On Fri, Jun 21, 2002 at 08:25:15PM +0200, Gerald Krause wrote: > Hi, > > Fduch the Pravking wrote: > > Some user tries to log in on this Cisco, > > and gets Access-Reject, but Cisco > > (I don't know whether it has already > > processed Access-Reject at this moment) > > sends Accounting-Stop packet for that user > > without corresponding Accounting-Start packet. > > perhaps this is not a bug but rather a feature > because I have found (and want use) two nice Cisco > statements called > "aaa accounting send stop-record authentication failure" > and > "aaa accounting resource default stop-failure" > to log rejected login attempts and ressource problems...
Great, Thanks! I should have searched through docs first... However, it's a feature for you, but a trouble for us... First, this command appeared in IOS 12.1 only, while we have 12.0, so I can't disable it. It's strange why IOS 12.0 has this feature, but doesn't support config command for it... Second, it doesn't always work like here - mostly Cisco doesn't send Stop-record. And I'm sure that this "hacker" does something to force Cisco send it. If I new what he does... Talking with "tywe" <[EMAIL PROTECTED]>, you wrote: > Maybe the remote side did not get the expected > response fast enough to complete the authentication within a proper > time and thats why the auth-phase is terminated by a ordinary timeout. Well, maybe this is what "hacker" does. I'll try to reproduce this. Thanks again! > In this case the remote one can send you a STOP packet with a zero > session time to notify a "authentication failure". (I use exactly this > feature on our Cisco NASes.) But the question remains: How can I disable this feature on IOS 12.0(4) ?.. -- Fduch M. Pravking - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html