Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 7.1, TACACS+, & HTTP Authentication

A very intresting problem. I have a TACACS ver 3.2 system in place. I currently am able to authenticate agains it with no problem using SSH & Telnet. However, as soon as I try to use http, the authentication is never succesful (I get prompted for a username and password, but nothing I enter actually works) and the folling gets logged on the TACACS server:

"External DB auth failed"

However..it works agains SSH and Telnet. Does anyone have any ideas about this? perhaps http auth needs special configuraiton?

http server enable

aaa-server tac protocol tacacs+

aaa-server tac host 10.1.1.1

key ******

aaa authentication http console tac

aaa authentication telnet console tac

aaa authentication ssh console tac

aaa authentication secure-http-client

http server enable

http 172.19.0.0 255.255.0.0 inside

http 10.34.64.0 255.255.240.0 management

http 10.72.0.0 255.255.255.0 management

http 10.72.3.103 255.255.255.255 management

http redirect management 80

2 REPLIES
Bronze

Re: ASA 7.1, TACACS+, & HTTP Authentication

This is an ACE problem with the passcode. During this time, the ACS Failed Attempts log shows either the message "External DB auth failed" or "External DB user invalid or bad password

New Member

Re: ASA 7.1, TACACS+, & HTTP Authentication

Just curious if you figured this one out - I just opened a TAC case for something similar. I'm authenticating to an RSA ACE Server via an CiscoSecure ACS 4.0 box. SSH and telnet have no problems, but HTTP auths bomb at the ACE server.

129
Views
0
Helpful
2
Replies
CreatePlease login to create content