Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

authorization timeout

Hi,

I got a problem with an access server (5350). The authentication is working but I'm having trouble with the authorization lately. This is an intermittent problem. Any idea or troubleshooting step I should take?

Looks like ACS is not receiving authorization packets. Option 1: the AS is not sending it, option 2, something is droping the packet.

Aug 12 12:22:39.210: TPLUS: Received authen response status PASS (2)

Aug 12 12:22:39.210: AAA/AUTHOR (0x48BA): Pick method list 'default'

Aug 12 12:22:39.210: TPLUS: Queuing AAA Authorization request 18618 for processing

Aug 12 12:22:39.210: TPLUS: processing authorization request id 18618

Aug 12 12:22:39.210: TPLUS: Protocol set to None .....Skipping

Aug 12 12:22:39.210: TPLUS: Sending AV service=shell

Aug 12 12:22:39.210: TPLUS: Sending AV cmd*

Aug 12 12:22:39.210: TPLUS: Authorization request created for 18618(user)

Aug 12 12:22:39.210: TPLUS: using previously set server x.x.x.x from group tacacs+

Aug 12 12:22:39.210: TPLUS(000048BA)/1/NB_WAIT/64BE0698: Started 20 sec timeout

Aug 12 12:22:39.210: TPLUS(000048BA)/1/NB_WAIT: socket event 2

Aug 12 12:22:39.210: TPLUS(000048BA)/1/NB_WAIT: wrote entire 60 bytes request

Aug 12 12:22:39.210: TPLUS(000048BA)/1/READ: socket event 1

Aug 12 12:22:39.210: TPLUS(000048BA)/1/READ: Would block while reading

Aug 12 12:22:59.210: TPLUS(000048BA)/1/READ/64BE0698: timed out

Aug 12 12:22:59.210: TPLUS: Protocol set to None .....Skipping

1 REPLY

Re: authorization timeout

May not be the most helpful thing but are you in position to run a sniffer in between to isolate where the problem comes from: AS or ASA?

If you have a nam blade somewhere that will make it easier or a way to span a session to a computer with wireshark.

129
Views
0
Helpful
1
Replies
CreatePlease to create content