Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Authorization failed

Good day.

Have a problem with authorization in tacacs+

config:

aaa group server tacacs+ tacacs-pib

server-private 10.0.255.18 single-connection key 123

ip vrf forwarding mgmt

ip tacacs source-interface FastEthernet0/2/0

!

aaa authentication login default group tacacs-pib local

aaa authentication enable default group tacacs-pib enable

aaa authorization console

aaa authorization config-commands

aaa authorization exec default group tacacs-pib local

aaa authorization commands 15 default group tacacs-pib local

aaa authorization network default group tacacs-pib local

aaa accounting exec default start-stop group tacacs-pib

aaa accounting commands 15 default start-stop group tacacs-pib

Debug:

TPLUS(000002FC)/0/READ: read entire 12 header bytes (expect 16 bytes)

TPLUS(000002FC)/0/READ: read entire 28 bytes response

TPLUS(000002FC)/0/15D4A80C: Processing the reply packet

TPLUS: Received authen response status GET_PASSWORD (8)

TPLUS(000002FC)/0/None: Started 120 sec timeout

TPLUS: Queuing AAA Authentication request 764 for processing

TPLUS: processing authentication continue request id 764

TPLUS: Authentication continue packet generated for 764

TPLUS(000002FC)/0/None: Timer Stoped

TPLUS(000002FC)/0/WRITE/15D4A80C: Started 5 sec timeout

TPLUS(000002FC)/0/WRITE: wrote entire 24 bytes request

TPLUS(000002FC)/0/READ: read entire 12 header bytes (expect 6 bytes)

TPLUS(000002FC)/0/READ: read entire 18 bytes response

TPLUS(000002FC)/0/15D4A80C: Processing the reply packet

TPLUS: Received authen response status PASS (2)

TPLUS: Queuing AAA Authorization request 764 for processing

TPLUS: processing authorization request id 764

TPLUS: Protocol set to None .....Skipping

TPLUS: Sending AV service=shell

TPLUS: Sending AV cmd*

TPLUS: Authorization request created for 764(ingener)

TPLUS: using previously set server 10.0.255.18 from group tacacs-pib

TPLUS(000002FC)/0/IDLE/15D4A80C: got immediate connect on new 0

TPLUS(000002FC)/0/WRITE/15D4A80C: Started 5 sec timeout

TPLUS(000002FC)/0/WRITE: wrote entire 64 bytes request

TPLUS: Error occurs in reading packet header, shutdown the single connection

TPLUS(000002FC)/0/15D4A80C: Processing the reply packet

TPLUS: Invalid Client information received as input

And another question -

Why all usernames in upper case?

username ADMIN privilege 15 secret ***

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Authorization failed

Can you try without single-connection:

aaa group server tacacs+ tacacs-pib

server-private 10.0.255.18

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
2 REPLIES
Cisco Employee

Authorization failed

Can you try without single-connection:

aaa group server tacacs+ tacacs-pib

server-private 10.0.255.18

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
New Member

Re: Authorization failed

Yes, it helps, Thanks!

But administrators of tacacs server assured that single-connection option activated...

2487
Views
10
Helpful
2
Replies