I'm need to authenticate users authenticating either on a TACACS+ or a RADIUS server on a Dial-up line. The configuration that I'm using is:
aaa authentication login TEST group radius group tacacs+ local-case
The problem that I'm encountering is that if a user has to authenticate with a TACACS server the radius server will return a "FAIL" message to the router as it does not find the user. This halts the authentication process and the TACACS server is never used.
This works when the authentication server is a single ACS server that can authenticate users via different external DBs. I have to remove this ACS server and "attack" the External DBs directly from the router.
Is there any way that I can configure the router (12.2) to "ignore" this fail message and continue with the second group servers?
Any help is greatly appreciated.