10-04-2005 11:26 AM - edited 03-10-2019 02:20 PM
My Cisco ACS is not allowing me to log in using the auth-proxy http page. It states: unknown username. When I debug AAA Tacacs I get this information:
5d23h: HTTP: parsed uri '/'
5d23h: HTTP: client version 1.1
5d23h: HTTP: parsed extension Accept
5d23h: HTTP: parsed extension Referer
5d23h: HTTP: parsed extension Accept-Language
5d23h: HTTP: parsed extension Content-Type
5d23h: HTTP: parsed extension Accept-Encoding
5d23h: HTTP: parsed extension User-Agent
5d23h: HTTP: parsed extension Host
5d23h: HTTP: parsed extension Content-Length
5d23h: HTTP: Content-length 56
5d23h: HTTP: parsed extension Connection
5d23h: HTTP: parsed extension Cache-Control
5d23h: HTTP: received POST '/' 4
5d23h: HTTP: parsed variable 'au_pxytimetag'
5d23h: HTTP: parsed value '517088482'
5d23h: HTTP: parsed variable 'uname'
5d23h: HTTP: parsed value 'myuser'
5d23h: HTTP: parsed variable 'pwd'
5d23h: HTTP: parsed value 'mypass'
5d23h: HTTP: parsed variable 'ok'
5d23h: HTTP: proxy done with post parsing
5d23h: AUTH-PROXY FUNC: auth_proxy_required_reauth
5d23h: AUTH-PROXY FUNC: auth_proxy_same_timestamp
5d23h: AUTH-PROXY FUNC: auth_proxy_wait_for_next_pwd
5d23h: AAA: parse name=FastEthernet0/1 idb type=-1 tty=-1
5d23h: AAA: name=FastEthernet0/1 flags=0x15 type=12 shelf=0 slot=0 adapter=0 port=1 channel=0
5d23h: AAA: parse name=<no string> idb type=-1 tty=-1
5d23h: AAA/MEMORY: create_user (0x826145A0) user='NULL' ruser='NULL' ds0=0 port='FastEthernet0/1' rem_addr='192.168.1.34' authen_type=ASCII service=LOGIN priv=0 initial_task_id='0'
5d23h: AAA/AUTHEN/START (4001909351): port='FastEthernet0/1' list='default' action=LOGIN service=LOGIN
5d23h: AAA/AUTHEN/START (4001909351): console login - default to "no auth required"
5d23h: AAA/AUTHEN/START (4001909351): Method=NONE
5d23h: AAA/AUTHEN (4001909351): status = PASS
5d23h: FastEthernet0/1 AAA/AUTHOR/HTTP (3914281355): Port='FastEthernet0/1' list='default' service=AUTH-PROXY
5d23h: AAA/AUTHOR/HTTP: FastEthernet0/1 (3914281355) user=''
5d23h: FastEthernet0/1 AAA/AUTHOR/HTTP (3914281355): send AV service=auth-proxy
5d23h: FastEthernet0/1 AAA/AUTHOR/HTTP (3914281355): send AV cmd*
5d23h: FastEthernet0/1 AAA/AUTHOR/HTTP (3914281355): found list "default"
5d23h: FastEthernet0/1 AAA/AUTHOR/HTTP (3914281355): Method=tacacs+ (tacacs+)
5d23h: %AAA/AUTHOR/TAC+: (3914281355): no username in request
5d23h: AAA/AUTHOR/TAC+: (3914281355): send AV service=auth-proxy
5d23h: AAA/AUTHOR/TAC+: (3914281355): send AV cmd*
5d23h: TAC+: Using default tacacs server-group "tacacs+" list.
5d23h: TAC+: Opening TCP/IP to ###.###.###.###/49 timeout=20
5d23h: TAC+: Opened TCP/IP handle 0x8279F504 to ###.###.###.###/49
5d23h: TAC+: periodic timer started
5d23h: TAC+: ###.###.###.### req=82615960 Qd id=3914281355 ver=192 handle=0x8279F504 (ESTAB) expire=19 AUTHOR/START queued
5d23h: TAC+: ###.###.###.### (3914281355) AUTHOR/START queued
5d23h: TAC+: ###.###.###.### ESTAB id=3914281355 wrote 71 of 71 bytes
5d23h: TAC+: ###.###.###.### req=82615960 Qd id=3914281355 ver=192 handle=0x8279F504 (ESTAB) expire=19 AUTHOR/START sent
5d23h: TAC+: ###.###.###.### ESTAB read=12 wanted=12 alloc=12 got=12
5d23h: TAC+: ###.###.###.### ESTAB read=56 wanted=56 alloc=56 got=44
5d23h: TAC+: ###.###.###.### received 56 byte reply for 82615960
5d23h: TAC+: req=82615960 Tx id=3914281355 ver=192 handle=0x8279F504 (ESTAB) expire=19 AUTHOR/START processed
5d23h: TAC+: (3914281355) AUTHOR/START processed
5d23h: TAC+: periodic timer stopped (queue empty)
5d23h: TAC+: (3914281355): received author response status = FAIL
5d23h: TAC+: Closing TCP/IP 0x8279F504 connection to ###.###.###.##/49
5d23h: AAA/AUTHOR (3914281355): Post authorization status = FAIL
5d23h: HTTP: proxy authorization rejected
The line that interests me is:
5d23h: %AAA/AUTHOR/TAC+: (3914281355): no username in request
Could this be my problem?? Could not be sending the username I entered?? Anybody ever seen this message before?
Thanks
10-04-2005 01:06 PM
Figured it out: I had not put in a default aaa authentication login default tacacas+ command. I didn't think it was necessary. I was wrong.
01-05-2006 02:52 PM
I have the same problem.
Laptom
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: