Here are some of my Cisco NAS's configs :
aaa new-model
aaa authentication login LINELOCAL line
aaa authentication login NO_RADIUS enable
aaa authentication ppp default radius
aaa authentication ppp PPPLOCAL local
aaa authorization network default radius
aaa authorization network TESTRAD radius
aaa accounting network default start-stop radius
Then do the following :
1. Turn on TimeBanking in RadiusNT
2. Make a service that would make use of TimeBanking. Don't assign a
Session-Timeout service default or this service. Doing so would enforce the
value of this default to apply to everyone, even if his TimeLeft is some
other value. This seems to be a bug in RadiusNT 2.5.
3. All other services must be assigned a Session-Timeout service default of
0. Not doing this will cause RadiusNT to send a Session-Timeout ack packet
(with a very large value of 670,000,000+) to the NAS. When this happens,
TimeBanking won't work for anyone anymore. Yup, this is bad and I have
reported this to support@iea-software.com already. Am awaiting their
response. If you see this happen, pls raise the issue with them again.
If anyone is using RadiusNT 3.0 already and this bug does not appear, pls
tell me so.
That's about it.
Enjoy.
- Danny
----- Original Message -----
From: Admin <admin@parod.com>
To: <ntisp@iea-software.com>
Sent: Monday, August 31, 1998 10:47 PM
Subject: Re: Cisco Idle-timeout/Session-timeout
> Would you please post it when they get you the release as I have been
> waiting for 2 years for this.
>
> Darryl Etter
> -----Original Message-----
> From: Ronnie D. Franklin <ronnie@itexas.net>
> To: 'ntisp@emerald.iea.com' <ntisp@emerald.iea.com>
> Date: Monday, August 31, 1998 9:08 AM
> Subject: RE: Cisco Idle-timeout/Session-timeout
>
>
> >The problem still exists.. and I have been through about 15 revisions so
> >far... They have a "fix" with the VSA.. but some other bugs were
introduced
> >along the way.. so we have not been able to really test anything that was
> >stable enough to make an evaluation.
> >
> >I have been promised the final release within the next week.... but
then...
> >it has been 6 months already!!!!!!!!!!!!!!!!!!!!
> >
> >Thanks,
> >
> >Ronnie
> >
> >
> >On Monday, August 31, 1998 4:58 AM, Danny Sinang
[SMTP:danny@uplink.com.ph]
> >wrote:
> >> Ronnie,
> >>
> >> Did you ever get a solution to this problem you once posted ?
> >>
> >> I plan to buy an AS5200 and this is one of the problems I face.
> >>
> >> Or does Cisco have a new IOS that now supports this ?
> >>
> >> - Danny
> >>
> >> -----Original Message-----
> >> From: Ronnie D. Franklin <ronnie@itexas.net>
> >> To: 'ntisp@emerald.iea.com' <ntisp@emerald.iea.com>
> >> Date: Monday, February 09, 1998 9:27 AM
> >> Subject: Cisco Idle-timeout/Session-timeout
> >>
> >>
> >> >The Cisco IOS (11.2/11.3) presently does not support the Radius
> >attributes
> >> >for Idle-Timeout and Session-Timeout... for PPP sessions. Anyone know
> >of a
> >> >script or program that runs on NT that will go out and look at the
Cisco
> >> >user information and then disconnect them if the idle time equals a
> >given
> >> >value?????
> >> >
> >> >I have seen this floating around for unix, but not NT
> >> >
> >> >ronnie@itexas.net
> >> >
> >> > ----------------------------------------------------------
> >> > NTISP Mailing List listserver@emerald.iea.com
> >>
> >>
> >
> >
>
For more information about this list (including removal) go to:
http://www.iea-software.com/support/maillists/liststart