Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Author Service denied on service=shell

Hello,

in a ACS 3.3 environment, a service shell (exec) is enable to check user's authorization commands (outbound direction).

Normally commands are permitted or denied according to users/groups config.

Sometimes... the service seems disable and all authorizations fail... !

When it happens, the Failed Attempts Log Example is as below:

27/04/2010,10:11:35,Author failed,user1,Group1,10.1.50.21,,Command denied,service=shell cmd=http 66.xx.xx.xx,80 ----> Correct

27/04/2010,10:11:36,Author failed,user1,Group1,10.1.50.21,,Service denied,service=shell cmd=http 66.xx.xx.xx,80 ---> Wrong, "Cmd denied" as above

27/04/2010,10:12:10,Author failed,User2,Group2,10.1.50.22,,Service denied,service=shell cmd=https 213.xx.xx.xx,443 ---> Wrong, normally it's permit
27/04/2010,10:12:32,Author failed,User3,Group3,10.1.50.24,,Service denied,service=shell cmd=https 212.xx.xx.xx,443 ---> Wrong, normally it's permit
27/04/2010,10:12:32,Author failed,User4,Group4,10.1.50.26,,Service denied,service=shell cmd=https 212.xx.xx.xx,443 ---> Wrong, normally it's permit

To restore the normal condition about authorization's check, we restart CSTacacs service, below Tacacs service's Log:

TCS 27/04/2010 10:11:36 E 0155 4060 AAAClient1: user 'user1' using an invalid service: shell
TCS 27/04/2010 10:12:10 E 0155 4060 AAAClient1: user 'user2' using an invalid service: shell
TCS 27/04/2010 10:12:32 E 0155 4060 AAAClient1: user 'user3' using an invalid service: shell
TCS 27/04/2010 10:12:32 E 0155 4060 AAAClient1: user 'user4' using an invalid service: shell
TCS 27/04/2010 10:12:34 A 0651 2864 Server stop requested
TCS 27/04/2010 10:12:34 A 1256 0348 Release Host Cache
TCS 27/04/2010 10:12:34 A 1262 0348 Close Proxy Cache
TCS 27/04/2010 10:12:34 A 1285 0348 Calling CMFini()
TCS 27/04/2010 10:12:35 A 1287 0348 CMFini() Complete
TCS 27/04/2010 10:12:35 A 1301 0348 Closing Password Aging
TCS 27/04/2010 10:12:35 A 1314 0348 Closing Finished
TCS 27/04/2010 10:12:37 A 5020 0520 CSTacacs server starting ==============================
TCS 27/04/2010 10:12:37 A 5026 0520 Running as NT service.
TCS 27/04/2010 10:12:38 E 1051 0520 Doing Stats

TCS 27/04/2010 10:12:38 A 1092 0520
**** Registry Setup ****
TCS 27/04/2010 10:12:38 A 1119 0520 Single TCP connection operation enabled
TCS 27/04/2010 10:12:38 A 1129 0520 Base Proxy enabled.
TCS 27/04/2010 10:12:38 A 1196 0520 ************************

TCS 27/04/2010 10:12:38 E 1083 0520 TACACS+ server started

Any idea/suggest about this problem ? Is it a known "bug" ?

Thanks a lot in advance!

584
Views
0
Helpful
0
Replies