Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
10501
Views
10
Helpful
2
Replies

Authorization failed

Go to solution
BugaenkoV
Level 1
Level 1

‎11-19-2013 11:23 PM - edited ‎03-10-2019 09:06 PM

Good day.

Have a problem with authorization in tacacs+

config:

aaa group server tacacs+ tacacs-pib

server-private 10.0.255.18 single-connection key 123

ip vrf forwarding mgmt

ip tacacs source-interface FastEthernet0/2/0

!

aaa authentication login default group tacacs-pib local

aaa authentication enable default group tacacs-pib enable

aaa authorization console

aaa authorization config-commands

aaa authorization exec default group tacacs-pib local

aaa authorization commands 15 default group tacacs-pib local

aaa authorization network default group tacacs-pib local

aaa accounting exec default start-stop group tacacs-pib

aaa accounting commands 15 default start-stop group tacacs-pib

Debug:

TPLUS(000002FC)/0/READ: read entire 12 header bytes (expect 16 bytes)

TPLUS(000002FC)/0/READ: read entire 28 bytes response

TPLUS(000002FC)/0/15D4A80C: Processing the reply packet

TPLUS: Received authen response status GET_PASSWORD (8)

TPLUS(000002FC)/0/None: Started 120 sec timeout

TPLUS: Queuing AAA Authentication request 764 for processing

TPLUS: processing authentication continue request id 764

TPLUS: Authentication continue packet generated for 764

TPLUS(000002FC)/0/None: Timer Stoped

TPLUS(000002FC)/0/WRITE/15D4A80C: Started 5 sec timeout

TPLUS(000002FC)/0/WRITE: wrote entire 24 bytes request

TPLUS(000002FC)/0/READ: read entire 12 header bytes (expect 6 bytes)

TPLUS(000002FC)/0/READ: read entire 18 bytes response

TPLUS(000002FC)/0/15D4A80C: Processing the reply packet

TPLUS: Received authen response status PASS (2)

TPLUS: Queuing AAA Authorization request 764 for processing

TPLUS: processing authorization request id 764

TPLUS: Protocol set to None .....Skipping

TPLUS: Sending AV service=shell

TPLUS: Sending AV cmd*

TPLUS: Authorization request created for 764(ingener)

TPLUS: using previously set server 10.0.255.18 from group tacacs-pib

TPLUS(000002FC)/0/IDLE/15D4A80C: got immediate connect on new 0

TPLUS(000002FC)/0/WRITE/15D4A80C: Started 5 sec timeout

TPLUS(000002FC)/0/WRITE: wrote entire 64 bytes request

TPLUS: Error occurs in reading packet header, shutdown the single connection

TPLUS(000002FC)/0/15D4A80C: Processing the reply packet

TPLUS: Invalid Client information received as input

And another question -

Why all usernames in upper case?

username ADMIN privilege 15 secret ***

2 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎11-20-2013 06:36 AM

Can you try without single-connection:

aaa group server tacacs+ tacacs-pib

server-private 10.0.255.18

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

View solution in original post

2 Replies 2

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎11-20-2013 06:36 AM

Can you try without single-connection:

aaa group server tacacs+ tacacs-pib

server-private 10.0.255.18

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

Go to solution
BugaenkoV
Level 1
Level 1
In response to Jatin Katyal

‎11-21-2013 12:42 AM

Yes, it helps, Thanks!

But administrators of tacacs server assured that single-connection option activated...

0 Helpful
Customers Also Viewed These Support Documents