Authentication Failure Logging on Tacacs

Answered Question
Jun 5th, 2007
User Badges:

Hi all,

We have a tacacs server (v3.3) which seems to be showing some strange characterisitics. If we look at the authentication failure logs on the ACS it shows what appears to be the Login Banner as well as attempted commands in the "Username" field. How is this possible? if the user has failed to authenticate, shouldn't it just show the name of the user?


regards


Keith

Correct Answer by Jagdeep Gambhir about 9 years 9 months ago

Yes, this will have the same effect. Here is the example config to fix these kind of issues.


conf t


line aux 0

session time-out 20 ! The session times out after 20 minutes of inactivity.

no motd-banner ! disable the MOTD banner for reverse Telnet sessions

no exec

exec-timeout 0 0



Regards,

Jagdeep



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.8 (3 ratings)
Loading.
Jagdeep Gambhir Tue, 06/05/2007 - 05:37
User Badges:
  • Red, 2250 points or more

Keith,

If you have any modem or terminal server connected to this device for out of band management?


In these type of issues the problem is with the modem or term ser. It echo's back exec information from the console. The console interprets these message as login requests. This is extremely common. If that is the case then we need to reconfigure modem or term server, so that it does not echo.


If it's an IOS terminal server, the "no exec" command resolves the issue. If it is a modem, it must be reconfigured so that it no longer echoes.


Hope that helps !


Regards,

Jagdeep


KeithN123 Tue, 06/05/2007 - 05:41
User Badges:

Jagdeep


I had a feeling it was something like this. We don't actually have a modem connected, what we have is a pair of routers with the aux port of one router connected to the console port of the other - the idea being that we could reverse telnet into the console port....I am actually seeing lots of noise onthe aux and console lines ....would this have the same effect ?


Correct Answer
Jagdeep Gambhir Tue, 06/05/2007 - 05:56
User Badges:
  • Red, 2250 points or more

Yes, this will have the same effect. Here is the example config to fix these kind of issues.


conf t


line aux 0

session time-out 20 ! The session times out after 20 minutes of inactivity.

no motd-banner ! disable the MOTD banner for reverse Telnet sessions

no exec

exec-timeout 0 0



Regards,

Jagdeep



KeithN123 Tue, 06/05/2007 - 06:11
User Badges:

Many rhanks Jagdeep. This has resolved our problems.


regards


Keith


Actions

This Discussion