Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
248
Views
0
Helpful
2
Replies

AGAIN... aCS2.6 on W2k advanced server with bug!!!!

m.hossein
Level 1
Level 1

‎09-02-2002 06:32 AM - edited ‎03-09-2019 12:08 AM

Dear All,

This is my second post regarding ACS2.6 bugs...

The problem is:

As you know;-) I have an acs2.6 server on W2k advanced server , My ACS uses its Dbase to authenticate My users.

The users Using it to connect to the internet and sometimes many of my users logged into my network through the acs and when they disconnected from my system, I noticed that they still exist on the acs server , and since i made a single session to my users , they cannot enter again till i make a purge to the user.

Please this is a big problem for me so can u help me to solve it?

Thanx in advance...

Regards,,

Magdy

Labels:
0 Helpful
2 Replies 2

gfullage
Cisco Employee
Cisco Employee

‎09-02-2002 10:33 PM

What "system" are they disconnecting from, and how are they disconnecting? Is this a dialup server and you're authenticating PPP connections? I presume you're doing accounting also since this is the only way that ACs knows that a person is still logged on. ACS relies on receiving an Accounting Stop record when the user logs out to know that the user is no longer logged in, so can you verify that the Stop record is being generated and sent correctly by the "system".

If this is an IOS router, then you can do "debug aaa account" to see when/if the Stop record is generated. Can you run some tests to find out if your users disconnect in a certain way (just power off their machine as opposed to actually disconnecting their session) then the "system" won't send a Stop record?

0 Helpful

m.hossein
Level 1
Level 1
In response to gfullage

‎09-04-2002 11:47 PM

The System is Cisco2620 for dialup users. My users authenticate using PPP connection...

I thing the ACS does not receive An accounting Stop recordfrom the NAs server when the user logs out ...

So, My question is: How can I verify that the Stop record is being generated and sent correctly by the "system".

Here is my AAA-Config On my NAS server:

aaa new-model

aaa authentication login default group tacacs+

aaa authentication login no_tacacs enable

aaa authentication ppp default group tacacs+

aaa authorization exec default group tacacs+

aaa authorization network default group tacacs+

aaa accounting exec default start-stop group tacacs+

aaa accounting network default start-stop group tacacs+

Please how can I resolve this Issue

Regards,,

Magdy

0 Helpful
Customers Also Viewed These Support Documents