Author Service denied on service=shell

Unanswered Question
Apr 30th, 2010

Hello,

in a ACS 3.3 environment, a service shell (exec) is enable to check user's authorization commands (outbound direction).

Normally commands are permitted or denied according to users/groups config.

Sometimes... the service seems disable and all authorizations fail... !

When it happens, the Failed Attempts Log Example is as below:

27/04/2010,10:11:35,Author failed,user1,Group1,10.1.50.21,,Command denied,service=shell cmd=http 66.xx.xx.xx,80 ----> Correct

27/04/2010,10:11:36,Author failed,user1,Group1,10.1.50.21,,Service denied,service=shell cmd=http 66.xx.xx.xx,80 ---> Wrong, "Cmd denied" as above

27/04/2010,10:12:10,Author failed,User2,Group2,10.1.50.22,,Service denied,service=shell cmd=https 213.xx.xx.xx,443 ---> Wrong, normally it's permit
27/04/2010,10:12:32,Author failed,User3,Group3,10.1.50.24,,Service denied,service=shell cmd=https 212.xx.xx.xx,443 ---> Wrong, normally it's permit
27/04/2010,10:12:32,Author failed,User4,Group4,10.1.50.26,,Service denied,service=shell cmd=https 212.xx.xx.xx,443 ---> Wrong, normally it's permit

To restore the normal condition about authorization's check, we restart CSTacacs service, below Tacacs service's Log:

TCS 27/04/2010 10:11:36 E 0155 4060 AAAClient1: user 'user1' using an invalid service: shell
TCS 27/04/2010 10:12:10 E 0155 4060 AAAClient1: user 'user2' using an invalid service: shell
TCS 27/04/2010 10:12:32 E 0155 4060 AAAClient1: user 'user3' using an invalid service: shell
TCS 27/04/2010 10:12:32 E 0155 4060 AAAClient1: user 'user4' using an invalid service: shell
TCS 27/04/2010 10:12:34 A 0651 2864 Server stop requested
TCS 27/04/2010 10:12:34 A 1256 0348 Release Host Cache
TCS 27/04/2010 10:12:34 A 1262 0348 Close Proxy Cache
TCS 27/04/2010 10:12:34 A 1285 0348 Calling CMFini()
TCS 27/04/2010 10:12:35 A 1287 0348 CMFini() Complete
TCS 27/04/2010 10:12:35 A 1301 0348 Closing Password Aging
TCS 27/04/2010 10:12:35 A 1314 0348 Closing Finished
TCS 27/04/2010 10:12:37 A 5020 0520 CSTacacs server starting ==============================
TCS 27/04/2010 10:12:37 A 5026 0520 Running as NT service.
TCS 27/04/2010 10:12:38 E 1051 0520 Doing Stats

TCS 27/04/2010 10:12:38 A 1092 0520
**** Registry Setup ****
TCS 27/04/2010 10:12:38 A 1119 0520 Single TCP connection operation enabled
TCS 27/04/2010 10:12:38 A 1129 0520 Base Proxy enabled.
TCS 27/04/2010 10:12:38 A 1196 0520 ************************

TCS 27/04/2010 10:12:38 E 1083 0520 TACACS+ server started

Any idea/suggest about this problem ? Is it a known "bug" ?

Thanks a lot in advance!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion