AAA Authentication error

Unanswered Question
Apr 9th, 2008

I am having trouble authenticating into my router.

Here is the debug error I get when I try to log in:

.Apr 9 18:13:15.518: AAA/BIND(00000068): Bind i/f

.Apr 9 18:13:15.522: AAA/AUTHEN/LOGIN (00000068): Pick method list 'default'

.Apr 9 18:13:15.522: TPLUS: Queuing AAA Authentication request 104 for processing

.Apr 9 18:13:15.522: TPLUS: processing authentication start request id 104

.Apr 9 18:13:15.522: TPLUS: Authentication start packet created for 104(david)

.Apr 9 18:13:15.522: TPLUS: Using server 172.16.6.3

.Apr 9 18:13:15.522: TPLUS(00000068)/1/NB_WAIT/4620496C: Started 60 sec timeout

.Apr 9 18:13:15.522: TPLUS(00000068)/1/NB_WAIT: socket event 2

.Apr 9 18:13:15.526: TPLUS(00000068)/1/NB_WAIT: wrote entire 42 bytes request

.Apr 9 18:13:15.526: TPLUS(00000068)/1/READ: socket event 1

.Apr 9 18:13:15.526: TPLUS(00000068)/1/READ: Would block while reading

.Apr 9 18:13:15.658: TPLUS(00000068)/1/READ: socket event 1

.Apr 9 18:13:15.658: TPLUS(00000068)/1/READ: errno 254

.Apr 9 18:13:15.658: TPLUS(00000068)/1/4620496C: Processing the reply packet

.Apr 9 18:13:20.434: AAA/AUTHEN/LOGIN (00000000): Pick method list 'default'

.Apr 9 18:13:20.434: TPLUS: Queuing AAA Authentication request 0 for processing

.Apr 9 18:13:20.434: TPLUS: processing authentication start request id 0

.Apr 9 18:13:20.434: TPLUS: Authentication start packet created for 0(david)

.Apr 9 18:13:20.434: TPLUS: Using server 172.16.6.3

.Apr 9 18:13:20.434: TPLUS(00000000)/1/NB_WAIT/4620496C: Started 60 sec timeout

.Apr 9 18:13:20.434: TPLUS(00000000)/1/NB_WAIT: socket event 2

.Apr 9 18:13:20.438: TPLUS(00000000)/1/NB_WAIT: wrote entire 25 bytes request

.Apr 9 18:13:20.438: TPLUS(00000000)/1/READ: socket event 1

.Apr 9 18:13:20.438: TPLUS(00000000)/1/READ: Would block while reading

.Apr 9 18:13:20.438: TPLUS(00000000)/1/READ: socket event 1

.Apr 9 18:13:20.438: TPLUS(00000000)/1/READ: errno 254

.Apr 9 18:13:20.438: TPLUS(00000000)/1/4620496C: Processing the reply packet

Any help would be greatly apperciated.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Burts Thu, 04/10/2008 - 12:23

David

The debugs show that you are sending requests to ACS/TACACS and receiving no response. There are several things that could cause this symptom. First you should check on whether the request is getting to the TACACS server. Probably you could look in the logs of the server and see if it has recognized and processed requests from your device. If it recognized the request then it may also have some indication of why it did not authenticate. These causes could include a mismatch in the shared key, the server does not have a correct definition of this device as a TACACS client, your machine is not sending requests with the source address that the TACACS server is expecting.

You also might want to verify that there is correct IP connectivity from your router to the TACACS server (ping or extended ping is a good way to check this). You might also check along the path and make sure that there are not access lists which might be blocking your request (or blocking the response from the server back to you).

HTH

Rick

Actions

This Discussion