+ Reply to Thread
Results 1 to 3 of 3
  1. Senior Member
    Join Date
    Feb 2007
    Location
    Birmingham, UK
    Posts
    231

    Certifications
    CCENT, CCNA, CCNA:Security
    #1

    Default % Authentication failed acs server

    Morning all,

    Just wondered if anyone could help me out.

    I just want basic connectivity between the server and the router but im not able to authenticate any users. The only commands ive used here are:

    tacacs-server host 192.168.1.3
    tacacs-server key cisco

    aaa authentication login default local
    aaa authentication login EXAMPLE group tacacs+ local
    aaa authentication login default local

    line vty 0 4
    login authentication EXAMPLE

    ive got users set up on the server and ive got a client set up as 192.168.1.254 which is the address of the router.

    Just wondered if im missing anything

    cheers

    edit-----

    this is the debug im getting

    Router#
    Router#
    Router#
    Router#
    Router#
    Router#
    *Mar 1 00:14:24.595: AAA/BIND(0000000A): Bind i/f
    *Mar 1 00:14:24.611: AAA/AUTHEN/LOGIN (0000000A): Pick method list 'EXAMPLE'
    *Mar 1 00:14:24.755: TPLUS: Queuing AAA Authentication request 10 for processin
    g
    *Mar 1 00:14:24.763: TPLUS: processing authentication start request id 10
    *Mar 1 00:14:24.771: TPLUS: Authentication start packet created for 10()
    *Mar 1 00:14:24.775: TPLUS: Using server 192.168.1.3
    *Mar 1 00:14:24.815: TPLUS(0000000A)/0/NB_WAIT/661F02C8: Started 5 sec timeout
    *Mar 1 00:14:24.999: TPLUS(0000000A)/0/NB_WAIT: socket event 2
    *Mar 1 00:14:25.023: TPLUS(0000000A)/0/NB_WAIT: wrote entire 36 bytes request
    *Mar 1 00:14:25.027: TPLUS(0000000A)/0/READ: socket event 1
    *Mar 1 00:14:25.031: TPLUS(0000000A)/0/READ: Would block while reading
    *Mar 1 00:14:25.263: TPLUS(0000000A)/0/READ: socket event 1
    *Mar 1 00:14:25.267: TPLUS(0000000A)/0/READ: read entire 12 header bytes (expec
    t 16 bytes data)
    *Mar 1 00:14:25.271: TPLUS(0000000A)/0/READ: socket event 1
    *Mar 1 00:14:25.275: TPLUS(0000000A)/0/READ: read entire 28 bytes response
    *Mar 1 00:14:25.275: TPLUS(0000000A)/0/661F02C8: Processing the reply packet
    *Mar 1 00:14:25.295: TPLUS: Received authen response status GET_USER (7)
    *Mar 1 00:14:32.391: TPLUS: Queuing AAA Authentication request 10 for processin
    g
    *Mar 1 00:14:32.407: TPLUS: processing authentication continue request id 10
    *Mar 1 00:14:32.411: TPLUS: Authentication continue packet generated for 10
    *Mar 1 00:14:32.411: TPLUS(0000000A)/0/WRITE/661F02C8: Started 5 sec timeout
    *Mar 1 00:14:32.447: TPLUS(0000000A)/0/WRITE: wrote entire 20 bytes request
    *Mar 1 00:14:37.411: TPLUS(0000000A)/0/READ/661F02C8: timed out
    *Mar 1 00:14:37.419: TPLUS: Authentication start packet created for 10(lee)
    *Mar 1 00:14:37.423: TPLUS(0000000A)/0/READ/661F02C8: timed out, clean up
    *Mar 1 00:14:37.423: TPLUS(0000000A)/0/661F02C8: Processing the reply packet
    *Mar 1 00:14:48.139: AAA/AUTHEN/LOGIN (0000000A): Pick method list 'EXAMPLE'
    *Mar 1 00:14:48.203: TPLUS: Queuing AAA Authentication request 10 for processin
    g
    *Mar 1 00:14:48.211: TPLUS: processing authentication start request id 10
    *Mar 1 00:14:48.219: TPLUS: Authentication start packet created for 10()
    *Mar 1 00:14:48.219: TPLUS: Using server 192.168.1.3
    *Mar 1 00:14:48.287: TPLUS(0000000A)/0/NB_WAIT/661F02C8: Started 5 sec timeout
    *Mar 1 00:14:48.407: TPLUS(0000000A)/0/NB_WAIT: socket event 2
    *Mar 1 00:14:48.459: TPLUS(0000000A)/0/NB_WAIT: wrote entire 36 bytes request
    *Mar 1 00:14:48.459: TPLUS(0000000A)/0/READ: socket event 1
    *Mar 1 00:14:48.475: TPLUS(0000000A)/0/READ: Would block while reading
    *Mar 1 00:14:48.643: TPLUS(0000000A)/0/READ: socket event 1
    *Mar 1 00:14:48.643: TPLUS(0000000A)/0/READ: read entire 12 header bytes (expec
    t 16 bytes data)
    *Mar 1 00:14:48.647: TPLUS(0000000A)/0/READ: socket event 1
    *Mar 1 00:14:48.647: TPLUS(0000000A)/0/READ: read entire 28 bytes response
    *Mar 1 00:14:48.671: TPLUS(0000000A)/0/661F02C8: Processing the reply packet
    *Mar 1 00:14:48.699: TPLUS: Received authen response status GET_USER (7)
    Last edited by hodgey87; 08-13-2009 at 09:37 AM.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Feb 2007
    Location
    Birmingham, UK
    Posts
    231

    Certifications
    CCENT, CCNA, CCNA:Security
    #2
    Anyone help at all ???
    Reply With Quote Quote  

  4. SupremeNetworkOverlord Moderator Ahriakin's Avatar
    Join Date
    Oct 2005
    Location
    ::1/128
    Posts
    1,798

    Certifications
    CCIE #23276-Sec, JNCIE-Sec #105, TCSE #2343,MCSE 2003-Sec,LPIC-1
    #3
    What do your ACS logs show, are there failed attempts registering? If you have multiple interfaces on the router try setting one explicitly as the TACACS source (ip tacacs-source xxxxx), use the same IP for the client address in ACS (Loopbacks are an excellent choice for this).
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks