Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

AGAIN... aCS2.6 on W2k advanced server with bug!!!!

Dear All,

This is my second post regarding ACS2.6 bugs...

The problem is:

As you know;-) I have an acs2.6 server on W2k advanced server , My ACS uses its Dbase to authenticate My users.

The users Using it to connect to the internet and sometimes many of my users logged into my network through the acs and when they disconnected from my system, I noticed that they still exist on the acs server , and since i made a single session to my users , they cannot enter again till i make a purge to the user.

Please this is a big problem for me so can u help me to solve it?

Thanx in advance...

Regards,,

Magdy

2 REPLIES
Cisco Employee

Re: AGAIN... aCS2.6 on W2k advanced server with bug!!!!

What "system" are they disconnecting from, and how are they disconnecting? Is this a dialup server and you're authenticating PPP connections? I presume you're doing accounting also since this is the only way that ACs knows that a person is still logged on. ACS relies on receiving an Accounting Stop record when the user logs out to know that the user is no longer logged in, so can you verify that the Stop record is being generated and sent correctly by the "system".

If this is an IOS router, then you can do "debug aaa account" to see when/if the Stop record is generated. Can you run some tests to find out if your users disconnect in a certain way (just power off their machine as opposed to actually disconnecting their session) then the "system" won't send a Stop record?

New Member

Re: AGAIN... aCS2.6 on W2k advanced server with bug!!!!

The System is Cisco2620 for dialup users. My users authenticate using PPP connection...

I thing the ACS does not receive An accounting Stop recordfrom the NAs server when the user logs out ...

So, My question is: How can I verify that the Stop record is being generated and sent correctly by the "system".

Here is my AAA-Config On my NAS server:

aaa new-model

aaa authentication login default group tacacs+

aaa authentication login no_tacacs enable

aaa authentication ppp default group tacacs+

aaa authorization exec default group tacacs+

aaa authorization network default group tacacs+

aaa accounting exec default start-stop group tacacs+

aaa accounting network default start-stop group tacacs+

Please how can I resolve this Issue

Regards,,

Magdy

93
Views
0
Helpful
2
Replies