Hello all
I am having CiscoSecure ACS ver.3.0 which I am
planning to configure for Authentication,I have also
created users on ACS server but the users created are
unable to logon to routers as they get the message
authentication failed. I am using Cisco 2600 router
having IOS 12.0(7)T.
I am forwarding the set of commands I have configured
on router as well the debug message while loging using
Debug aaa authentication command
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Ciscosecure
!
aaa new-model
enable secret 5 $1$SPn7$M6Fn.fHp/UlAXP8Zcid6P0
aaa authentication login group1 local group tacacs+
aaa authentication login group1 group tacacs+
!
username vicky password 0 vino12
!
!
!
memory-size iomem 25
ip subnet-zero
!
tacacs-server host 172.18.1.2
tacacs-server attempts 4
tacacs-server timeout 10
tacacs-server key ciscosecure
The debug output on the screen as follows and user
does not get authenticated.
04:35:24: AAA/MEMORY: create_user (0x80D7E7D8) user=''
ruser='' port='tty67' rem
_addr='129.1.32.193' authen_type=ASCII service=LOGIN
priv=1
04:35:24: AAA/AUTHEN/START (2000200146): port='tty67'
list='group1' action=LOGIN
service=LOGIN
04:35:24: AAA/AUTHEN/START (2000200146): found list
group1
04:35:24: AAA/AUTHEN/START (2000200146):
Method=tacacs+ (tacacs+)
04:35:24: TAC+: send AUTHEN/START packet ver=192
id=2000200146
04:35:24: TAC+: ver=192 id=2000200146 received AUTHEN
status = GETUSER
04:35:24: AAA/AUTHEN (2000200146): status = GETUSER
04:35:28: AAA/AUTHEN/CONT (2000200146): continue_login
(user='(undef)')
04:35:28: AAA/AUTHEN (2000200146): status = GETUSER
04:35:28: AAA/AUTHEN (2000200146): Method=tacacs+
(tacacs+)
04:35:28: TAC+: send AUTHEN/CONT packet id=2000200146
04:35:28: TAC+: ver=192 id=2000200146 received AUTHEN
status = GETPASS
04:35:28: AAA/AUTHEN (2000200146): status = GETPASS
04:35:31: AAA/AUTHEN/CONT (2000200146): continue_login
(user='satish')
04:35:31: AAA/AUTHEN (2000200146): status = GETPASS
04:35:31: AAA/AUTHEN (2000200146): Method=tacacs+
(tacacs+)
04:35:31: TAC+: send AUTHEN/CONT packet id=2000200146
04:35:31: TAC+: ver=192 id=2000200146 received AUTHEN
status = FAIL
04:35:31: AAA/AUTHEN (2000200146): status = FAIL
04:35:33: AAA/MEMORY: free_user (0x80D7E7D8)
user='satish' ruser='' port='tty67'
rem_addr='172.18.1.10' authen_type=ASCII
service=LOGIN priv=1
04:35:33: AAA: parse name=tty67 idb type=-1 tty=-1
04:35:33: AAA: name=tty67 flags=0x11 type=5 shelf=0
slot=0 adapter=0 port=67 cha
nnel=0
04:35:33: AAA/MEMORY: create_user (0x80D7E7D8) user=''
ruser='' port='tty67' rem
_addr='172.18.1.10' authen_type=ASCII service=LOGIN
priv=1
04:35:33: AAA/AUTHEN/START (2204799999): port='tty67'
list='group1' action=LOGIN
service=LOGIN
04:35:33: AAA/AUTHEN/START (2204799999): found list
group1
04:35:33: AAA/AUTHEN/START (2204799999):
Method=tacacs+ (tacacs+)
04:35:33: TAC+: send AUTHEN/START packet ver=192
id=2204799999
04:35:33: TAC+: ver=192 id=2204799999 received AUTHEN
status = GETUSER
Can somebody pls help me on this.
Thanks in advance.
Parag C.
________________________________________________________________________
Missed your favourite TV serial last night? Try the new, Yahoo! TV.
visit http://in.tv.yahoo.com
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54927&t=54927
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
