Using FreeRadius to coordinate access to cisco routers based on time
Alan DeKok
aland at deployingradius.com
Fri May 23 19:17:17 CEST 2014
Frank Cui wrote:
> I have tested to change the user config file to be :
>
> cisco Auth-Type := System
> Service-Type = NAS-Prompt-User,
> Cisco-AVPair = "shell:priv-lvl=15",
> Session-Timeout = 20
Which is 20 seconds. Probably not what you want.
> But it doesn't seem to resolve the problem, not sure if the Cisco
> terminal server requires any special configs other than the following :
>
> aaa new-model
> aaa authentication login default group radius local none
> aaa authorization exec default group radius if-authenticated
> aaa accounting exec default start-stop group radius
> aaa accounting network default start-stop group radius
> aaa accounting connection default start-stop group radius
The NAS might not pay attention to Session-Timeout. NASes are like
that...
Alan DeKok.
More information about the Freeradius-Users
mailing list