سلام
چند بار این سوال پرسیده شده که در صورت ریست شدن اکسس سرور کاربرها در لیست nttac باقی میمونند و برای رفع این مشکل چکار باید کرد؟
متاسفانه من هر چه سرچ کردم پاسخی برای این سوال پیدا نکردم
در یکی از فروم ها مطلبی را دیدم که در manual نرم افزار nttac گفته شده برای sync کردن اکسس سرور و nttac میشه به شکل زیر عمل کرد
نقل از صفحه 38 راهنمای NTTacPlus:

Resynchronization with Cisco NASes

Accounting messages are vital for the proper working of NTTacPlus, which bases its knowledge of active sessions and time and traffic usage on START, STOP and UPDATE records which are sent by the NAS as accounting messages.
Unfortunately sometimes it may happen (also because of problems in the IOS operating systems) that with Cisco NASes some STOP records (session end) are not transmitted to NTTacPlus, preventing it from knowing the end of a user session. In this case NTTacPlus keeps on showing the user as active, even if he is no more; this situation creates some problems relevant to the wrong recording of “used” time and traffic and furthermore it does not allow a right calculation of the user active sessions (blocking if necessary also new legal attempts).

NTTacPlus includes a method based on some RSHELL extensions in order to re-create an updated list of active sessions, even if a STOP message was undelivered.
In order to enable this feature it is necessary first of all to check that in the Cisco the RSHELL protocol is active, (the same protocol used to send the commands for forced disconnection); the protocol activation commands are the same:

!
username SYSTEM privilege 15 password doesnt_matter
ip rcmd rsh-enable
ip rcmd remote-host SYSTEM a.b.c.d SYSTEM enable
!

(preserve case as written!)

where a.b.c.d is the address of NTTacPlus server, while the password of the SYSTEM local account has no meaning because it is not used by RSHELL.
Set out the following parameters in the configuration window of NTTacPlus:

Section Parameter Value
Backup/synch List of NAS to query IP list, separated by commas, of Cisco NAS to be queried
List of valid interfaces List of interfaces to be included in the synchronization (empty=all)
Perform synchronization during active users periodic check It carries out a verification with RSHELL during every active users check.
Perform synchronization on maxlogin collision detected It carries out a verification with RSHELL when it notices unauthorized contemporary accesses.
Username for RSHELL protocol Username to use with RSHELL
Command to issue with RSHELL Command sent through RSHELL to get back the user list

Inserting in List of NAS to query a comma separated list of IP addresses of Cisco NASes, NTTacPlus can automatically rebuild , when restarted, the list of the active users connected (except for Caller ID).
It is possible to filter the valid interfaces (for example in order to exclude virtual interfaces dynamically created) by inserting the list of interfaces, separated by commas; jolly characters are allowed (for example “Async*, tty*, Serial*”). Leaving the field blank, all the interfaces for which an accounting active action exists are retrieved.
The Perform synchronization during active users periodic check tells NTTacPlus to ask Cisco through RSHELL for the list of active accounts during each periodic check of active users (whose frequency is configurable in the General section), compare it with the displayed list and, if there are some differences, update its list according to what it was received from Cisco.
The Perform synchronization on maxlogin collision detected indicates NTTacPlus to ask Cisco, through RSHELL, for the list of active accounts when a user tries to exceed the number of the allowed contemporary accesses. In that case NTTacPlus, before denying the access and taking severe measures, verifies through information given back from RSHELL that the overcoming is effective, that is, all the sessions reported for that user are effectively in process.

These two last options guarantee always a real correspondence between the effective users and the sessions reported by NTTacPlus. However they have a side effect: to slow NTTacPlus performance, because any query through RSHELL stops the authentication and accounting processes during its execution (it can take up to 5 seconds).

The option username for RSHELL protocol makes possible to configure the username through which NTTacPlus sends the NAS the RSHELL requests, and this should coincide with the local account created in Cisco for rsh (preserving case).
The option Command to issue with RSHELL configures exactly the command to be sent to the Cisco NAS by NTTacPlus in order to retrieve the list of the accounting active actions.
The last two options should be left on default values (respectively SYSTEM and show accounting) except on particular need.

خوب من اینکار رو انجام دادم و بجای دستور show accounting که در IOS های جدید دستور show aaa user all جایگزین شده استفاده کردم ولی اتفاقی که میفته اینه که userها در فواصل زمانی تعریف شده در تب جنرال برای sync شدن که مثلا یک دقیقه هست دیسکانت میشن یعنی هر یک دقیقه که لیست یوزرها چک میشه تمام انها قطع میشن این میتونه به این معنی باشه که دستور show aaa user all نمیتونه لیست یوزرها را به nttac بفرسته و در نتیجه به علت عدم تطابق لیست ها همه کاربرها قطع میشن
میخواستم بدونم کسی در این زمینه تجربه ای داره و آیا راهی برای حل این مشکل هست یا خیر؟


موضوعات مشابه: