ciscosecure

ciscosecure

Post by sen.. » Fri, 16 Jun 2000 04:00:00



Hi
I am using cisco secure ACS in Solaris. Max_session seems not working.
Because stop records are sometimes send to the secondary AAA server.

I expecting that ACS will finger/snmp NAS when a new user logs in to
double check max_session. Only server based max_session seems supported.

Is there anyone uses ACS for UNIX and working max_session = 1

pls reply to mail

regards

senol gulgonul

Sent via Deja.com http://www.deja.com/
Before you buy.

 
 
 

ciscosecure

Post by j.com.. » Fri, 16 Jun 2000 04:00:00



>Hi
>I am using cisco secure ACS in Solaris. Max_session seems not working.
>Because stop records are sometimes send to the secondary AAA server.

>I expecting that ACS will finger/snmp NAS when a new user logs in to
>double check max_session. Only server based max_session seems supported.

>Is there anyone uses ACS for UNIX and working max_session = 1

>pls reply to mail

>regards

>senol gulgonul

>Sent via Deja.com http://www.deja.com/
>Before you buy.

Hi,

We use CiscosecureASC/NT 2.4 on two NT BDC's and we have exactly the
same problem, strange is that i see 2 logged in users and when i purge
them, acs say's that he has purged 9! users (the other 7 weren't on
the second AAA server and were in fact broken connections).
Those users could not logon anymore.


(remove "nospam")

 
 
 

ciscosecure

Post by Aidan Mark » Sun, 18 Jun 2000 04:00:00


Max sessions with more than one AAA server doesn't work, especially with
CSU.  How can you guarantee that the same server will process the start and
stop records.  It really is an impossible task when CS does not have any
feature to either check with the other server and checkpoint.  Given the
fact that one or both of the servers may be down at some time, there can be
no absolute guarantee that any server knows the real session details.

Your only safeguard is the timeout interval for sessions.  Basically, if you
do multiple AAA and don't have a concurrency mechanism, switch max sessions
OFF.

CSU does not probe any boxes, no fingering, no snmp.  It just sits there and
waits for records and times out sessions when appropriate.

With the limitations of CSU in this area (having no checkpointing process
with either the NASes or other AAA server), attempting to introduce load
balancing, redundancy or any combination of the above (with max_sessions
enabled of course), whether manually load balancing boxes or automatically
do it through L4/7 switches for example, is in conflict with the way AAA
works.  It's not as easy as say persistent http connections.

Load balancing, backup AAA etc works great without max sessions. :)

Make sure you are using CSU 2.3(5).

Aidan


> Hi
> I am using cisco secure ACS in Solaris. Max_session seems not working.
> Because stop records are sometimes send to the secondary AAA server.

> I expecting that ACS will finger/snmp NAS when a new user logs in to
> double check max_session. Only server based max_session seems supported.

> Is there anyone uses ACS for UNIX and working max_session = 1

> pls reply to mail

> regards

> senol gulgonul

> Sent via Deja.com http://www.deja.com/
> Before you buy.

 
 
 

1. Installation Problem with CiscoSecure ACS 2.3(2)

I have a CiscoSecure Access Control Server 2.3(2) for Solaris, which
used to work well for patched Solaris 2.5.1 or 2.6. But after I
upgrade my OS to Solaris 8, problems occur while checking patches:

--------------
ciscoworks#pkgadd -d ./CSCEacs
pkgadd: ERROR: no packages were found in </cdrom/csus_232/CSCEacs>
ciscoworks#pkgadd -d /cdrom/csus_232 CSCEacs

Processing package instance <CSCEacs> from </cdrom/csus_232>

CiscoSecure Access Control Software
(sun4) 2.3(2)

Copyright(c) 1996-1999 Cisco Systems, Inc.
CiscoSecure Access Control Server
Version 2.3(2)
All Rights Reserved.
To install this product, you must agree to accept the terms
of the enclosed license [accept=y,exit=n,exit=q]: y

checking patches...

Patch: 106529-03 (or a later version) must be installed
Patch: 103566-08 (or a later version) must be installed
Patch: 103600-03 (or a later version) must be installed
Patch: 103640-08 (or a later version) must be installed

The patches above must be updated or installed to continue
 installation of CiscoSecure on Solaris 2.5.1.

 The latest versions of the patches may be downloaded from

 http://sunsolve.sun.com

 README files for each
 patch are also available from the site.
pkgadd: ERROR: request script did not complete successfully

Installation of <CSCEacs> failed.
No changes were made to the system.
ciscoworks#
--------------------

Can any one tell me if there is a way to solve this problem?

Thanks!

2. HP 7100 Series been Discontinued?

3. CiscoSecure: Page timed out

4. HUBBELL PREMISE WIRING

5. CiscoSecure ACS 3.3 and MS Active Directory ?

6. Kris is a man.

7. VPN 3000 Concentrator, CiscoSecure ACS & SecurID

8. Running Tracer in ARM SDT

9. CiscoSecure IDS vs. RealSecure

10. Re-enabling a user account in CiscoSecure ACS using CLI

11. ciscosecure acs certificate question

12. CiscoSecure ACS & Aironet

13. Licence number CiscoSecure