Cisco ACS Server Problem [7:46193]

2002-06-10 Thread Jimmy 

   I am configuring a Cisco ACS server as a TACACS+
server. I have a router will use ACS server for
authentication. At the router, all parameters like
tacacs host , tacacs key has been configured. ACS
server is located inside the Firewall. Few username
are created in ACS server.

   From router , I am able to ping to the ACS server
and able to telnet to ACS server port 49. Firewall log
show that packets are accepted. However no
authentication can be done. I got "access denied".

   I have done a debug aaa authentication. 

 Jun 10 20:39:07: AAA/AUTHEN: create_user user=''
ruser='' port='tty3' rem_addr='
102.102.118.66' authen_type=1 service=1 priv=1
Jun 10 20:39:07: AAA/AUTHEN/START (0): port='tty3'
list='' action=LOGIN service=
LOGIN
Jun 10 20:39:07: AAA/AUTHEN/START (0): using "default"
list
Jun 10 20:39:07: AAA/AUTHEN/START (410787771):
Method=TACACS+
Jun 10 20:39:07: AAA/AUTHEN (410787771): status =
ERROR
Jun 10 20:39:07: AAA/AUTHEN/START (410787771):
Method=LOCAL
Jun 10 20:39:07: AAA/AUTHEN (410787771): status =
GETUSER
Jun 10 20:39:10: AAA/AUTHEN/CONT (410787771):
continue_login
Jun 10 20:39:10: AAA/AUTHEN (410787771): status =
GETUSER
Jun 10 20:39:10: AAA/AUTHEN/CONT (410787771):
Method=LOCAL
Jun 10 20:39:10: AAA/AUTHEN (410787771): status =
GETPASS
Jun 10 20:39:12: AAA/AUTHEN/CONT (410787771):
continue_login
Jun 10 20:39:12: AAA/AUTHEN (410787771): status =
GETPASS
Jun 10 20:39:12: AAA/AUTHEN/CONT (410787771):
Method=LOCAL
Jun 10 20:39:12: AAA/AUTHEN (410787771): password
incorrect
Jun 10 20:39:12: AAA/AUTHEN (410787771): status = FAIL
Jun 10 20:39:14: AAA/AUTHEN: free user='test1'
ruser='' port='tty3' rem_addr='10
2.102.118.66' authen_type=1 service=1 priv=1
Jun 10 20:39:14: AAA/AUTHEN: create_user user=''
ruser='' port='tty3' rem_addr='
102.102.118.66' authen_type=1 service=1 priv=1
Jun 10 20:39:14: AAA/AUTHEN/START (0): port='tty3'
list='' action=LOGIN service=
LOGIN
Jun 10 20:39:14: AAA/AUTHEN/START (0): using "default"
list
Jun 10 20:39:14: AAA/AUTHEN/START (440731952):
Method=TACACS+
Jun 10 20:39:14: AAA/AUTHEN (440731952): status =
ERROR 


   Does anyone has any idea ?


regards
Jimmy


__
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=46193&t=46193
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco ACS Server Problem [7:46193]

2002-06-10 Thread Patrick Donlon 

Jimmy have you checked the ACS logs? Have you created an entry for the
router in the ACS server? Also it could just be the IP address of the router
if it has multiple interfaces,

Cheers



--

email me on : [EMAIL PROTECTED]

""Jimmy"" <> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>I am configuring a Cisco ACS server as a TACACS+
> server. I have a router will use ACS server for
> authentication. At the router, all parameters like
> tacacs host , tacacs key has been configured. ACS
> server is located inside the Firewall. Few username
> are created in ACS server.
>
>From router , I am able to ping to the ACS server
> and able to telnet to ACS server port 49. Firewall log
> show that packets are accepted. However no
> authentication can be done. I got "access denied".
>
>I have done a debug aaa authentication.
>
>  Jun 10 20:39:07: AAA/AUTHEN: create_user user=''
> ruser='' port='tty3' rem_addr='
> 102.102.118.66' authen_type=1 service=1 priv=1
> Jun 10 20:39:07: AAA/AUTHEN/START (0): port='tty3'
> list='' action=LOGIN service=
> LOGIN
> Jun 10 20:39:07: AAA/AUTHEN/START (0): using "default"
> list
> Jun 10 20:39:07: AAA/AUTHEN/START (410787771):
> Method=TACACS+
> Jun 10 20:39:07: AAA/AUTHEN (410787771): status =
> ERROR
> Jun 10 20:39:07: AAA/AUTHEN/START (410787771):
> Method=LOCAL
> Jun 10 20:39:07: AAA/AUTHEN (410787771): status =
> GETUSER
> Jun 10 20:39:10: AAA/AUTHEN/CONT (410787771):
> continue_login
> Jun 10 20:39:10: AAA/AUTHEN (410787771): status =
> GETUSER
> Jun 10 20:39:10: AAA/AUTHEN/CONT (410787771):
> Method=LOCAL
> Jun 10 20:39:10: AAA/AUTHEN (410787771): status =
> GETPASS
> Jun 10 20:39:12: AAA/AUTHEN/CONT (410787771):
> continue_login
> Jun 10 20:39:12: AAA/AUTHEN (410787771): status =
> GETPASS
> Jun 10 20:39:12: AAA/AUTHEN/CONT (410787771):
> Method=LOCAL
> Jun 10 20:39:12: AAA/AUTHEN (410787771): password
> incorrect
> Jun 10 20:39:12: AAA/AUTHEN (410787771): status = FAIL
> Jun 10 20:39:14: AAA/AUTHEN: free user='test1'
> ruser='' port='tty3' rem_addr='10
> 2.102.118.66' authen_type=1 service=1 priv=1
> Jun 10 20:39:14: AAA/AUTHEN: create_user user=''
> ruser='' port='tty3' rem_addr='
> 102.102.118.66' authen_type=1 service=1 priv=1
> Jun 10 20:39:14: AAA/AUTHEN/START (0): port='tty3'
> list='' action=LOGIN service=
> LOGIN
> Jun 10 20:39:14: AAA/AUTHEN/START (0): using "default"
> list
> Jun 10 20:39:14: AAA/AUTHEN/START (440731952):
> Method=TACACS+
> Jun 10 20:39:14: AAA/AUTHEN (440731952): status =
> ERROR
>
>
>Does anyone has any idea ?
>
>
> regards
> Jimmy
>
>
> __
> Do You Yahoo!?
> Yahoo! - Official partner of 2002 FIFA World Cup
> http://fifaworldcup.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=46205&t=46193
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]