I'm not an expert in AAA Authentication that's why I'm here..
We 3 routers, 1 of which works with Authentication and the other 2 that don't.
We have configured the following:
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ if-authenticated.
The problem is that when I try to connect using the TACACS server username and password it gives me a generic error message the classic.
% Athentication Failed
But if I try the local username and password it works..
How come, it's not a problem of routing because the one that works uses the same exit point to reach the server as the one that doesn't, the only difference that exists is the IOS is different..
Can anyone point me in the right direction? Please and thank you
Thanks for sharing the solution :)
That is why I asked you to run the debugs. Just wanted to share with you that whenever we have key mis-match issue.
We will see thses kind of debugs:
TAC+: AUTHEN/START/LOGIN/ASCII processed
TAC+: decrypt: pak is unencrypted but we have a key
TAC+: Unable to decrypt data from SERVER OR NAS.
TAC+: Closing TCP/IP 0x765C2C connection
OR TAC+: CHECK THE KEYS
Also, IOS should take the encrypted key. As fas as I know there is no known issue. make sure that you had the correct encrypted. It should work.
On the IOS, we should service password-encryption available.
Do let me know if you have any query.
Plz rate helpful posts-
Did you check the shared secret key, on ACS NDG key over rites aaa-client key.
Make sure key is not an issue.