Re: TACACS+

From: David Ankers (d.ankers@xxxxxxxxxxxxxx)
Date: Fri Sep 15 2000 - 20:09:39 GMT-3

• Next message: Kyle Galusha: "Re: DLSW netbios filtering"
• Previous message: Sam Munzani: "Re: TACACS+"
• Maybe in reply to: Sam Munzani: "TACACS+"
• Next in thread: David Ankers: "Re: TACACS+"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Sam,

Your TACACS server is misconfigured some where maybe a key issue, wrong
password, time of day restrictions etc...

Here's a config that works fine, as you'll see it's almost the same as
your's except for the single connection to the TACACS server and I haven't
bothered with an enable password.

Username:dave
Password:

router_6>en
router_6#sh run
Building configuration...

Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname router_6
!
aaa new-model
aaa authentication login default tacacs+
aaa authentication login no_tacacs enable
aaa authentication ppp default tacacs+
aaa authorization exec default tacacs+
aaa authorization network default tacacs+
aaa accounting exec default start-stop tacacs+
aaa accounting network default start-stop tacacs+
!
ip subnet-zero
no ip domain-lookup
!
interface Ethernet0
 ip address 10.254.254.2 255.255.255.0
 no ip directed-broadcast
!
interface Ethernet1
 no ip address
 no ip directed-broadcast
 shutdown
!
interface Serial0
 no ip address
 no ip directed-broadcast
 shutdown
!
interface Serial1
 no ip address
 no ip directed-broadcast
 shutdown
!
ip classless
!
!
tacacs-server host 10.254.254.1
tacacs-server key cisco
!
line con 0
 exec-timeout 360 0
 logging synchronous
 transport preferred none
 transport input none
line aux 0
 transport input all
line vty 0 4
!
end

Regards,

David.

----- Original Message -----
From: "Sam Munzani" <smunzani@yahoo.com>
To: <rlagras1@tampabay.rr.com>; <ccielab@groupstudy.com>
Sent: Friday, September 15, 2000 11:40 PM
Subject: Re: TACACS+

> Ok. My config is attached. I have even captured my
> attempt to login to console success and telnet
> failure.
>
> Please let me know what am I doing wrong?
>
> Sam
> --- Robert LaGrasse <rlagras1@tampabay.rr.com> wrote:
> > Post your config Sam.
> >
> > All you really need to do is put the same login
> > authentication method list line in the vty 0 4
> > section of the config as you did
> > in the line con 0 section. Also be more specific as
> > to what problem you're
> > having -- are you not authenticating, are you not
> > authorizing, etc. Beware the
> > default authorization method list.
> >
> > -B (aka the IT whore)
> >
> > On Fri, 15 Sep 2000, you wrote:
> > > Hi Group,
> > >
> > > I would like to use CISCO Secure ACS server 2.4
> > for
> > > NT(TACACS+) to authenticate all my routers and
> > > switches for console, telnet and aux ports. I got
> > it
> > > working for console port but getting some errors
> > for
> > > telnet users.
> > >
> > > Is anybody there with a working sample config? I
> > will
> > > appreciate a working config to guide me where and
> > I
> > > doing wrong.
> > >
> > > Thanks in advance,
> > >
> > > Sam
> > >
> > > =====
> > > Regards,
> > >
> > > Sam Munzani
> > > sam@munzani.com
> > >

• Next message: Kyle Galusha: "Re: DLSW netbios filtering"
• Previous message: Sam Munzani: "Re: TACACS+"
• Maybe in reply to: Sam Munzani: "TACACS+"
• Next in thread: David Ankers: "Re: TACACS+"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:24:56 GMT-3