+ Reply to Thread
Results 1 to 3 of 3
  1. Senior Member
    Join Date
    Feb 2007
    Location
    Birmingham, UK
    Posts
    232

    Certifications
    CCENT, CCNA, CCNA:Security
    #1

    Default % Authentication failed acs server

    Morning all,

    Just wondered if anyone could help me out.

    I just want basic connectivity between the server and the router but im not able to authenticate any users. The only commands ive used here are:

    tacacs-server host 192.168.1.3
    tacacs-server key cisco

    aaa authentication login default local
    aaa authentication login EXAMPLE group tacacs+ local
    aaa authentication login default local

    line vty 0 4
    login authentication EXAMPLE

    ive got users set up on the server and ive got a client set up as 192.168.1.254 which is the address of the router.

    Just wondered if im missing anything

    cheers

    edit-----

    this is the debug im getting

    Router#
    Router#
    Router#
    Router#
    Router#
    Router#
    *Mar 1 00:14:24.595: AAA/BIND(0000000A): Bind i/f
    *Mar 1 00:14:24.611: AAA/AUTHEN/LOGIN (0000000A): Pick method list 'EXAMPLE'
    *Mar 1 00:14:24.755: TPLUS: Queuing AAA Authentication request 10 for processin
    g
    *Mar 1 00:14:24.763: TPLUS: processing authentication start request id 10
    *Mar 1 00:14:24.771: TPLUS: Authentication start packet created for 10()
    *Mar 1 00:14:24.775: TPLUS: Using server 192.168.1.3
    *Mar 1 00:14:24.815: TPLUS(0000000A)/0/NB_WAIT/661F02C8: Started 5 sec timeout
    *Mar 1 00:14:24.999: TPLUS(0000000A)/0/NB_WAIT: socket event 2
    *Mar 1 00:14:25.023: TPLUS(0000000A)/0/NB_WAIT: wrote entire 36 bytes request
    *Mar 1 00:14:25.027: TPLUS(0000000A)/0/READ: socket event 1
    *Mar 1 00:14:25.031: TPLUS(0000000A)/0/READ: Would block while reading
    *Mar 1 00:14:25.263: TPLUS(0000000A)/0/READ: socket event 1
    *Mar 1 00:14:25.267: TPLUS(0000000A)/0/READ: read entire 12 header bytes (expec
    t 16 bytes data)
    *Mar 1 00:14:25.271: TPLUS(0000000A)/0/READ: socket event 1
    *Mar 1 00:14:25.275: TPLUS(0000000A)/0/READ: read entire 28 bytes response
    *Mar 1 00:14:25.275: TPLUS(0000000A)/0/661F02C8: Processing the reply packet
    *Mar 1 00:14:25.295: TPLUS: Received authen response status GET_USER (7)
    *Mar 1 00:14:32.391: TPLUS: Queuing AAA Authentication request 10 for processin
    g
    *Mar 1 00:14:32.407: TPLUS: processing authentication continue request id 10
    *Mar 1 00:14:32.411: TPLUS: Authentication continue packet generated for 10
    *Mar 1 00:14:32.411: TPLUS(0000000A)/0/WRITE/661F02C8: Started 5 sec timeout
    *Mar 1 00:14:32.447: TPLUS(0000000A)/0/WRITE: wrote entire 20 bytes request
    *Mar 1 00:14:37.411: TPLUS(0000000A)/0/READ/661F02C8: timed out
    *Mar 1 00:14:37.419: TPLUS: Authentication start packet created for 10(lee)
    *Mar 1 00:14:37.423: TPLUS(0000000A)/0/READ/661F02C8: timed out, clean up
    *Mar 1 00:14:37.423: TPLUS(0000000A)/0/661F02C8: Processing the reply packet
    *Mar 1 00:14:48.139: AAA/AUTHEN/LOGIN (0000000A): Pick method list 'EXAMPLE'
    *Mar 1 00:14:48.203: TPLUS: Queuing AAA Authentication request 10 for processin
    g
    *Mar 1 00:14:48.211: TPLUS: processing authentication start request id 10
    *Mar 1 00:14:48.219: TPLUS: Authentication start packet created for 10()
    *Mar 1 00:14:48.219: TPLUS: Using server 192.168.1.3
    *Mar 1 00:14:48.287: TPLUS(0000000A)/0/NB_WAIT/661F02C8: Started 5 sec timeout
    *Mar 1 00:14:48.407: TPLUS(0000000A)/0/NB_WAIT: socket event 2
    *Mar 1 00:14:48.459: TPLUS(0000000A)/0/NB_WAIT: wrote entire 36 bytes request
    *Mar 1 00:14:48.459: TPLUS(0000000A)/0/READ: socket event 1
    *Mar 1 00:14:48.475: TPLUS(0000000A)/0/READ: Would block while reading
    *Mar 1 00:14:48.643: TPLUS(0000000A)/0/READ: socket event 1
    *Mar 1 00:14:48.643: TPLUS(0000000A)/0/READ: read entire 12 header bytes (expec
    t 16 bytes data)
    *Mar 1 00:14:48.647: TPLUS(0000000A)/0/READ: socket event 1
    *Mar 1 00:14:48.647: TPLUS(0000000A)/0/READ: read entire 28 bytes response
    *Mar 1 00:14:48.671: TPLUS(0000000A)/0/661F02C8: Processing the reply packet
    *Mar 1 00:14:48.699: TPLUS: Received authen response status GET_USER (7)
    Last edited by hodgey87; 08-13-2009 at 10:37 AM.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Feb 2007
    Location
    Birmingham, UK
    Posts
    232

    Certifications
    CCENT, CCNA, CCNA:Security
    #2
    Anyone help at all ???
    Reply With Quote Quote  

  4. SupremeNetworkOverlord Moderator Ahriakin's Avatar
    Join Date
    Oct 2005
    Location
    ::1/128
    Posts
    1,798

    Certifications
    CCIE #23276-Sec, JNCIE-Sec #105, TCSE #2343,MCSE 2003-Sec,LPIC-1
    #3
    What do your ACS logs show, are there failed attempts registering? If you have multiple interfaces on the router try setting one explicitly as the TACACS source (ip tacacs-source xxxxx), use the same IP for the client address in ACS (Loopbacks are an excellent choice for this).
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks