It was my Cisco-guru system administrator who tinkered around with our Cisco
NAS.
Although you have to be aware that RadiusNT will send your NAS a very large
value for Session-Timeout if :
1.You don't specify a Session-Timeout attribute in your RadiusNT Service
Defaults
2. The value of the TimeLeft field in the subaccount you are using is 0.
However, even if your TimeLeft field has a positive value, TimeBanking will
stop working for EVERYONE the moment someone logs-in and his service makes
RadiusNT send out a very large value for Session-Timeout to the Cisco NAS.
This is what I am raising as an issue about RadiusNT.
- Danny
----- Original Message -----
From: NCKCN <ttuttle@nckcn.com>
To: <emerald@iea-software.com>
Sent: Tuesday, May 16, 2000 9:36 PM
Subject: Re: [Emerald] RadiusNT - problem with TimeBanking - very big value
for Session Timeout
> Danny,
>
> So the
>
> aaa authorization network default radius
> aaa authorization network TESTRAD radius
>
> is what sets the router to be able to do Radius Attributes?
>
> -----------------------------------------------------------------
> Thanks,
> TKT
> -----------------------------------------------------------------
>
> ----- Original Message -----
> From: "Danny Sinang" <danny@uplink.com.ph>
> To: <emerald@iea-software.com>
> Sent: Tuesday, May 16, 2000 8:35 AM
> Subject: Re: [Emerald] RadiusNT - problem with TimeBanking - very big
value
> for Session Timeout
>
>
> > aaa new-model
> > aaa authentication login LINELOCAL line
> > aaa authentication login NO_RADIUS enable
> > aaa authentication ppp default radius
> > aaa authentication ppp PPPLOCAL local
> > aaa authorization network default radius
> > aaa authorization network TESTRAD radius
> > aaa accounting network default start-stop radius
> >
> > - Danny
> >
> > ----- Original Message -----
> > From: NCKCN <ttuttle@nckcn.com>
> > To: <emerald@iea-software.com>
> > Sent: Tuesday, May 16, 2000 9:22 PM
> > Subject: Re: [Emerald] RadiusNT - problem with TimeBanking - very big
> value
> > for Session Timeout
> >
> >
> > > How did you activate aaa authorization properly to get this
> accomplished?
> > > If you don't mind sending that info...
> > >
> > > :^)
> > >
> > >
> > > ----- Original Message -----
> > > From: "Danny Sinang" <danny@uplink.com.ph>
> > > To: <emerald@iea-software.com>
> > > Sent: Tuesday, May 16, 2000 8:27 AM
> > > Subject: Re: [Emerald] RadiusNT - problem with TimeBanking - very big
> > value
> > > for Session Timeout
> > >
> > >
> > > > It does. Believe me, it does. We use a Cisco 2610 with an NM-16AM
and
> > IOS
> > > > 11.3(4) .
> > > >
> > > > We just had to activate aaa authorization properly.
> > > >
> > > > - Danny
> > > >
> > > > ----- Original Message -----
> > > > From: NCKCN <ttuttle@nckcn.com>
> > > > To: <emerald@iea-software.com>
> > > > Sent: Tuesday, May 16, 2000 9:15 PM
> > > > Subject: Re: [Emerald] RadiusNT - problem with TimeBanking - very
big
> > > value
> > > > for Session Timeout
> > > >
> > > >
> > > > > Danny,
> > > > >
> > > > > I don't think the Cisco supports Session-Timeout from the Radius
> > Server.
> > > > We
> > > > > have always had to set Session-Timeout on the router itself. There
> was
> > a
> > > > > discussion a while back on this very thing and I don't think
anyone
> > got
> > > it
> > > > > to work on a Cisco.
> > > > >
> > > > > -----------------------------------------------------------------
> > > > > Thank You
> > > > > Network Administration Staff
> > > > > North Central Kansas Community Network
> > > > > -----------------------------------------------------------------
> > > > >
> > > > >
> > > > > ----- Original Message -----
> > > > > From: "Danny Sinang" <danny@uplink.com.ph>
> > > > > To: <support@iea-software.com>
> > > > > Cc: "Emerald" <emerald@iea-software.com>
> > > > > Sent: Tuesday, May 16, 2000 5:59 AM
> > > > > Subject: [Emerald] RadiusNT - problem with TimeBanking - very big
> > value
> > > > for
> > > > > Session Timeout
> > > > >
> > > > >
> > > > > > I am running RadiusNT 2.5.267 along with Emerald 2.5 using a SQL
> > > Server
> > > > > 6.5
> > > > > > database.
> > > > > >
> > > > > > I configured several services and made some Service Defaults for
> > them,
> > > > > > namely :
> > > > > >
> > > > > > 1. ServiceType = Framed
> > > > > > 2. Framed Protocol = PPP
> > > > > > 3. Session Timeout = 0
> > > > > >
> > > > > > I then enabled TimeBanking and gave several users several
minutes
> in
> > > > their
> > > > > > TimeLeft field. The problem is, no one gets disconnected after
> their
> > > > > > TimeLeft has elapsed.
> > > > > >
> > > > > > I inspected the Log file and saw that RadiusNT is sending a
> > > > SessionTimeout
> > > > > =
> > > > > > 0 to the NAS.
> > > > > >
> > > > > > Is this the way RadiusNT is supposed to work ?
> > > > > >
> > > > > > I tried deleting the SessionTimeout from the service defaults
and
> > > tried
> > > > > > dialling in as TimeBanked user. This time, the SessionTimeout
> > > attribute
> > > > it
> > > > > > sent the NAS is the remaining value of TimeLeft. However, the
user
> > > still
> > > > > > won't get disconnected from the NAS.
> > > > > >
> > > > > > My NAS is a Cisco 2600 and its debug output does not show
anything
> > > > funny.
> > > > > >
> > > > > > However, I noticed that when the NON-TimeBanked users, RadiusNT
> > sends
> > > > them
> > > > > a
> > > > > > SessionTimeout whose value is 679952640.
> > > > > >
> > > > > > What could be wrong ?
> > > > > >
> > > > > > - Danny
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > For more information about this list (including removal) go to:
> > > > > > http://www.iea-software.com/support/maillists/liststart
> > > > >
> > > > >
> > > > > For more information about this list (including removal) go to:
> > > > > http://www.iea-software.com/support/maillists/liststart
> > > >
> > > >
> > > > For more information about this list (including removal) go to:
> > > > http://www.iea-software.com/support/maillists/liststart
> > >
> > >
> > > For more information about this list (including removal) go to:
> > > http://www.iea-software.com/support/maillists/liststart
> >
> >
> > For more information about this list (including removal) go to:
> > http://www.iea-software.com/support/maillists/liststart
>
>
> For more information about this list (including removal) go to:
> http://www.iea-software.com/support/maillists/liststart
For more information about this list (including removal) go to:
http://www.iea-software.com/support/maillists/liststart