cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
668
Views
0
Helpful
2
Replies

auth-proxy tacacs question

nickpowers
Level 1
Level 1

My Cisco ACS is not allowing me to log in using the auth-proxy http page. It states: unknown username. When I debug AAA Tacacs I get this information:

5d23h: HTTP: parsed uri '/'

5d23h: HTTP: client version 1.1

5d23h: HTTP: parsed extension Accept

5d23h: HTTP: parsed extension Referer

5d23h: HTTP: parsed extension Accept-Language

5d23h: HTTP: parsed extension Content-Type

5d23h: HTTP: parsed extension Accept-Encoding

5d23h: HTTP: parsed extension User-Agent

5d23h: HTTP: parsed extension Host

5d23h: HTTP: parsed extension Content-Length

5d23h: HTTP: Content-length 56

5d23h: HTTP: parsed extension Connection

5d23h: HTTP: parsed extension Cache-Control

5d23h: HTTP: received POST '/' 4

5d23h: HTTP: parsed variable 'au_pxytimetag'

5d23h: HTTP: parsed value '517088482'

5d23h: HTTP: parsed variable 'uname'

5d23h: HTTP: parsed value 'myuser'

5d23h: HTTP: parsed variable 'pwd'

5d23h: HTTP: parsed value 'mypass'

5d23h: HTTP: parsed variable 'ok'

5d23h: HTTP: proxy done with post parsing

5d23h: AUTH-PROXY FUNC: auth_proxy_required_reauth

5d23h: AUTH-PROXY FUNC: auth_proxy_same_timestamp

5d23h: AUTH-PROXY FUNC: auth_proxy_wait_for_next_pwd

5d23h: AAA: parse name=FastEthernet0/1 idb type=-1 tty=-1

5d23h: AAA: name=FastEthernet0/1 flags=0x15 type=12 shelf=0 slot=0 adapter=0 port=1 channel=0

5d23h: AAA: parse name=<no string> idb type=-1 tty=-1

5d23h: AAA/MEMORY: create_user (0x826145A0) user='NULL' ruser='NULL' ds0=0 port='FastEthernet0/1' rem_addr='192.168.1.34' authen_type=ASCII service=LOGIN priv=0 initial_task_id='0'

5d23h: AAA/AUTHEN/START (4001909351): port='FastEthernet0/1' list='default' action=LOGIN service=LOGIN

5d23h: AAA/AUTHEN/START (4001909351): console login - default to "no auth required"

5d23h: AAA/AUTHEN/START (4001909351): Method=NONE

5d23h: AAA/AUTHEN (4001909351): status = PASS

5d23h: FastEthernet0/1 AAA/AUTHOR/HTTP (3914281355): Port='FastEthernet0/1' list='default' service=AUTH-PROXY

5d23h: AAA/AUTHOR/HTTP: FastEthernet0/1 (3914281355) user=''

5d23h: FastEthernet0/1 AAA/AUTHOR/HTTP (3914281355): send AV service=auth-proxy

5d23h: FastEthernet0/1 AAA/AUTHOR/HTTP (3914281355): send AV cmd*

5d23h: FastEthernet0/1 AAA/AUTHOR/HTTP (3914281355): found list "default"

5d23h: FastEthernet0/1 AAA/AUTHOR/HTTP (3914281355): Method=tacacs+ (tacacs+)

5d23h: %AAA/AUTHOR/TAC+: (3914281355): no username in request

5d23h: AAA/AUTHOR/TAC+: (3914281355): send AV service=auth-proxy

5d23h: AAA/AUTHOR/TAC+: (3914281355): send AV cmd*

5d23h: TAC+: Using default tacacs server-group "tacacs+" list.

5d23h: TAC+: Opening TCP/IP to ###.###.###.###/49 timeout=20

5d23h: TAC+: Opened TCP/IP handle 0x8279F504 to ###.###.###.###/49

5d23h: TAC+: periodic timer started

5d23h: TAC+: ###.###.###.### req=82615960 Qd id=3914281355 ver=192 handle=0x8279F504 (ESTAB) expire=19 AUTHOR/START queued

5d23h: TAC+: ###.###.###.### (3914281355) AUTHOR/START queued

5d23h: TAC+: ###.###.###.### ESTAB id=3914281355 wrote 71 of 71 bytes

5d23h: TAC+: ###.###.###.### req=82615960 Qd id=3914281355 ver=192 handle=0x8279F504 (ESTAB) expire=19 AUTHOR/START sent

5d23h: TAC+: ###.###.###.### ESTAB read=12 wanted=12 alloc=12 got=12

5d23h: TAC+: ###.###.###.### ESTAB read=56 wanted=56 alloc=56 got=44

5d23h: TAC+: ###.###.###.### received 56 byte reply for 82615960

5d23h: TAC+: req=82615960 Tx id=3914281355 ver=192 handle=0x8279F504 (ESTAB) expire=19 AUTHOR/START processed

5d23h: TAC+: (3914281355) AUTHOR/START processed

5d23h: TAC+: periodic timer stopped (queue empty)

5d23h: TAC+: (3914281355): received author response status = FAIL

5d23h: TAC+: Closing TCP/IP 0x8279F504 connection to ###.###.###.##/49

5d23h: AAA/AUTHOR (3914281355): Post authorization status = FAIL

5d23h: HTTP: proxy authorization rejected

The line that interests me is:

5d23h: %AAA/AUTHOR/TAC+: (3914281355): no username in request

Could this be my problem?? Could not be sending the username I entered?? Anybody ever seen this message before?

Thanks

2 Replies 2

nickpowers
Level 1
Level 1

Figured it out: I had not put in a default aaa authentication login default tacacas+ command. I didn't think it was necessary. I was wrong.

CSCO10685980
Level 1
Level 1

I have the same problem.

Laptom

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: