Does this happen with all the usernames or with a single one. If this happens with a single one then probably the same username is configured with two passwords. Use a different username/password combination to check this. If this happens with all usernames then reinstall ACS and try again.
Hi - I've just been testing this myself with GSS versions 2.0(2) and 1.3(2).
1.3(2) just doesn't work! I've enabled 'full' service logging on the ACS side and examined the resulting tcs.log. When 1.3(2) tries to authenticate, it seems to be padding the password. I get messages like USER_MSG_LEN=d (0xd), USER_DATA_LEN=13 (0x0) FLAGS=0x0.
However, when I log in through a working TACACS client, the USER_DATA_LEN field has a length equal to the actual password length.
Hope this helps!
Testing on 2.0(2) gets past the initial authentication but I can't manage to get authorized properly yet.
Authorization failed. Admin privilege required.
I've got priv-lvl set to 15 already so I don't see what the problem might be.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...