Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4352
Views
0
Helpful
4
Replies

ACS 5.1 issues with same username and password on multiple users

ewood2624
Level 5
Level 5

‎12-06-2010 07:49 AM - edited ‎03-10-2019 05:38 PM

We are having some issues in ACS 5.1 with multiple users using the same username and password.  In ACS, users will authenticate and then suddenly drop off and disassociate from ACS usually within 3-5 minutes.  We have about 150 scanners that we use with the same username and password, but our users do not want to have to sign into the handheld and then the application to get logged in.  I had read some post on the max-sessions option in 4.1 and 3.3, but the "max-sessions" option won't be available until ACS 5.3.  So I guess my questions is, does anyone else have the same issues with multiple users with same username and password and if so, how did you fix it?

Labels:
0 Helpful
4 Replies 4

Tiago Antunes
Cisco Employee
Cisco Employee

‎12-08-2010 02:18 AM

Hi,

As far as I know, the "max sessions" featre is only available as from acs 5.3, as you were told.

So currently we expect that there is no fix limit for the max number of sessions for a single user.

Now, if your clients are sudenly disconnecting then I would expect something else behind it...

Do you see any error message on the ACS?

Are the users able to authenticate and work for a period of time and then sudnely they have to re-authenticate?

What is exactly the users experience?

HTH,

Tiago

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

0 Helpful

ewood2624
Level 5
Level 5
In response to Tiago Antunes

‎12-08-2010 06:13 AM

Tiago,

The clients that we are using are Dolphin 9900 scanners and we have about 150 of them.  The only thing our users see is that the scanner has disconnected from the network.  When they disconnect from the network, it seemed that they were in batches of 10-20 at a time.  The devices would re-associate after about 3-5 minutes, then another batch of 10-20 would disconnect.  The disconnected devices were random on various floors and buildings throughout our campus.  Here is what we were seeing on the ACS:

Failure Reason: 24401 Could not establish connection with ACS Active Directory agent

Protocol: RADIUS

Authentication Status: Fail

Failure Reason : 24454 User authentication against Active Directory failed because of a timeout error Protocol : RADIUS

Failure Reason : 11051 RADIUS packet contains invalid state attribute Protocol : RADIUS

Failure Reason : 11500 Invalid or unexpected EAP payload received.

Protocol : RADIUS

What is the max allowed sessions on ACS 5.1 and 5.2 with the same username and password?

0 Helpful

Not applicable
In response to ewood2624

‎01-22-2011 10:28 AM

^^^^

Did you ever find your answer on the max sessions allowed for a given account on 5.2?  We have several sites that use a static account for over 100+ devices & we are also seeing the 11051 invalid attribute error...

0 Helpful

ewood2624
Level 5
Level 5
In response to

‎01-24-2011 07:15 AM

I still haven't found out the max allowed sessions as of yet.  Hopefully, ACS 5.3 will be released soon.  According to the TAC guys, it is supposed to have the max-sessions feature enabled.  Last I was told, the release is supposed to be Feb-March time frame.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents