I've an IC4500 and my users are authenticate via Junos Pulse for a L2 connection, I've seen this log:
AUT209152014-06-02 15:55:00 - ic - [127.0.0.1] DOMAIN.COM\user(Realm)[Role] - Session timed out for DOMAIN.COM\user/Realm (session:2574ffff) due to inactivity (last access at 15:23:10 2014/06/02). Idle session identified after user request.
The connection was terminated due to inactivity, where can I configure this parameter? what does Junos Pulse defines as inactivity?
Also in the active users table i have one particular user that authenticates successfully but I can't see the time when it was authenticated and what IP it has, i don't know why but the logs for this user is full of successfull authentications every minute, I don't know how to stop it.
Anny suggestions on how to solve it?
There are two ways inactivity can happen. First is the user not sending heartbeats. Say a user logs in from a laptop. Then the close the lid on the laptop and go home. Their session length may be set very long, but they will miss heartbeats and eventually be timed out and removed from the IC. You want this to happen to remove users that are no longer on your network. The second way inactivity time out happens is if you have the role option for use traffic through the firewall. Then, if the user doesn't send traffic through the firewall for a certain period of time they get logged out.
Both of these are configured on the role session options page.
No IP and No timestamp mean they auth at L2, but don't make an L3 connection. When Pulse or OAC authenticates to an IC, they will make the L3 connection to the IC after the 802.1x (L2) connection has taken place. That is how the IC knows the IP address of the workstation. If this isn't showing up in the logs then likely your user is blocked from talking to the IC at L3. Could be a routing issue, a network firewall issue, a windows firewall issue, etc. Windows firewall may be application specific. They might be able to get to the IC with a web browser but they can't with Pulse or OAC. Fix the L3 issue with that workstation and you will get their IP and time stamp (and stop seeing them auth every minute).