Re: TACACS+ Authentication problem. from Farrukh Haroon on 2010-01-21 (Ccielab archives 01/2010)

From: Farrukh Haroon <farrukhharoon_at_gmail.com>
Date: Thu, 21 Jan 2010 16:51:45 +0300

Most probably the GSR's IP is not configured as a client on the ACS. Or you
have configured an IP different from the one used by GSR tou source TACACS
packets.

Check the failed attempts log in ACS, it will show you the IP used by GSR to
connect to the ACS, and the error will be something like 'unknown
client/nas'.

Regards

Farrukh

On Thu, Jan 21, 2010 at 1:22 PM, prateek reddy <prateek.reddyk_at_gmail.com>wrote:

> Tacacs was implemented through out the network.. Out of all peers jus one
> peer i.e CISCO GSR 12140 it is not getting authenticated. Below is the
> output of Debug... so please help me solving that thatk you.
>
>
>
> an 21 15:10:29.830: AAA/AUTHEN/START (3181024263): Method=TACACS+
> an 21 15:10:29.830: TAC+: send AUTHEN/START packet ver=192 id=3181024263
> an 21 15:10:29.942: AAA/AUTHEN (3181024263): status = ERROR
> an 21 15:10:29.942: AAA/AUTHEN/START (3181024263): Method=LOCAL
> an 21 15:10:29.942: AAA/AUTHEN (3181024263): status = GETUSER
> sername:
> an 21 15:10:58.601: AAA/AUTHEN/CONT (3181024263): continue_login
> (user='(undef)')
> an 21 15:10:58.601: AAA/AUTHEN (3181024263): status = GETUSER
> an 21 15:10:58.601: AAA/AUTHEN/CONT (3181024263): Method=LOCAL
> an 21 15:10:58.601: AAA/AUTHEN/LOCAL (3181024263): no username: GETUSER
> an 21 15:10:58.601: AAA/AUTHEN (3181024263): status = GETUSERrajesh
> assword:
> an 21 15:11:02.237: AAA/AUTHEN/CONT (3181024263): continue_login (user='')
> an 21 15:11:02.237: AAA/AUTHEN (3181024263): status = GETUSER
> an 21 15:11:02.237: AAA/AUTHEN/CONT (3181024263): Method=LOCAL
> an 21 15:11:02.237: AAA/AUTHEN (3181024263): status = GETPASS
> Authentication failed.
> an 21 15:11:06.672: AAA/AUTHEN/CONT (3181024263): continue_login
> (user='rajesh')
> an 21 15:11:06.672: AAA/AUTHEN (3181024263): status = GETPASS
> an 21 15:11:06.672: AAA/AUTHEN/CONT (3181024263): Method=LOCAL
> an 21 15:11:06.672: AAA/AUTHEN (3181024263): User not found
> an 21 15:11:06.672: AAA/AUTHEN (3181024263): status = FAIL
>
> --
> With Regards,
> K.V.Madhu Prateek Reddy.
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Thu Jan 21 2010 - 16:51:45 ART

This archive was generated by hypermail 2.2.0 : Thu Feb 04 2010 - 20:28:41 ART