Hello Masoud -
It looks like you are doing most things correctly in your Radiator configuration, but I suspect you may have a problem because you are not sending the addtional attributes required by the Cisco. You will need to add at least what is shown below: <AuthBy SQL> DBSource dbi:ODBC:NTTacDB DBUsername sa DBAuth xxxxx Identifier SQL1 AuthSelect select passwd,timeleft from users where id='%n' AuthColumnDef 0, User-Password, check AuthColumnDef 1, Session-Timeout, reply AcctSQLStatement update users set \ timeleft=timeleft-0%{Acct-Session-Time} \ where id = '%n' AddToReply Service-Type = Framed-User, Framed-Protocol = PPP NoDefault </AuthBy> There may be additional reply attributes required depending on what else you are doing on the Cisco. BTW - you should watch what is going on on the Cisco by looking at the Cisco "debug" information. regards Hugh On Friday 26 October 2001 00:15, Masuod - wrote: > Dear anybody, > In order to ba able to automatically end the remote users' sessions > on our Cisco NAS, we need to enable session-timeout attr on the > Radiator, and Cisco. I've read lots and lots of your mails, and Cisco > documents, which have helped me a lot, but still no good! > Has anyone solved this issue? I'd really appreciate your help. > Followings are the configurations I've done on my cisco and radiator. > I know that the Radiator sends the attribute correctly,(according to > the log included below) but somehow Cisco discards this information. > > If this is not possible, how do you guys handle your users' left > time, using Radiator?(disconnecting it when the time is over!) > > > MANY MANY THANKS ALREADY! > > > > > > Thu Oct 25 16:46:31 2001: DEBUG: Packet dump: > *** Received from x.x.x.x port 1645 .... > Code: Access-Request > Identifier: 43 > Authentic: <227><226><225>@z<218>[<137><15><29>i<6>z<0><136><175> > Attributes: > NAS-IP-Address = x.x.x.x > NAS-Port = 47 > NAS-Port-Type = Async > User-Name = "14w560" > User-Password = "|<219><243><164>f<135><17><14>4#V<23><244>1<242>+" > Service-Type = Framed-User > Framed-Protocol = PPP > > Thu Oct 25 16:46:31 2001: DEBUG: Handling request with Handler > 'Realm=DEFAULT' > Thu Oct 25 16:46:31 2001: DEBUG: Deleting session for 14w560, > 217.219.1.12, 47 > Thu Oct 25 16:46:31 2001: DEBUG: Handling with Radius::AuthSQL > Thu Oct 25 16:46:31 2001: DEBUG: Handling with Radius::AuthSQL: > IrangateSQL > Thu Oct 25 16:46:31 2001: DEBUG: Query is: select passwd,timeleft > from users where tac_id='14w560' > > Thu Oct 25 16:46:31 2001: DEBUG: Radius::AuthSQL looks for match with > 14w560 > Thu Oct 25 16:46:31 2001: DEBUG: Radius::AuthSQL ACCEPT: > Thu Oct 25 16:46:31 2001: DEBUG: Access accepted for 14w560 > Thu Oct 25 16:46:31 2001: DEBUG: Packet dump: > *** Sending to 217.219.1.12 port 1645 .... > Code: Access-Accept > Identifier: 43 > Authentic: <227><226><225>@z<218>[<137><15><29>i<6>z<0><136><175> > Attributes: > Session-Timeout = 733 > > > > > > ----------------Radiator configuration follows: > > Foreground > LogStdout > LogDir . > DbDir . > Trace 4 > > <Client DEFAULT> > Secret mysecret > DupInterval 0 > </Client> > > <Client x.x.x.x> > Secret xxxx > DupInterval 0 > </Client> > > <AuthBy SQL> > DBSource dbi:ODBC:NTTacDB > DBUsername sa > DBAuth xxxxx > Identifier SQL1 > AuthSelect select passwd,timeleft from users where id='%n' > AuthColumnDef 0, User-Password, check > AuthColumnDef 1, Session-Timeout, reply > NoDefault > </AuthBy> > > > <Realm DEFAULT> > AuthBy SQL1 > </Realm> > > > ------ NAS configuration follows: > > Current configuration : 4587 bytes > ! > version 12.1 > service timestamps debug uptime > service timestamps log uptime > no service password-encryption > ! > hostname Access_Srv3 > ! > aaa new-model > > aaa authentication ppp default group radius > aaa accounting network default start-stop group radius > enable secret 5 xxxxxxx > enable password password > ! > ip subnet-zero > > ip name-server 198.81.209.2 > ip name-server 195.146.32.1 > ! > ! > ! > ! > interface Ethernet0/0 > ip address x.x.x.x 255.255.255.0 secondary > > ip address x.x.x.x 255.255.255.0 > > ! > interface Group-Async1 > ip unnumbered Ethernet0/0 > ip access-group 190 in > ip wccp web-cache redirect out > encapsulation ppp > async mode interactive > peer default ip address pool (213) > ppp authentication pap > group-range 33 48 > ! > ip local pool (213) x.x.x.x x.x.x.x > ip local pool (217) x.x.x.x x.x.x.x > ip classless > ip route 0.0.0.0 0.0.0.0 x.x.x.x > no ip http server > ! > tacacs-server host x.x.x.1 > tacacs-server host x.x.x.2 > tacacs-server timeout 10 > tacacs-server key xxxxxxxxx > snmp-server community xxxxx RO 15 > radius-server host x.x.x.x auth-port 1645 acct-port 1646 > radius-server retransmit 3 > radius-server key xxxxxxx > ! > line con 0 > transport input none > line 33 48 > session-timeout 15 > modem InOut > modem autoconfigure discovery > autocommand ppp > transport input all > autoselect during-login > autoselect ppp > stopbits 1 > flowcontrol hardware > line aux 0 > line vty 0 4 > password xxxxxxx > ! > end > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.