09-02-2002 06:32 AM - edited 03-09-2019 12:08 AM
Dear All,
This is my second post regarding ACS2.6 bugs...
The problem is:
As you know;-) I have an acs2.6 server on W2k advanced server , My ACS uses its Dbase to authenticate My users.
The users Using it to connect to the internet and sometimes many of my users logged into my network through the acs and when they disconnected from my system, I noticed that they still exist on the acs server , and since i made a single session to my users , they cannot enter again till i make a purge to the user.
Please this is a big problem for me so can u help me to solve it?
Thanx in advance...
Regards,,
Magdy
09-02-2002 10:33 PM
What "system" are they disconnecting from, and how are they disconnecting? Is this a dialup server and you're authenticating PPP connections? I presume you're doing accounting also since this is the only way that ACs knows that a person is still logged on. ACS relies on receiving an Accounting Stop record when the user logs out to know that the user is no longer logged in, so can you verify that the Stop record is being generated and sent correctly by the "system".
If this is an IOS router, then you can do "debug aaa account" to see when/if the Stop record is generated. Can you run some tests to find out if your users disconnect in a certain way (just power off their machine as opposed to actually disconnecting their session) then the "system" won't send a Stop record?
09-04-2002 11:47 PM
The System is Cisco2620 for dialup users. My users authenticate using PPP connection...
I thing the ACS does not receive An accounting Stop recordfrom the NAs server when the user logs out ...
So, My question is: How can I verify that the Stop record is being generated and sent correctly by the "system".
Here is my AAA-Config On my NAS server:
aaa new-model
aaa authentication login default group tacacs+
aaa authentication login no_tacacs enable
aaa authentication ppp default group tacacs+
aaa authorization exec default group tacacs+
aaa authorization network default group tacacs+
aaa accounting exec default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
Please how can I resolve this Issue
Regards,,
Magdy
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide