Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2153
Views
0
Helpful
1
Replies

Implementing max user sessions settings for TACACS with ACS 5.3

Luis Perez
Level 1
Level 1

‎07-09-2012 10:30 AM - edited ‎03-10-2019 07:16 PM

I'm a little confused about the configuration of max user sessions for device administration with TACACS.

When I've changed the configutration of unlimited sessions for a value in Access Policies > Max User Session Policy > Max Session User Settings

I think this value could limit the maximum number of sessions for each user, but instead this value limit in a global meaning all of my sessions.

For example: I need to limit the session for my users in 2.

user1 = Max 2 sessions

user2 = Max 2 sessions

user3 = Max 2 sessions

Whe i Put the value of 2 in Max Session User Settings

user1 + user2 + user3 = Max 2 sessions

This is a limitation of ACS 5.3 or my configuration needs something aditional.

Labels:
0 Helpful
1 Reply 1

Tarik Admani
VIP Alumni
VIP Alumni

‎07-09-2012 08:33 PM

Luis,

Are you saying that when you authenticate with user1 and user 2 that user3 isnt able to get access?

Do you have tacacs accounting enabled on the network access device?

Also what do you have configured for the group settings? If there is a maximum group setting and all the users are a member of the same group then the lesser of the two will be enforced. So if the group max sessions is set to 1 then the all users in that group will have a max session of 1.

Here is some reference material.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/user/guide/access_policies.html#wp1162177

Thanks,

Tarik Admani

0 Helpful
Customers Also Viewed These Support Documents