08-27-2012 06:49 AM - edited 03-10-2019 07:27 PM
i am facing difficulty to understand the meaninig of attribute value pair which i found in TACAS AAA authentication log.i came to know about the format used in the log file but attribute=value pairs are not much clear to me.i try to search on them but i was able to find some of them not all in tne acs dictionary.if anyone is having enough information on them pls let me know.here are some of the attributes
device ip address= a.b.c.d
user name=xyz
protocol=TACACS
Request latency=0
Network device Name=lab router
Type=Authentication
Action=login
privilege-level=1
Authen-type=ASCII
Service=login
User=xyz
port=tty6
Remote address=v.x.y.z
Username=xyz
Acs Sessionid=
AuthenticationIdentityStore=Internal users
Authentication method=PAP_ASCII
Selected Acess service=Default Device Admin
Selected shell profile=Enable
Identity group=All groups:zales_admin_user
i have attached the log file in which first line corressponds to authentication log.
thanks,
saurabh sharma
Solved! Go to Solution.
08-27-2012 07:06 AM
Hi,
device ip address= a.b.c.d ip address of the network device that the user is requesting access to
user name=xyz username of the authentication request
protocol=TACACS The tacacs protocol
Request latency=0 latency based on the timestamp of the authentication event, and when it arrived to ACS
Network device Name=lab router Name that was configured in ACS
Type=Authentication User is requesting to authenticate
Action=login User is logging into the device
privilege-level=1 Current priv level of the authentication
Authen-type=ASCII Using PAP ascii for authentication (typical for tacacs)
Service=login Service type is login
User=xyz This is the username
port=tty6 port that the user is connected to
Remote address=v.x.y.z This is the ip address of the user work station
Username=xyz Username again
Acs Sessionid= This is usually seen in radius requests, not needed for tacacs
AuthenticationIdentityStore=Internal users The identity store that ACS used to authenticate the end user
Authentication method=PAP_ASCII PAP/ASCII for the authentication protocol (common for TACACS)
Selected Acess service=Default Device Admin This is the service selection rule matched in ACS
Selected shell profile=Enable This is the shell profile configured in ACS that the user matched against
Identity group=All groups:zales_admin_user This is the identity group that the user matched.
As you can see ACS uses a combination of the tacacs av/pairs along with its own internal attributes that you can assign to the end user in order to make decisions. You can combine attributes such as identity group of the user and the remote address to lock down a group of users from authentication to devices from a particular workstation...for example.
Let me know if that helps you.
Tarik Admani
*Please rate helpful posts*
08-27-2012 07:06 AM
Hi,
device ip address= a.b.c.d ip address of the network device that the user is requesting access to
user name=xyz username of the authentication request
protocol=TACACS The tacacs protocol
Request latency=0 latency based on the timestamp of the authentication event, and when it arrived to ACS
Network device Name=lab router Name that was configured in ACS
Type=Authentication User is requesting to authenticate
Action=login User is logging into the device
privilege-level=1 Current priv level of the authentication
Authen-type=ASCII Using PAP ascii for authentication (typical for tacacs)
Service=login Service type is login
User=xyz This is the username
port=tty6 port that the user is connected to
Remote address=v.x.y.z This is the ip address of the user work station
Username=xyz Username again
Acs Sessionid= This is usually seen in radius requests, not needed for tacacs
AuthenticationIdentityStore=Internal users The identity store that ACS used to authenticate the end user
Authentication method=PAP_ASCII PAP/ASCII for the authentication protocol (common for TACACS)
Selected Acess service=Default Device Admin This is the service selection rule matched in ACS
Selected shell profile=Enable This is the shell profile configured in ACS that the user matched against
Identity group=All groups:zales_admin_user This is the identity group that the user matched.
As you can see ACS uses a combination of the tacacs av/pairs along with its own internal attributes that you can assign to the end user in order to make decisions. You can combine attributes such as identity group of the user and the remote address to lock down a group of users from authentication to devices from a particular workstation...for example.
Let me know if that helps you.
Tarik Admani
*Please rate helpful posts*
08-27-2012 10:22 PM
hi tarik,
thanks for ur reply
i want to know from where you got this information.Is there any documents releated to TACACS av/pairs and ACS own internal attributes.please mail me the docs on saurabh.saurabh015@gmail.com
i found some documents on TACACS av/pairs but the above attributes was not mentioned there.
i want the documents related to logging categories Authentication,TACACS + accounting,Administrative and operational audit.
i want to know about this line also....in AUthentication log
step=13005,step=15008,step=15004,....
what actually this sequence denotes and where i can find information on them?
Tarik Admani wrote:
Hi,
device ip address= a.b.c.d ip address of the network device that the user is requesting access to
user name=xyz username of the authentication request
protocol=TACACS The tacacs protocol
Request latency=0 latency based on the timestamp of the authentication event, and when it arrived to ACS
Network device Name=lab router Name that was configured in ACS
Type=Authentication User is requesting to authenticate
Action=login User is logging into the device
privilege-level=1 Current priv level of the authentication
Authen-type=ASCII Using PAP ascii for authentication (typical for tacacs)
Service=login Service type is login
User=xyz This is the username
port=tty6 port that the user is connected to
Remote address=v.x.y.z This is the ip address of the user work station
Username=xyz Username again
Acs Sessionid= This is usually seen in radius requests, not needed for tacacs
AuthenticationIdentityStore=Internal users The identity store that ACS used to authenticate the end user
Authentication method=PAP_ASCII PAP/ASCII for the authentication protocol (common for TACACS)
Selected Acess service=Default Device Admin This is the service selection rule matched in ACS
Selected shell profile=Enable This is the shell profile configured in ACS that the user matched against
Identity group=All groups:zales_admin_user This is the identity group that the user matched.
As you can see ACS uses a combination of the tacacs av/pairs along with its own internal attributes that you can assign to the end user in order to make decisions. You can combine attributes such as identity group of the user and the remote address to lock down a group of users from authentication to devices from a particular workstation...for example.
Let me know if that helps you.
Tarik Admani
*Please rate helpful posts*
thanks,
saurabh sharma
08-28-2012 07:02 PM
Saurabh,
The steps are usually explained in the log as they are processed, if you look in the first column. If you are looking failure reasons you can check the Monitoring and Reports > Monitoring Configuratoin > Failed Reasons Editor, and that will give you a definition of all the failure messages.
Here is a pdf of the tacacs a/v pairs -
Tarik Admani
*Please rate helpful posts*
02-11-2013 09:32 PM
Hi Tarik
Thanks for the information given above.
Can you please give me logs of ACS 5.4 and logs for above all fields.?
Also please tell me that what are the A-V pairs available in ACS 5.4 ?
Please mail me all log files on my mail id : shaileshpawar1711@gmail.com.
Thanks in advance.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: