Our application uses Cisco RHEL ((i386) 2.6.9-5.ELsmp) as OS.

It relies on RHEL for tacacplus and radius capablities. (pam_tacplus.so & pam_tacplus.so are present in /lib/security on the RHEL box)

Cisco ACS ver 3.3 is used to authenticate the users in product

ACS server has the following configuration :

1.Network Device Groups

2.AAA clients – IPs along with the shared key/secret.These clients are associated with the Network Device groups.

3.user groups –The network device groups are linked with user groups.

4.User profiles-user credentials. User profiles are linked with the user groups

I am able to successfully login into the product using ssh with tacacplus.

Please see the log entries for successful logins using ssh:

###

Oct 24 01:25:14 localhost sshd(pam_unix)[27400]: session opened for user scott by (uid=0)

###

When I try to telnet using the same user credentials the authentication fails,i get the below error message:

###

Oct 24 01:08:06 localhost remote(pam_unix)[26968]: authentication failure; logname= uid=0 euid=0 tty=pts/4 ruser= rhost=A.B.C.D user=scott

Oct 24 01:08:08 localhost login[26968]: FAILED LOGIN 1 FROM A.B.C.D FOR scott, Authentication failure

###

(A.B.C.D is the ip address in the log message,it is the ip of m/c from which I telnet to the application)

The user credentials used with ssh/telnet is defined in ACS.

Am i missing some configuration here ? Why telnet logins are not going through ?

Please advice.

Thanks