.
 +
 +
 +# CuiAcctUserReplace1=Token=all,Decode=yes
 +CuiAcctUserReplace1=Token="IPASS/user@ipass.com",Decode=yes
 +CuiAcctUserReplace2=Token="user@ipass.com",Decode=Yes
 +CuiAcctUserReplace3=Token="IPASS/user@ipass",Decode=yes
 +CuiAcctUserReplace4=Token="user@ipass",Decode=Yes
 +CuiAcctUserReplace5=Token="IPASS/anonymous@ipass.com",Decode=yes
 +CuiAcctUserReplace6=Token="anonymous@ipass.com",Decode=yes
 +CuiAcctUserReplace7=Token="IPASS/anonymous@ipass",Decode=yes
 +CuiAcctUserReplace8=Token="anonymous@ipass,Decode=yes
 +
 +
 +# CACHE DEFAULTS
 +
 +# Determines if the caching of successful authentication requests is enabled
 +AuthCacheEnabled=True
 +
 +# Auth Cache. Limit by the number of users.
 +AuthCacheSize=60
 +
 +# Auth Cache days Limit by the number of days in cache
 +AuthCacheDays=1
 +
 +
 +#Filesize rotation
 +LocalAccounting=false
 +AcctLogBackupType=MultipleWithTimestamp
 +AcctLogRotationMaxSize=10240
 +AcctLogRotationType=FileSize
 +
 +
 +TraceLogBackupType=MultipleWithTimestamp
 +#TraceLogRotationType=NumberOfHours
 +#TraceLogRotationHours=24
 +TraceLogRotationType=FileSize
 +TraceLogRotationMaxSize=10240
 +LogDirFileDeletionAge=120
 +
 +
 +# Determines the Keystore which will be used for administrative purpose.
 +# The configured KeyStore must be of KeyStoreType=ns
 +
 +AdminKeyStoreProperty=KeyStore2
 +
 +
 +KeyStore1=KeyStoreType=eap,KeyStorePath=$ipass.server.home/certs/eapserver.keystore,
 +KeyPassword=UfGjld0YWEUjEIZUnNvIsA==,KeyStorePassword=UfGjld0YWEUjEIZUnNvIsA=  
 +
 +KeyStore2=KeyStoreType=ns,KeyStorePath=$ipass.server.home/certs/ns1.keystore
 +
 +</code>
 +
 +Go to: **[[dokuwiki_other|Other Product Documents]] > [[netserver_help_6.0.0|NetServer Admin Guide]]** 
 +
 +{{tag>netserver}}
 

©2015 iPass Inc. All rights reserved. Terms of Use