11-19-2013 11:23 PM - edited 03-10-2019 09:06 PM
Good day.
Have a problem with authorization in tacacs+
config:
aaa group server tacacs+ tacacs-pib
server-private 10.0.255.18 single-connection key 123
ip vrf forwarding mgmt
ip tacacs source-interface FastEthernet0/2/0
!
aaa authentication login default group tacacs-pib local
aaa authentication enable default group tacacs-pib enable
aaa authorization console
aaa authorization config-commands
aaa authorization exec default group tacacs-pib local
aaa authorization commands 15 default group tacacs-pib local
aaa authorization network default group tacacs-pib local
aaa accounting exec default start-stop group tacacs-pib
aaa accounting commands 15 default start-stop group tacacs-pib
Debug:
TPLUS(000002FC)/0/READ: read entire 12 header bytes (expect 16 bytes)
TPLUS(000002FC)/0/READ: read entire 28 bytes response
TPLUS(000002FC)/0/15D4A80C: Processing the reply packet
TPLUS: Received authen response status GET_PASSWORD (8)
TPLUS(000002FC)/0/None: Started 120 sec timeout
TPLUS: Queuing AAA Authentication request 764 for processing
TPLUS: processing authentication continue request id 764
TPLUS: Authentication continue packet generated for 764
TPLUS(000002FC)/0/None: Timer Stoped
TPLUS(000002FC)/0/WRITE/15D4A80C: Started 5 sec timeout
TPLUS(000002FC)/0/WRITE: wrote entire 24 bytes request
TPLUS(000002FC)/0/READ: read entire 12 header bytes (expect 6 bytes)
TPLUS(000002FC)/0/READ: read entire 18 bytes response
TPLUS(000002FC)/0/15D4A80C: Processing the reply packet
TPLUS: Received authen response status PASS (2)
TPLUS: Queuing AAA Authorization request 764 for processing
TPLUS: processing authorization request id 764
TPLUS: Protocol set to None .....Skipping
TPLUS: Sending AV service=shell
TPLUS: Sending AV cmd*
TPLUS: Authorization request created for 764(ingener)
TPLUS: using previously set server 10.0.255.18 from group tacacs-pib
TPLUS(000002FC)/0/IDLE/15D4A80C: got immediate connect on new 0
TPLUS(000002FC)/0/WRITE/15D4A80C: Started 5 sec timeout
TPLUS(000002FC)/0/WRITE: wrote entire 64 bytes request
TPLUS: Error occurs in reading packet header, shutdown the single connection
TPLUS(000002FC)/0/15D4A80C: Processing the reply packet
TPLUS: Invalid Client information received as input
And another question -
Why all usernames in upper case?
username ADMIN privilege 15 secret ***
Solved! Go to Solution.
11-20-2013 06:36 AM
Can you try without single-connection:
aaa group server tacacs+ tacacs-pib
server-private 10.0.255.18
~BR
Jatin Katyal
**Do rate helpful posts**
11-20-2013 06:36 AM
Can you try without single-connection:
aaa group server tacacs+ tacacs-pib
server-private 10.0.255.18
~BR
Jatin Katyal
**Do rate helpful posts**
11-21-2013 12:42 AM
Yes, it helps, Thanks!
But administrators of tacacs server assured that single-connection option activated...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide