From: Granofsky, Aaron (AGranofsky@xxxxxxxxxxx)
Date: Sun Oct 08 2000 - 14:03:51 GMT-3
Title: RE: Question regarding Cisco Secure and AS5200 server
Abdul,
The end of this command is why you're not seeing connections in you're
tacacs log:
aaa accounting connection default start-stop *radius*
As to the rest I'm not sure.
Try debugging the following:
debug aaa authe
debug aaa autho
debug aaa acc
debug tacacs
The output isn't too esoteric, and should help tell you what's
happening.
You can also stop the cstacacs service and run it on the command line.
(The executable is in the cstacacs directory.) This will tell you if
the NAS output is getting to CSNT.
Hope this helps,
Aaron
-----Original Message-----
From: abdul_rahim@ccsi.canon.com [mailto:abdul_rahim@ccsi.canon.com]
Sent: Thursday, September 28, 2000 8:47 PM
To: Granofsky, Aaron
Cc: abdul_rahim@ccsi.canon.com; ccielab@groupstudy.com
Subject: RE: Question regarding Cisco Secure and AS5200 server
I have laready given the following commands on my AS5200 server
aaa new-model
aaa authentication login default local tacacs+ enable
aaa authentication login no_tacacs+ local
aaa authentication ppp default local tacacs+
aaa authorization exec default local tacacs+ if-authenticated
aaa authorization network default local tacacs+ if-authenticated
aaa accounting update newinfo
aaa accounting exec default start-stop tacacs+
aaa accounting network default start-stop tacacs+
aaa accounting connection default start-stop radius
aaa accounting system default start-stop tacacs+
But In the TACACS+ accounting log I see the following logs
09/28/2000 20:05:44 mwolf Remote Allowed async stop 467 ppp .. 62340
132916 604 661 47461 172.16.2.247 Async10 146.184.72.6 .. 970196277 ..
.. .. ..
PPP 6 2 ip .. 1 .. ..
09/28/2000 20:01:00 mwolf Remote Allowed .. NAS Reset 184 .. .. .. ..
.. .. 47461 .. Async10 146.184.72.6 .. .. .. .. .. .. .. .. .. .. ..
.. .. ..
09/28/2000 19:57:56 mwolf Remote Allowed async start .. ppp .. .. ..
.. .. 47461 .. Async10 146.184.72.6 .. 970196277 .. .. .. .. PPP 6 2
.. .. 1 ..
..
09/28/2000 19:56:49 mwolf Remote Allowed async stop 25 ppp .. 38553
7468 130
I never see a connect accts-flags and never do I see a service othere
then
ppp
Thanks in advance if some one can help me on it
Abdul
"Granofsky, Aaron" <AGranofsky@bns.nec.com> on 09/28/2000 11:07:15 AM
To: abdul_rahim@ccsi.canon.com
ccielab@groupstudy.com
cc:
Subject: RE: Question regarding Cisco Secure and AS5200 server
Abdul,
The following statements are required on the router for the telnet
session:
aaa authentication login default tacacs+
aaa authorization exec tacacs+
aaa accounting exec start-stop tacacs+
On CSNT click on Shell(Exec) under the group profile.
If you add these commands you can also do AAA on the commands that are
entered:
aaa authorization commands <0-15> tacacs+
aaa accounting commands start-stop tacacs+
To suppport command AAA on CSNT do the following within the group
profile:
assign a privilege level to the group
(optional) select the command box, and permit or deny any commands
Hope this helps,
Aaron
-----Original Message-----
From: abdul_rahim@ccsi.canon.com [mailto:abdul_rahim@ccsi.canon.com]
Sent: Thursday, September 21, 2000 11:37 AM
To: ccielab@groupstudy.com
Subject: Question regarding Cisco Secure and AS5200 server
Hi all
Can we log the connections ( telnet ) the dial up user makes after he
gets
authenticated by TACACS+ ( Cisco secure )
If yes then what are the neccessary steps needed both on the AS5200
Server
and the Cisco Secure for NT software as well
I did find that aaa accounting connection comand but It doesent shows
me
any thing on the Cisco Secure
Can any body help me on it
Thanks
Abdul Rahim
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:24 GMT-3