Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

No username in request for TACACS+ authentication

I have a 3640 with an NM-16AM (analog modem module). I'm trying to get the dial-in users to authenticate with the Windows Domain Controller via a TACACS+ server (SecureACS 3.2). When the user tries to connect, they get "Error 734: The PPP link control protocol was terminated." The router debug shows "No username in request".

Script and debug follow. This is in a lab, so I can experiment. I'm new to both AAA and SecureACS, so even simple suggestions are appreciated.

version 12.2

service timestamps debug datetime

service timestamps log datetime

service password-encryption

!

hostname ACS3640

!

boot system flash

aaa new-model

aaa authentication login default group tacacs+

aaa authentication login no_tacacs enable

aaa authentication login TELVTY enable

aaa authentication ppp default if-needed group tacacs+

aaa authorization exec default none

aaa authorization network default group tacacs+

aaa accounting exec default start-stop group tacacs+

aaa accounting network default start-stop group tacacs+

enable secret 5 xxxxxxxxxxxxxxx

!

username xxx password 7 xxxxxxxxxxxxx

ip subnet-zero

!

ip audit notify log

ip audit po max-events 100

ip address-pool local

!

call rsvp-sync

!

interface Ethernet2/0

no ip address

shutdown

half-duplex

!

interface Ethernet2/1

no ip address

shutdown

half-duplex

!

interface Ethernet2/2

ip address 192.168.3.124 255.255.255.0

half-duplex

!

interface Ethernet2/3

no ip address

shutdown

half-duplex

!

interface Group-Async2

no ip address

encapsulation ppp

async mode interactive

group-range 33 48

!

ip local pool pool1 192.168.12.1 192.168.12.16

ip classless

ip http server

!

tacacs-server host 192.168.3.70 single-connection key xxxxxxxx

tacacs-server directed-request

!

dial-peer cor custom

!

line con 0

login authentication no_tacacs

line 33 48

flush-at-activation

modem Dialin

modem autoconfigure discovery

autoselect during-login

autoselect ppp

flowcontrol hardware

line aux 0

line vty 0 4

password 7 xxxxxxxx

login authentication TELVTY

transport input telnet

!

end

*Mar 1 01:03:02: Call Handle failed for Modem 1/11

*Mar 1 01:03:02: AAA: parse name=tty44 idb type=10 tty=44

*Mar 1 01:03:02: AAA: name=tty44 flags=0x11 type=4 shelf=0 slot=0 adapter=0 por

t=44 channel=0

*Mar 1 01:03:02: AAA/MEMORY: create_user (0x625601C4) user='NULL' ruser='NULL'

ds0=-1 port='tty44' rem_addr='async' authen_type=ASCII service=LOGIN priv=1 init

ial_task_id='0'

*Mar 1 01:03:02: AAA/AUTHEN/START (1507728324): port='tty44' list='' action=LOG

IN service=LOGIN

*Mar 1 01:03:02: AAA/AUTHEN/START (1507728324): using "default" list

*Mar 1 01:03:02: AAA/AUTHEN/START (1507728324): Method=tacacs+ (tacacs+)

*Mar 1 01:03:02: TAC+: send AUTHEN/START packet ver=192 id=1507728324

*Mar 1 01:03:02: TAC+: ver=192 id=1507728324 received AUTHEN status = GETUSER

*Mar 1 01:03:02: AAA/AUTHEN (1507728324): status = GETUSER

*Mar 1 01:03:04: AAA/AUTHEN/ABORT: (1507728324) because Autoselected.

*Mar 1 01:03:04: TAC+: send abort reason=Autoselected

*Mar 1 01:03:04: AAA/AUTHEN/ABORT: (1507728324) because Autoselected.

*Mar 1 01:03:04: TAC+: send abort reason=Autoselected

*Mar 1 01:03:04: AAA/MEMORY: free_user_quiet (0x625601C4) user='NULL' ruser='NU

LL' port='tty44' rem_addr='async' authen_type=1 service=1 priv=1

*Mar 1 01:03:07: %LINK-3-UPDOWN: Interface Async44, changed state to up

*Mar 1 01:03:07: As44 PPP: Using modem call direction

*Mar 1 01:03:07: As44 PPP: Treating connection as a callin

*Mar 1 01:03:07: As44 AAA/AUTHOR/FSM: (0): LCP succeeds trivially

*Mar 1 01:03:07: AAA: parse name=Async44 idb type=10 tty=44

*Mar 1 01:03:07: AAA: name=Async44 flags=0x11 type=4 shelf=0 slot=0 adapter=0 p

ort=44 channel=0

*Mar 1 01:03:07: AAA/MEMORY: create_user (0x62544678) user='NULL' ruser='NULL'

ds0=-1 port='Async44' rem_addr='async' authen_type=NONE service=PPP priv=1 initi

al_task_id='0'

*Mar 1 01:03:07: As44 AAA/AUTHOR/LCP: Authorize LCP

*Mar 1 01:03:07: As44 AAA/AUTHOR/LCP (1575802302): Port='Async44' list='' servi

ce=NET

*Mar 1 01:03:07: AAA/AUTHOR/LCP: As44 (1575802302) user=''

*Mar 1 01:03:07: As44 AAA/AUTHOR/LCP (1575802302): send AV service=ppp

*Mar 1 01:03:07: As44 AAA/AUTHOR/LCP (1575802302): send AV protocol=lcp

*Mar 1 01:03:07: As44 AAA/AUTHOR/LCP (1575802302): found list "default"

*Mar 1 01:03:07: As44 AAA/AUTHOR/LCP (1575802302): Method=tacacs+ (tacacs+)

*Mar 1 01:03:07: %AAA/AUTHOR/TAC+: (1575802302): no username in request

*Mar 1 01:03:07: AAA/AUTHOR/TAC+: (1575802302): send AV service=ppp

*Mar 1 01:03:07: AAA/AUTHOR/TAC+: (1575802302): send AV protocol=lcp

*Mar 1 01:03:08: TAC+: (1575802302): received author response status = FAIL

*Mar 1 01:03:08: As44 AAA/AUTHOR (1575802302): Post authorization status = FAIL

*Mar 1 01:03:08: As44 AAA/AUTHOR/LCP: Denied

*Mar 1 01:03:08: As44 AUTH: Started process 0 pid 96

*Mar 1 01:03:11: %LINK-5-CHANGED: Interface Async44, changed state to reset

*Mar 1 01:03:11: AAA/MEMORY: free_user (0x62544678) user='NULL' ruser='NULL' po

rt='Async44' rem_addr='async' authen_type=NONE service=PPP priv=1

*Mar 1 01:03:16: %LINK-3-UPDOWN: Interface Async44, changed state to down

2 REPLIES
Silver

Re: No username in request for TACACS+ authentication

Any ppp settings defect? check the ppp settings and make sure that under ppp settings negotiate multi-link for single link connections is not checked. Unchecking should resolve the issue.

New Member

Re: No username in request for TACACS+ authentication

Which screen is this selection on? I looked at CiscoSecure ACS --> Interface Configuration --> TACACS+ Services menu and have the following selected for both user and group: PPP IP, PPP LCP, SLIP. "PPP Multilink" is not selected. I also have "Advanced TACACS Features" selected on the menu below.

221
Views
0
Helpful
2
Replies
CreatePlease to create content