03-03-2006 01:44 PM - edited 03-10-2019 02:29 PM
A very intresting problem. I have a TACACS ver 3.2 system in place. I currently am able to authenticate agains it with no problem using SSH & Telnet. However, as soon as I try to use http, the authentication is never succesful (I get prompted for a username and password, but nothing I enter actually works) and the folling gets logged on the TACACS server:
"External DB auth failed"
However..it works agains SSH and Telnet. Does anyone have any ideas about this? perhaps http auth needs special configuraiton?
http server enable
aaa-server tac protocol tacacs+
aaa-server tac host 10.1.1.1
key ******
aaa authentication http console tac
aaa authentication telnet console tac
aaa authentication ssh console tac
aaa authentication secure-http-client
http server enable
http 172.19.0.0 255.255.0.0 inside
http 10.34.64.0 255.255.240.0 management
http 10.72.0.0 255.255.255.0 management
http 10.72.3.103 255.255.255.255 management
http redirect management 80
03-09-2006 01:10 PM
This is an ACE problem with the passcode. During this time, the ACS Failed Attempts log shows either the message "External DB auth failed" or "External DB user invalid or bad password
04-12-2006 10:49 AM
Just curious if you figured this one out - I just opened a TAC case for something similar. I'm authenticating to an RSA ACE Server via an CiscoSecure ACS 4.0 box. SSH and telnet have no problems, but HTTP auths bomb at the ACE server.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: