Using FreeRadius to coordinate access to cisco routers based on time
Frank Cui
ycui at outlook.com
Fri May 23 19:07:22 CEST 2014
> Frank Cui wrote:
> > I have tested to change the user config file to be :
> >
> > cisco Auth-Type := System
> > Service-Type = NAS-Prompt-User,
> > Cisco-AVPair = "shell:priv-lvl=15",
> > Session-Timeout = 20
>
> Which is 20 seconds. Probably not what you want.
Yeh, I actually explicitly set it to be a short time so that I can test this.
> > But it doesn't seem to resolve the problem, not sure if the Cisco
> > terminal server requires any special configs other than the following :
> >
> > aaa new-model
> > aaa authentication login default group radius local none
> > aaa authorization exec default group radius if-authenticated
> > aaa accounting exec default start-stop group radius
> > aaa accounting network default start-stop group radius
> > aaa accounting connection default start-stop group radius
>
> The NAS might not pay attention to Session-Timeout. NASes are like
> that...
Should all the radius clients support all these well known Attribute VPs ?
ThanksFrank
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140523/678c4ee2/attachment.html>
More information about the Freeradius-Users
mailing list