Options
% Authentication failed acs server
hodgey87
Member Posts: 232
Morning all,
Just wondered if anyone could help me out.
I just want basic connectivity between the server and the router but im not able to authenticate any users. The only commands ive used here are:
tacacs-server host 192.168.1.3
tacacs-server key cisco
aaa authentication login default local
aaa authentication login EXAMPLE group tacacs+ local
aaa authentication login default local
line vty 0 4
login authentication EXAMPLE
ive got users set up on the server and ive got a client set up as 192.168.1.254 which is the address of the router.
Just wondered if im missing anything
cheers
edit
this is the debug im getting
Router#
Router#
Router#
Router#
Router#
Router#
*Mar 1 00:14:24.595: AAA/BIND(0000000A): Bind i/f
*Mar 1 00:14:24.611: AAA/AUTHEN/LOGIN (0000000A): Pick method list 'EXAMPLE'
*Mar 1 00:14:24.755: TPLUS: Queuing AAA Authentication request 10 for processin
g
*Mar 1 00:14:24.763: TPLUS: processing authentication start request id 10
*Mar 1 00:14:24.771: TPLUS: Authentication start packet created for 10()
*Mar 1 00:14:24.775: TPLUS: Using server 192.168.1.3
*Mar 1 00:14:24.815: TPLUS(0000000A)/0/NB_WAIT/661F02C8: Started 5 sec timeout
*Mar 1 00:14:24.999: TPLUS(0000000A)/0/NB_WAIT: socket event 2
*Mar 1 00:14:25.023: TPLUS(0000000A)/0/NB_WAIT: wrote entire 36 bytes request
*Mar 1 00:14:25.027: TPLUS(0000000A)/0/READ: socket event 1
*Mar 1 00:14:25.031: TPLUS(0000000A)/0/READ: Would block while reading
*Mar 1 00:14:25.263: TPLUS(0000000A)/0/READ: socket event 1
*Mar 1 00:14:25.267: TPLUS(0000000A)/0/READ: read entire 12 header bytes (expec
t 16 bytes data)
*Mar 1 00:14:25.271: TPLUS(0000000A)/0/READ: socket event 1
*Mar 1 00:14:25.275: TPLUS(0000000A)/0/READ: read entire 28 bytes response
*Mar 1 00:14:25.275: TPLUS(0000000A)/0/661F02C8: Processing the reply packet
*Mar 1 00:14:25.295: TPLUS: Received authen response status GET_USER (7)
*Mar 1 00:14:32.391: TPLUS: Queuing AAA Authentication request 10 for processin
g
*Mar 1 00:14:32.407: TPLUS: processing authentication continue request id 10
*Mar 1 00:14:32.411: TPLUS: Authentication continue packet generated for 10
*Mar 1 00:14:32.411: TPLUS(0000000A)/0/WRITE/661F02C8: Started 5 sec timeout
*Mar 1 00:14:32.447: TPLUS(0000000A)/0/WRITE: wrote entire 20 bytes request
*Mar 1 00:14:37.411: TPLUS(0000000A)/0/READ/661F02C8: timed out
*Mar 1 00:14:37.419: TPLUS: Authentication start packet created for 10(lee)
*Mar 1 00:14:37.423: TPLUS(0000000A)/0/READ/661F02C8: timed out, clean up
*Mar 1 00:14:37.423: TPLUS(0000000A)/0/661F02C8: Processing the reply packet
*Mar 1 00:14:48.139: AAA/AUTHEN/LOGIN (0000000A): Pick method list 'EXAMPLE'
*Mar 1 00:14:48.203: TPLUS: Queuing AAA Authentication request 10 for processin
g
*Mar 1 00:14:48.211: TPLUS: processing authentication start request id 10
*Mar 1 00:14:48.219: TPLUS: Authentication start packet created for 10()
*Mar 1 00:14:48.219: TPLUS: Using server 192.168.1.3
*Mar 1 00:14:48.287: TPLUS(0000000A)/0/NB_WAIT/661F02C8: Started 5 sec timeout
*Mar 1 00:14:48.407: TPLUS(0000000A)/0/NB_WAIT: socket event 2
*Mar 1 00:14:48.459: TPLUS(0000000A)/0/NB_WAIT: wrote entire 36 bytes request
*Mar 1 00:14:48.459: TPLUS(0000000A)/0/READ: socket event 1
*Mar 1 00:14:48.475: TPLUS(0000000A)/0/READ: Would block while reading
*Mar 1 00:14:48.643: TPLUS(0000000A)/0/READ: socket event 1
*Mar 1 00:14:48.643: TPLUS(0000000A)/0/READ: read entire 12 header bytes (expec
t 16 bytes data)
*Mar 1 00:14:48.647: TPLUS(0000000A)/0/READ: socket event 1
*Mar 1 00:14:48.647: TPLUS(0000000A)/0/READ: read entire 28 bytes response
*Mar 1 00:14:48.671: TPLUS(0000000A)/0/661F02C8: Processing the reply packet
*Mar 1 00:14:48.699: TPLUS: Received authen response status GET_USER (7)
Just wondered if anyone could help me out.
I just want basic connectivity between the server and the router but im not able to authenticate any users. The only commands ive used here are:
tacacs-server host 192.168.1.3
tacacs-server key cisco
aaa authentication login default local
aaa authentication login EXAMPLE group tacacs+ local
aaa authentication login default local
line vty 0 4
login authentication EXAMPLE
ive got users set up on the server and ive got a client set up as 192.168.1.254 which is the address of the router.
Just wondered if im missing anything
cheers
edit
this is the debug im getting
Router#
Router#
Router#
Router#
Router#
Router#
*Mar 1 00:14:24.595: AAA/BIND(0000000A): Bind i/f
*Mar 1 00:14:24.611: AAA/AUTHEN/LOGIN (0000000A): Pick method list 'EXAMPLE'
*Mar 1 00:14:24.755: TPLUS: Queuing AAA Authentication request 10 for processin
g
*Mar 1 00:14:24.763: TPLUS: processing authentication start request id 10
*Mar 1 00:14:24.771: TPLUS: Authentication start packet created for 10()
*Mar 1 00:14:24.775: TPLUS: Using server 192.168.1.3
*Mar 1 00:14:24.815: TPLUS(0000000A)/0/NB_WAIT/661F02C8: Started 5 sec timeout
*Mar 1 00:14:24.999: TPLUS(0000000A)/0/NB_WAIT: socket event 2
*Mar 1 00:14:25.023: TPLUS(0000000A)/0/NB_WAIT: wrote entire 36 bytes request
*Mar 1 00:14:25.027: TPLUS(0000000A)/0/READ: socket event 1
*Mar 1 00:14:25.031: TPLUS(0000000A)/0/READ: Would block while reading
*Mar 1 00:14:25.263: TPLUS(0000000A)/0/READ: socket event 1
*Mar 1 00:14:25.267: TPLUS(0000000A)/0/READ: read entire 12 header bytes (expec
t 16 bytes data)
*Mar 1 00:14:25.271: TPLUS(0000000A)/0/READ: socket event 1
*Mar 1 00:14:25.275: TPLUS(0000000A)/0/READ: read entire 28 bytes response
*Mar 1 00:14:25.275: TPLUS(0000000A)/0/661F02C8: Processing the reply packet
*Mar 1 00:14:25.295: TPLUS: Received authen response status GET_USER (7)
*Mar 1 00:14:32.391: TPLUS: Queuing AAA Authentication request 10 for processin
g
*Mar 1 00:14:32.407: TPLUS: processing authentication continue request id 10
*Mar 1 00:14:32.411: TPLUS: Authentication continue packet generated for 10
*Mar 1 00:14:32.411: TPLUS(0000000A)/0/WRITE/661F02C8: Started 5 sec timeout
*Mar 1 00:14:32.447: TPLUS(0000000A)/0/WRITE: wrote entire 20 bytes request
*Mar 1 00:14:37.411: TPLUS(0000000A)/0/READ/661F02C8: timed out
*Mar 1 00:14:37.419: TPLUS: Authentication start packet created for 10(lee)
*Mar 1 00:14:37.423: TPLUS(0000000A)/0/READ/661F02C8: timed out, clean up
*Mar 1 00:14:37.423: TPLUS(0000000A)/0/661F02C8: Processing the reply packet
*Mar 1 00:14:48.139: AAA/AUTHEN/LOGIN (0000000A): Pick method list 'EXAMPLE'
*Mar 1 00:14:48.203: TPLUS: Queuing AAA Authentication request 10 for processin
g
*Mar 1 00:14:48.211: TPLUS: processing authentication start request id 10
*Mar 1 00:14:48.219: TPLUS: Authentication start packet created for 10()
*Mar 1 00:14:48.219: TPLUS: Using server 192.168.1.3
*Mar 1 00:14:48.287: TPLUS(0000000A)/0/NB_WAIT/661F02C8: Started 5 sec timeout
*Mar 1 00:14:48.407: TPLUS(0000000A)/0/NB_WAIT: socket event 2
*Mar 1 00:14:48.459: TPLUS(0000000A)/0/NB_WAIT: wrote entire 36 bytes request
*Mar 1 00:14:48.459: TPLUS(0000000A)/0/READ: socket event 1
*Mar 1 00:14:48.475: TPLUS(0000000A)/0/READ: Would block while reading
*Mar 1 00:14:48.643: TPLUS(0000000A)/0/READ: socket event 1
*Mar 1 00:14:48.643: TPLUS(0000000A)/0/READ: read entire 12 header bytes (expec
t 16 bytes data)
*Mar 1 00:14:48.647: TPLUS(0000000A)/0/READ: socket event 1
*Mar 1 00:14:48.647: TPLUS(0000000A)/0/READ: read entire 28 bytes response
*Mar 1 00:14:48.671: TPLUS(0000000A)/0/661F02C8: Processing the reply packet
*Mar 1 00:14:48.699: TPLUS: Received authen response status GET_USER (7)
Comments
-
Options
Ahriakin
Member Posts: 1,799 ■■■■■■■■□□
What do your ACS logs show, are there failed attempts registering? If you have multiple interfaces on the router try setting one explicitly as the TACACS source (ip tacacs-source xxxxx), use the same IP for the client address in ACS (Loopbacks are an excellent choice for this).We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?