10-04-2005 11:26 AM - edited 03-10-2019 02:20 PM
My Cisco ACS is not allowing me to log in using the auth-proxy http page. It states: unknown username. When I debug AAA Tacacs I get this information:
5d23h: HTTP: parsed uri '/'
5d23h: HTTP: client version 1.1
5d23h: HTTP: parsed extension Accept
5d23h: HTTP: parsed extension Referer
5d23h: HTTP: parsed extension Accept-Language
5d23h: HTTP: parsed extension Content-Type
5d23h: HTTP: parsed extension Accept-Encoding
5d23h: HTTP: parsed extension User-Agent
5d23h: HTTP: parsed extension Host
5d23h: HTTP: parsed extension Content-Length
5d23h: HTTP: Content-length 56
5d23h: HTTP: parsed extension Connection
5d23h: HTTP: parsed extension Cache-Control
5d23h: HTTP: received POST '/' 4
5d23h: HTTP: parsed variable 'au_pxytimetag'
5d23h: HTTP: parsed value '517088482'
5d23h: HTTP: parsed variable 'uname'
5d23h: HTTP: parsed value 'myuser'
5d23h: HTTP: parsed variable 'pwd'
5d23h: HTTP: parsed value 'mypass'
5d23h: HTTP: parsed variable 'ok'
5d23h: HTTP: proxy done with post parsing
5d23h: AUTH-PROXY FUNC: auth_proxy_required_reauth
5d23h: AUTH-PROXY FUNC: auth_proxy_same_timestamp
5d23h: AUTH-PROXY FUNC: auth_proxy_wait_for_next_pwd
5d23h: AAA: parse name=FastEthernet0/1 idb type=-1 tty=-1
5d23h: AAA: name=FastEthernet0/1 flags=0x15 type=12 shelf=0 slot=0 adapter=0 port=1 channel=0
5d23h: AAA: parse name=<no string> idb type=-1 tty=-1
5d23h: AAA/MEMORY: create_user (0x826145A0) user='NULL' ruser='NULL' ds0=0 port='FastEthernet0/1' rem_addr='192.168.1.34' authen_type=ASCII service=LOGIN priv=0 initial_task_id='0'
5d23h: AAA/AUTHEN/START (4001909351): port='FastEthernet0/1' list='default' action=LOGIN service=LOGIN
5d23h: AAA/AUTHEN/START (4001909351): console login - default to "no auth required"
5d23h: AAA/AUTHEN/START (4001909351): Method=NONE
5d23h: AAA/AUTHEN (4001909351): status = PASS
5d23h: FastEthernet0/1 AAA/AUTHOR/HTTP (3914281355): Port='FastEthernet0/1' list='default' service=AUTH-PROXY
5d23h: AAA/AUTHOR/HTTP: FastEthernet0/1 (3914281355) user=''
5d23h: FastEthernet0/1 AAA/AUTHOR/HTTP (3914281355): send AV service=auth-proxy
5d23h: FastEthernet0/1 AAA/AUTHOR/HTTP (3914281355): send AV cmd*
5d23h: FastEthernet0/1 AAA/AUTHOR/HTTP (3914281355): found list "default"
5d23h: FastEthernet0/1 AAA/AUTHOR/HTTP (3914281355): Method=tacacs+ (tacacs+)
5d23h: %AAA/AUTHOR/TAC+: (3914281355): no username in request
5d23h: AAA/AUTHOR/TAC+: (3914281355): send AV service=auth-proxy
5d23h: AAA/AUTHOR/TAC+: (3914281355): send AV cmd*
5d23h: TAC+: Using default tacacs server-group "tacacs+" list.
5d23h: TAC+: Opening TCP/IP to ###.###.###.###/49 timeout=20
5d23h: TAC+: Opened TCP/IP handle 0x8279F504 to ###.###.###.###/49
5d23h: TAC+: periodic timer started
5d23h: TAC+: ###.###.###.### req=82615960 Qd id=3914281355 ver=192 handle=0x8279F504 (ESTAB) expire=19 AUTHOR/START queued
5d23h: TAC+: ###.###.###.### (3914281355) AUTHOR/START queued
5d23h: TAC+: ###.###.###.### ESTAB id=3914281355 wrote 71 of 71 bytes
5d23h: TAC+: ###.###.###.### req=82615960 Qd id=3914281355 ver=192 handle=0x8279F504 (ESTAB) expire=19 AUTHOR/START sent
5d23h: TAC+: ###.###.###.### ESTAB read=12 wanted=12 alloc=12 got=12
5d23h: TAC+: ###.###.###.### ESTAB read=56 wanted=56 alloc=56 got=44
5d23h: TAC+: ###.###.###.### received 56 byte reply for 82615960
5d23h: TAC+: req=82615960 Tx id=3914281355 ver=192 handle=0x8279F504 (ESTAB) expire=19 AUTHOR/START processed
5d23h: TAC+: (3914281355) AUTHOR/START processed
5d23h: TAC+: periodic timer stopped (queue empty)
5d23h: TAC+: (3914281355): received author response status = FAIL
5d23h: TAC+: Closing TCP/IP 0x8279F504 connection to ###.###.###.##/49
5d23h: AAA/AUTHOR (3914281355): Post authorization status = FAIL
5d23h: HTTP: proxy authorization rejected
The line that interests me is:
5d23h: %AAA/AUTHOR/TAC+: (3914281355): no username in request
Could this be my problem?? Could not be sending the username I entered?? Anybody ever seen this message before?
Thanks
10-04-2005 01:06 PM
Figured it out: I had not put in a default aaa authentication login default tacacas+ command. I didn't think it was necessary. I was wrong.
01-05-2006 02:52 PM
I have the same problem.
Laptom
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide