ACS 5.1 - RADIUS Proxy Accounting Logs

Similar Messages

• ACS 5.1 RADIUS Proxy - Adding RADIUS attributes

  Is there anyway under ACS 5.1 to add RADIUS attributes to outgoing RADIUS proxy auth requests or failing this to RADIUS proxy accounting updates?
  As soon as I configure a RADIUS proxy services, there is little config I can do other than to say whether or not the prefix and suffix is to be stripped.
  I can add these attributes if using an external RADIUS box as an identity store, but I cannot do this for this particular service and instead I need to use RADIUS proxying.
  Thanks
  Paul

  Hi Steve,
  The shared secret is 100% correct.
  Finally I find out that there may be some white lists for attributes.
  If I keep NAS-Identifier , it will work.
  But it can't pass all VSA (3GPP sub-attributes) , it only shows one or three in BOTH ACS and RADIUS Server.
  The other is the RADIUS VSA User Define Options (which is in SA > C > D > P > RADIUS > RADIUS VSA > Edit ) .
  When 'Vendor Length Field Size' changes to 0 , All sub-attributes pass thought ACS .
  The RADIUS Server gets the message from NSA.
  Of course, there is the Proxy-State attribute.
  In this condition, the ACS has incorrect output in the sub-attribute.
  Now I try 5.2 to see the problem exist or not.

• ACSv5.1, lack of clarity on radius accounting logs

  Hi,
  We are using an ACS 5.1 for remote VPN customers for radius authentication and accounting purposes.
  When I check the radius accounting logs, there are certain entries that do not make sense to me.
  For instance, there are certain Accounting session ids (refer 'Acct_Session_Id') with only a STOP record. But I do not see a START record corresponding to the session id. I am able to see many such entries.
  Can anybody throw some light on this information??
  Note - The customer environment consists of remote users who try to access the central NAS using IPSec. Requests that come to the NAS get directed to the ACS for AAA purposes.
  Also provided are some sample ACS logs [refer highlighted section]
  Regards,
  Abishek

  Hi welshydragon,
  The Openreach Superfast Fibre Broadband rollout is still in it's early stages and the plans are always being added too. 
  So your exchange may be added to the rollout plans later in the future. 
  The build of the fibre broadband infrastructure isn't always easy and can be very complex, so needs a lot of planning to start with and can take some time. Go to http://superfast-openreach.co.uk/the-big-build/ for information on the build.
  You can register your interest for Fibre Broadband such as BT Infinity by going to http://www.superfast-openreach.co.uk/expression-ge​n.aspx
  Unfortunately BT Retail (a communication provider/ISP who operates this forum) does not have much say as to when and if you will be able to get FTTC or FTTP/H based broadband such as BT Infinity.
  I also take it from your username that you live in Wales. If this is correct then see below.
  If you live in Wales, then the Welsh Government has recently started to plan the development of Superfast Fibre broadband in Wales.
  You may want to have a look at The Welsh Government Next Generation Broadband Wales Scheme-(Click Here To View) and Here
  Also the http://superfast-cymru.com website has only just become online and will give information about the Openreach Superfast Fibre broadband rollout in Wales.
  **The Fibre-Optic Broadband Rollout is being managed and done by Openreach for all communication providers/ISPs.
  BT Retail (a communication provider/ISP) has nothing to do with the rollout of fibre broadband.**
  Hope that helps,
  Cheers
  jac_95 | BT.com Help Site | BT Service Status
  Someone Solved Your Question?
  Please let other members know by clicking on ’Mark as Accepted Solution’
  Try a Search
  See if someone in the community had the same problem and how they got it resolved.

• Radius Authentication - Reauthentication via Accounting logs

  Hi,  we'r working on a scenario like this;
  Client logs in to an WLAN via dot1x authentication, though we want to be able to disable re-authentication of the client on the radius when the session-timeout is reached. We also need the accounting logs to make sure that we can also kill the session if a certain traffic limit is reached. (WiSM-1 , 7.0.116 code)
  The thing is that, whenever the session timeout occurs(that we set manually on the wlan), the client re-authanticates automatically and we can see access-requests and stuff though in terms of status we only see an "interim-update" accounting package in the radius thus unable to take action.  The controller also uses PMK lifetime instead of the session-timeout we set which, I suppose, is derived fromt he session-timeout and some other timers as well. How do we get an accouting log when the session-timeout is reached thus the client needs to reauthenticate? (or how do we differentiate it actually, since we already see a log but its just an interim-update log)
  WLC fires this when the PMK timeout is triggered.
  15:23:35.224: ec:35:86:95:14:5e Initiating 802.1x due to PMK Timeout Event for STA.....15:23:35.562: ec:35:86:95:14:5e Setting re-auth timeout to 300 seconds, got from WLAN config.15:23:35.562: ec:35:86:95:14:5e Station ec:35:86:95:71:5e setting dot1x reauth timeout = 300...15:23:35.563: ec:35:86:95:14:5e Disabling re-auth since PMK lifetime can take care of same.
  after the negotiation part(which is also not enough to make differentiation); radius gets this.
  15:23:35.588: P6231982: Trace of Accounting-Request packet...15:23:35.592: P6231982:    Acct-Status-Type = Interim-Update
  Is there a way to enforce a session-timeout and make sure that the client will not re-auth automatically after this timeout and get and appropriate radius log?. PS: PMK cannot be disabled before 7.2 and WiSM-1 doesn't support that.
  Thanks a lot for your responses in advance
  Regards,
  A.

  Hey Scott, thanks for the tip.
  The thing is, after an idle-timeout expires, I can see a stop accouting log at the radius side.
  But after a session-timeout expires, I can only see an (re)authentication (without any start of course) and an interim-update log which gives no clue if this is a normal interim update or its sent because of the session-timeout. How am I to find which interim-update means a re-auth because of a session-timeout? or is it possible to make it send another accounting log to help me mark the session end?
  Regards,
  A.

• ACS 5.5 RADIUS OUTBOUND Attributes Injection feature

  Hello
  I'm having a look at the RADIUS OUTBOUND Attributes Injection feature for the External Proxy service in ACS version 5.5.0.46.
  The use case is:
  ACS uses the External Proxy service to authenticate wireless users with certain domain suffixes
  Sometimes the username Access-Accept comes back with the domain suffix stripped.
  The result of this is:
  ACS logs a successful authentication with the sent username (with suffix)
  ACS sends the Access-Accept to the WLC and the user is listed on the WLC (without suffix)
  Subsequent accounting packets for the user appear in ACS (without suffix)
  In the past I've used a freeradius proxy server between ACS and the external proxy to 'rewrite' the username in the Access-Accept so that it matches the username origianlly sent in the Access-Request. The code for this looked something like the following.
  Post-proxy {
  update outer.reply {
  User-Name := "%{request:User-Name}"
  I'm looking to do the above solely with ACS but I can't see the Radius-ietf username attribute listed under the RADIUS OUTBOUND Attributes Injection feature. Is it possible to rewrite the username attribute in ACS 5.5?
  Thanks
  Andy

  Don't think this can be done in ACS 5.5 when using an External Proxy Service Type.
  Interestingly, it appears to be possible with a Network Access Service Type. Under Allowed Protocols there is a tick box for Send as User-Name in RADIUS Access-Accept - one of the options is RADIUS Access-Request User-Name. Hopefully this will be implemented in a future release for External Proxy.
  Cheers
  Andy

• ISE acting as Radius Proxy Client?

  Hi,
  I have an issue where a remote company has there internal redius server and I have my ISE radius server.
  When there users come to my site, they can authenticate with my wireless and my ISE server proxies the request to there home site to be authenticated and tells me if I should allow them access or not.
  So standard radius proxy and it all works well when my ISE server begins the exchange.
  However if my staff go to there site the reverse is not working, they are proxying the requests back OK, and I can see on the firewall and router the incomming radius packets destined to my ISE server. But there is no recourd on the ISE server of ever reciving them and it all times out.
  Is tehre some thing I need to do to allow ISE to act as the client in a radius proxy set up?
  Cheers.
  Oh I am running version 1.2

  Hi Aaron,
  Check the Cisco ISE dashboard (Operations > Authentications) for any indication regarding the nature of RADIUS communication loss. (Look for instances of your specified RADIUS usernames and scan the system messages that are associated with any error message entries.)
  Log into the Cisco ISE CLI5 and enter the following command to produce RADIUS attribute output that may aid in debugging connection issues:
  test aaa group radius new-code
  If this test command is successful, you should see the following attributes:
  Connect      port
  Connect NAD      IP address
  Connect      Policy Service node IP address
  Correct      server key
  Recognized      username or password
  Connectivity      between the NAD and Policy Service node
  You can also use this command to help narrow the focus of the potential problem with RADIUS communication by deliberately specifying incorrect parameter values in the command line and then returning to the administrator dashboard (Operations > Authentications) to view the type and frequency of error message entries that result from the incorrect command line. For example, to test whether or not user credentials may be the source of the problem, enter a username and or password that you know is incorrect, and then go look for error message entries that are pertinent to that username in the Operations > Authentications page to see what Cisco ISE is reporting.)
  Note This command does not validate whether or not the NAD is configured to use RADIUS, nor does it verify whether the NAD is configured to use the new AAA model.
  The Cisco ISE network enforcement device (switch) is missing the radius-server vsa send accounting command.
  Verify that the switch RADIUS configuration for this device is correct and features the appropriate command(s).
  For more details please go through the following link:
  http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/troubleshooting_guide/ise_tsg.html#pgfId-192989

• No Accept for Radius (IETF) Accounting

  Hello,
  i have a Problem with the Radius Accounting.
  In my Network i have a Cisco ACS 3.3 where the Users will connect via Intraselect (Dial-In Telekom Radius Proxy). The Radius Authentication (Port 1812) is ok (Radius Request, Cisco ACS Accept), but when the Radius Proxy from the Telkom will request the Accounting Information on Port 1813, there will no Accept by the Cisco ACS (i saw this with the Etherial Sniffer). So the ACS will not lock the IP-Adress explizit for any User und sometimes more than one User will have the same IP-Adress.
  Any Idea, why the Cisco ACS will not handle the Accounting Information?
  Best Regards
  Hartmut

  Cisco ACS does handle the accounting information. Except that it cannot be used for extreme granularity.

• LEAP Radius proxy with PEAPv0

  I'm doing a lab using Cisco ACS 4.1 LEAP Proxy RADIUS External User Databaser, and works fine but I don't understand why. So, I don't know if it's a stable solution.
  I have the following scenario:
  WinXP SP2
  PEAPv0 (EAP-MSCHAPv2)
  |
  v
  Cisco 3640
  802.1x Wired Port Access Control
  |
  v
  Cisco ACS 4.1
  External User Database
  LEAP Proxy RADIUS
  |
  v
  Freeradius 2.0.1
  MS-CHAPv1 user + MPPE MS Extension
  I'm using the native WinXP SP2 802.1x supplicant client (EAP-MSCHAPv2), to link a Cisco 3640 FE port protected by dot1x. The IOS is configured to authenticate with a Cisco ACS 4.1, where I'm created a user that use as External User Database a LEAP Proxy RADIUS, with destination a Freeradius in the Backend.
  Then, I configured the Freeradius to authenticate the user using MSCHAPv1 (+ MS-CHAP-MPPE-Keys with the use_mppe parameter option set in the config). And it works!
  So, my question are:
  1) Does the Cisco ACS LEAP Proxy RADIUS feature work also with PEAPv0?
  3) Does the ACS internally translate the MSCHAPv2 challenge response to a MSCHAPv1 challenge response? Are they compatible?
  2) Is this a stable solution?
  Regards
  FP

  Thanks four your reply, but I'm sure the ACS can internaylly translate the challenges, because my lab works. Please remember, my WinXP is configured to use MSCHAPv2, and my Freeradius is configured to use MSCHAPv1. The only restrinctions they have, are that the Freeradius have to send the MS-CHAP-MPPE-Keys, and the Cisco ACS has to be configured to use LEAP Proxy RADIUS as External Database User.
  Another interesting test I did, was modify in the freeradius response the MS-CHAP-MPPE-Keys (changing the rlm_mschap module). Normally it's composed by 8 bytes from LM-Password (a hash of the plain password) and 16 bytes from NT-Password (another hash of the plain password). Changing with zeros the LM-Password portion, the authentication still works! But changing one byte of the NT-Password portion, the authentication fails... so, only the NT-Password is needed to proxy MSCHAPv2 to MSCHAPv1..
  My problem is, that my backend RADIUS only support MSCHAPv2, and I need to put the Cisco ACS in the Frontend. So, the question is, is teorically possible to proxy MSCHAPv1 to MSCHAPv2? If it's possible, probably I will use a Freeradius to work as a proxy between them...

• Empty accounting log in ISE

  Hi,
  I am using ISE1.1.1 with 2960.
  Recently I found there is some empty log in accounting report.(see AAA accounting.png)
  So I do a sniffer and find out that source IP is the 2960.
  Then I got to check the log in "Network Device Log"(See Network device log.png)
  I can see the IP address of 2960.
  Can anybody know why the log in AAA accouting is empty and how to get rid of them.
  Some aaa and radius config in 2960.
  aaa new-model
  aaa authentication dot1x default group radius
  aaa authorization network default group radius
  aaa accounting dot1x default start-stop group radius
  aaa server radius dynamic-author
  client X.X.X.X server-key 7 0XXXXXXX43
  aaa session-id common
  radius-server attribute 6 on-for-login-auth
  radius-server attribute 8 include-in-access-req
  radius-server attribute 25 access-request include
  radius-server dead-criteria time 5 tries 3
  radius-server host X.X.X.X auth-port 1812 acct-port 1813
  radius-server key 7 XXXXXXXX500
  radius-server vsa send accounting
  radius-server vsa send authentication
  Thanks.

  Hi,
  In Cisco ISE to see live failed and passed authentication logs
  Operations>authentications>live authentications and then click on detail.
  For failed login attempts by administrator.
  Monitor > Reports > Catalog > Server Instance > Server Administrator Logins report
  For understanding and configuring loggs
  Administration > System > Logging

• SQL agent proxy account for Powershell

  I am trying to use a sql agent proxy account for PowerShell. Created the ad account, credential and the proxy but because the PowerShell accesses a bunch o sql servers it errors out.Even when I created a login for all the sql servers the powershell is trying
  to access it still failed so next I'd need to look at what permissions the powershell ad account needs to the objects it accesses. Is this the correct approach?
  What is the best way to go here and avoid using a sysadmin account to run the sql agent powershell job? Thanks!
  Paula

  Hi,
  Please check the error message in job history for details of job failed.
  Sysadmin is required or not depends on what you want to achieve on the SQL Server. For example, to execute sp_readerrorlog, the login must be a member of the securityadmin role and it is not required sysadmin.
  It does need to create the login(proxy account) on the all the SQL Server instances.
  A SQL Server Agent Proxy defines the security context under which different job steps run. The proxy contains the credentials of a Windows user account that does have access to the resources needed by the job. If you have a proxy specified in a job step, SQL
  Server Agent will impersonate the proxy account and run the job step while impersonating that user account.
  In order to find out the required permission, you may log in with this Windows user account(proxy credential) and run the PowerShell on the local machine and see the result. Alternately, connect in SQL Server Management Studio with this login and see what
  permission is required to execute the script.
  Thanks.
  Tracy Cai
  TechNet Community Support

• Tacacs+ accounting log question

  I have a tacacs server running for accounting purpose only (so I use local authentiation). So I can collect all accounting logs only.
  This is a snapshot for accounting part.
  Tacacs accounting logs
  <102> 2014-02-23 10:20:22 [10.254.1.2:22823] 02/23/2014 10:20:22 NAS_IP=10.254.1.x Port=443 rem_addr=10.254.50.129 User= brian Flags=Stop task_id=57 cmd=perfmon interval 10 service=shell elapsed_time=0
  <102> 2014-02-23 10:23:51 [10.254.1.2:58167] 02/23/2014 10:23:51 NAS_IP=10.254.1.x Port=0 rem_addr=10.254.50.129 User=brian Flags=Stop task_id=58 cmd=configure term service=shell elapsed_time=0
  <102> 2014-02-24 07:06:31 [10.254.1.2:19784] 02/24/2014 07:06:31 NAS_IP=10.254.1.x Port=443 rem_addr=10.254.51.166 User=mike Flags=Stop task_id=59 cmd=perfmon interval 10 service=shell elapsed_time=0
  <102> 2014-02-24 07:07:53 [10.254.1.2:19254] 02/24/2014 07:07:53 NAS_IP=10.254.1.x Port=0 rem_addr=10.254.51.166 User=mike Flags=Stop task_id=5a cmd=configure term service=shell elapsed_time=0
  As you can see, I can't see any command lines, such as show int ip b.   I can see all routers and switches logs, but ASA logs shows only like above. No mather what commands I used, it only shows above logs. Do i miss something? I like to capture all commands lines when users use ASDM because we use always ASDM.
  I used Free tacacs+ server, not ACS.
  Thanks for your time.

  Hi Patrick,
  In the ACS View Reports (Monitoring & Reports >     Reports >     Catalog >     AAA Protocol) you can select the
  radio button and by selecting 'Run' on the bottom run a specific query. Without that by default you will see only a report from one day.
  For the 2nd question, yes the ACS View is designed to store that information, however if needed you can send the logs to an external syslog server or perfrom regular backups of the ACS View database.
  Kind regards,
  Pawel

• Redundant Azure MFA on-premise - second RADIUS proxy keeps shutting down

  Are the MFA replicas meant to be full-service nodes (capable of handling authentications while replicating from the master)?   
  My second Azure MFA instance replicates just fine but it stops the RADIUS proxy service a few minutes after I manually restart the service.   This stop seems to be happening after each replication.
  From the MultiFactorAuthRadiusSvc.log file
  2014-10-07T21:00:54.581716Z|0|1956|3764|pfradsvc|RadProxy Constructing PfSvcClient...
  2014-10-07T21:00:54.581716Z|0|1956|3764|pfradsvc|RadProxy PfSvcClient constructed successfully.
  2014-10-07T21:00:54.581716Z|w|1956|3764|pfradsvc|Calling RadProxy main().
  2014-10-07T21:00:54.581716Z|0|1956|3500|pfradsvc|Config polling thread entry.
  2014-10-07T21:00:54.581716Z|w|1956|3500|pfradsvc|Calling config polling main().
  2014-10-07T21:03:01.191901Z|i|1956|3004|pfradsvc|handlerEx: SERVICE_CONTROL_STOP
  2014-10-07T21:03:01.191901Z|i|1956|3232|pfradsvc|Shutting down.
  2014-10-07T21:03:01.191901Z|0|1956|3232|pfrad|Shutdown.
  From the MultiFactorAuthSvc.log
  2014-10-07T21:03:01.176275Z|0|1120|2052|slave|Received 573440 bytes in 0.265622 s.
  2014-10-07T21:03:01.176275Z|0|1120|2052|slave|Implying a 17.271 Mbps lower bound for channel bandwidth.
  2014-10-07T21:03:01.176275Z|i|1120|2052|slave|Txns writtenTsn = 24896.
  2014-10-07T21:03:01.176275Z|i|1120|2052|slave|Txns complete = true.
  2014-10-07T21:03:01.176275Z|i|1120|2052|slave|Txns pbvi = 0x0000000001DD0000.
  2014-10-07T21:03:01.176275Z|i|1120|2052|slave|replace_current_amdf new = 'C:\Program Files\Multi-Factor Authentication Server\Data\PhoneFactor.pfdata_n_8859344C.tmp'.
  2014-10-07T21:03:01.176275Z|i|1120|2052|slave|replace_current_amdf old = 'C:\Program Files\Multi-Factor Authentication Server\Data\PhoneFactor.pfdata_o_8859344C.tmp'.
  2014-10-07T21:03:01.176275Z|i|1120|2052|slave|replace_current_amdf new - 573440 bytes.
  2014-10-07T21:03:01.176275Z|0|1120|2052|slave|Flushed.
  2014-10-07T21:03:01.176275Z|0|1120|2052|slave|Loading update.
  2014-10-07T21:03:01.176275Z|0|1120|2052|SDF,persist|SDF_NTB() entry.
  2014-10-07T21:03:01.176275Z|0|1120|2052|SDF,persist|fileVersion = 0x00000015 = 21
  2014-10-07T21:03:01.176275Z|0|1120|2052|SDF,persist|minReaderVer = 0x00000015 = 21
  2014-10-07T21:03:01.176275Z|0|1120|2052|SDF,persist|minModifierVer = 0x00000015 = 21
  2014-10-07T21:03:01.176275Z|0|1120|2052|SDF,persist|offsetFirstSbBegin = 0x0000000000000400 = 1024
  2014-10-07T21:03:01.176275Z|0|1120|2052|SDF,persist|offsetLastSbEnd = 0x000000000008C000 = 573440
  2014-10-07T21:03:01.176275Z|0|1120|2052|SDF,persist|tsnNext = 0x0000000000006141 = 24897
  2014-10-07T21:03:01.176275Z|0|1120|2052|SDF,persist|tsnWritten = 0x0000000000006140 = 24896
  2014-10-07T21:03:01.176275Z|0|1120|2052|SDF,persist|tsnFlushReqd = 0x0000000000006140 = 24896
  2014-10-07T21:03:01.176275Z|0|1120|2052|SDF,persist|tsnFlushed = 0x000000000000613E = 24894
  2014-10-07T21:03:01.176275Z|0|1120|2052|SDF,persist|SDF_NTB() exit.
  2014-10-07T21:03:01.176275Z|0|1120|2052|SDF,persist|Loading SDF content . . .
  2014-10-07T21:03:01.191901Z|0|1120|2052|SDF,persist|SDF content loaded, 0.015626 s.
  2014-10-07T21:03:01.191901Z|0|1120|2052|slave|Update loaded.
  2014-10-07T21:03:01.191901Z|0|1120|2052|slave|Moving 'C:\Program Files\Multi-Factor Authentication Server\Data\PhoneFactor.pfdata' to 'C:\Program Files\Multi-Factor Authentication Server\Data\PhoneFactor.pfdata_o_8859344C.tmp'.
  2014-10-07T21:03:01.191901Z|0|1120|2052|slave|Moving 'C:\Program Files\Multi-Factor Authentication Server\Data\PhoneFactor.pfdata_n_8859344C.tmp' to 'C:\Program Files\Multi-Factor Authentication Server\Data\PhoneFactor.pfdata'.
  2014-10-07T21:03:01.191901Z|i|1120|2052|pfsvc|Attempting to stop 'MultiFactorAuthRadiusSvc' service.
  2014-10-07T21:03:01.191901Z|i|1120|2052|pfsvc|Requested stop of 'MultiFactorAuthRadiusSvc' service.

  I found the issue, one must enable the replica servers to act as RADIUS proxies.   Additional MFA servers are not enabled for RADIUS automatically (even if the master is).

• Accounting Log filling up with useless data

  I am getting my ACS Accounting logs filled with useless data from about 12 devices. I think I have found the cause - I just don't know how to fix it.
  The accounting data has a username we have not used for months, and I stumbled upon this by looking at various show commands on the devices that are causing the problem.
  When I do a "sh aaa sessions", I see this:
  CE-WIN-IDF16-3750-Stack1#sh aaa session
  Total sessions since last reload: 189
  Session Id: 1
     Unique Id: 127
     User Name: *not available*
     IP Address: 0.0.0.0
     Idle Time: 0
     CT Call Handle: 0
  Session Id: 354
     Unique Id: 263
     User Name: cenetmgmt
     IP Address: 10.62.7.15
     Idle Time: 0
     CT Call Handle: 0
  Session Id: 626
     Unique Id: 410
     User Name: leehoyle
     IP Address: 10.62.7.15
     Idle Time: 0
     CT Call Handle: 0
  I would LOVE to get rid of that Session ID: 354 if I could. I can't seem to find a suitable "clear" command. Any help out there?
  Thansk in advance!
  Lee Hoyle

  I am not trying to access anything I keep getting the message that my cloud is full than go to it to find that is is full of things from my computer and pictures from the Sims game spent 3 hours yesterday as it kept telling me that Verizon was not available. Why is my cloud not backing up my phone but randomly backing up my computer which I do not need. This is using the desktop Icon. I have not even opened it on my desktop until I tried to delete the stuff on it it did this on its own.

• Accounting/Logging

  My server appears to have both logging and accounting turned on. When I
  compare the loggs to the accounting. It appears that not all requests are
  being added to the accounting log. Why would this be? Also how do I
  change the logging files to last longer than 7 days?
  Thanks

  I'll give this a try.
  Thanks
  > RADIUS accounting runs separately from RADIUS authentication. In order
  for
  > the RADIUS server to add an entry to the accounting log, it must receive
  an
  > accounting request from the Network Access Server (NAS). Your NAS might
  not
  > be sending an accounting request for each authentication attempt, or
  some of
  > the requests might not be getting through for some reason.
  >
  > You can make RADIUS change accounting files monthly instead of weekly by
  > loading RADIUS with the following command line:
  >
  > radius rollOver=monthly
  >
  > >>> <[email protected]> 12/20/2004 7:27:47 AM >>>
  > My server appears to have both logging and accounting turned on. When I
  > compare the loggs to the accounting. It appears that not all requests
  are
  > being added to the accounting log. Why would this be? Also how do I
  > change the logging files to last longer than 7 days?
  >
  > Thanks
  >
  >

• When i Log into instagram it say my account  is disable but when i log in on another iphone my instagram account log's in. when i try logging into another account it continue to say disable. Why cant i log into instagram or make another one on my iphone?

  When i Log into instagram it say my account  is disable but when i log in on another iphone my instagram account log's in. When i try logging into another account on my phone it continue to say disable. i also tried to make a new instagram on my phone but it wont let me. i deleted the app over and over again but it still wont let me log into any instagram account. Why cant i log into instagram or make another one on my iphone?
  Is is=t possable to have your phone banned from a app forever???
  HELP !!

  I just asked the same thing and did some research. Some people have said  that the UDID code is like banned from instagram, but your account isn't. I'm able to use it on my phone but not on my iPod.