Solved: AAA Accounting to Log Commands to Windows 2008 NPS

Ali Razavi · ‎07-17-2013

Hi everyone,

We have configured our Cisco devices to use Windows 2008 NPS for radius. However, we are unable to configure aaa accounting for priv 15 commands to use the same radius servers for logging privileged mode commands. During configuration using the following command:

aaa accounting commands 15 default start-stop group RADIUS_SERVERS

I noticed that there are only TACACS+ servers and 'group' categories as options. After entering the radius servers group, I realized that the command is not saved and when inspecting the logs I saw the following:

The server-group "MF_RAD" is not a tacacs+ server group. Please define "RADIUS_SERVERS" as a tacacs+ server group.

Does this mean that the 'commands' accounting feature ( and probably most others ) can only be enabled when using a TACACS+ server?

Thanks in advance

Jatin Katyal · ‎07-17-2013

You got it absolutely right. Command accounting only works with tacacs+. We cannot have command accounting for radius protocol. Radius accounting only gives you start and stop packet of the sessions.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

View solution in original post

Jatin Katyal · ‎07-17-2013

You got it absolutely right. Command accounting only works with tacacs+. We cannot have command accounting for radius protocol. Radius accounting only gives you start and stop packet of the sessions.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin