Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1674
Views
0
Helpful
5
Replies

Tacacs fall back to local doesn't work

b.bersier
Level 1
Level 1

‎08-05-2008 05:44 AM - edited ‎03-10-2019 04:00 PM

Hello,

I have this configuration, and the fall back to local doess't seems to work (using telnet or ssh):

username admin privilege 15 password ugawdfugagdfqfqfiqgfigqf

aaa new-model

aaa authentication login VTY-access group tacacs+ local

aaa accounting exec accounting start-stop group tacacs+

aaa accounting commands 1 accounting start-stop group tacacs+

aaa accounting commands 15 accounting start-stop group tacacs+

aaa accounting connection accounting start-stop group tacacs+

tacacs-server host 1.2.3.4

tacacs-server key khdhdfhahsfklhas

line vty 0 15

no password

 exec-timeout 15 0

privilege level 15

 accounting connection accounting

 accounting commands 1 accounting

 accounting commands 15 accounting

 accounting exec accounting

 login authentication VTY-access

line con 0

no password

exec-timeout 15 0

privilege level 15

accounting connection accounting

 accounting commands 1 accounting

 accounting commands 15 accounting

 accounting exec accounting

 login authentication VTY-access

Thank's for your help

Blaise

Labels:
0 Helpful
5 Replies 5

dhananjoy chowdhury
Level 5
Level 5

‎08-05-2008 06:36 AM

Is the TACACS servers reachable from this device ?

If yes, then it might not fall back to LOCAL.

If this is a test setup, then you may try disconnecting the Tacacs server from the network and then test.

0 Helpful

b.bersier
Level 1
Level 1
In response to dhananjoy chowdhury

‎08-05-2008 06:40 AM

I tried to stop the services on the ACS CE 4.2 it did not used fall back, and then a change the IP address of the tacacs server to a false IP, and still it doesn't fall back.

0 Helpful

francisco_1
Level 7
Level 7
In response to b.bersier

‎08-05-2008 06:44 AM

aaa new-model

tacacs-server host [tacacs ip address]

tacacs-server key [secret key]

aaa authentication login default group tacacs+ local

username [local user name] password [local user password]

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting connection default start-stop group tacacs+

aaa accounting system default start-stop group tacacs+

remove all your exisiting entries and try just the above....

Make sure your device have reachbility to the tacaces server.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to francisco_1

‎08-05-2008 08:12 AM

Blaise

You describe that the fallback does not work when using telnet and ssh. Does it work on the console?

You describe in general that fall back does not work. Can you give us a bit more specifics about how it is not working? When you attempt access are you getting a prompt for ID and password? If you enter ID and password are you sure that it is the correct password? If you enter an ID and password can you tell us exactly what error message you get?

If we know these things we may be closer to finding your problem.

HTH

Rick

HTH

Rick
0 Helpful

b.bersier
Level 1
Level 1
In response to Richard Burts

‎10-17-2008 04:36 AM

Hi Rick,

Sorry I was away for a long time.

The tests will restart soon.

I will give a feed back soon

Cheers

Blaise

0 Helpful
Customers Also Viewed These Support Documents