Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4652
Views
0
Helpful
6
Replies

Tacacs + authentication for Redhat server as a client

halima.naboulsi
Level 1
Level 1

‎11-23-2010 07:59 AM - edited ‎03-10-2019 05:36 PM

Hello,

Can someone help me, I have this error when I try to login on Redhat server :

TacacsLoginFlow,22/11/2010,18:41:58:347,ERROR,3057433504,cntx=0003764282,sesn=EMEA-PAR-ACS01/78155693/561084,user=user-name,Failed to dispatch the T+ Authen Login packet,TacacsLoginFlow.cpp:74

I can't find the file TacacsLoginFlow.cpp, I think that is a source file.

I need your help !!

Labels:
0 Helpful
6 Replies 6

Nicolas Darchis
Cisco Employee
Cisco Employee

‎11-23-2010 11:33 AM

Hi,

Can you clarify what is the relation with cisco devices ?

Thanks.

Nicolas

0 Helpful

halima.naboulsi
Level 1
Level 1
In response to Nicolas Darchis

‎11-24-2010 12:47 AM

Hello,

I have a Cisco Secure ACS, I configured Tacacs+ on it. It works fine with network device, but now I'm testing to configure authentication for servers.

I installed a rpm for that on client server.

When I tried to authenticate via Tacacs+ server I had the error above.

could you please help me to resolv it?

Regards,

0 Helpful

Nicolas Darchis
Cisco Employee
Cisco Employee
In response to halima.naboulsi

‎11-24-2010 01:13 AM

Well it's a client-side red hat issue ... I'm not sure the ACS has anything to do with it in the first place.

Can you be more specific on the tacacs rpm you installed ?

Nicolas

0 Helpful

halima.naboulsi
Level 1
Level 1
In response to Nicolas Darchis

‎11-24-2010 02:53 AM

Hello,

I installed this rpm which I compiled "pam_tacplus-1.3.2-1.x86_64.rpm", and I configured these two files:

/etc/pam.d/tacacs:

#%PAM-1.0
auth      sufficient    /lib/security/pam_tacplus.so debug server=server_IP timeout=5 secret=Key_secret encrypt
account   sufficient    /lib/security/pam_tacplus.so debug server=server_IP timeout=5 secret=Key_secret encrypt service=shell protocol=ssh
session   sufficient    /lib/security/pam_tacplus.so debug server=server_IP timeout=5 secret=Key_secret encrypt service=shell protocol=ssh

/etc/pam.d/sshd:

#%PAM-1.0
auth               include          tacacs

account          include          tacacs
password        required         tacacs
session          include          tacacs

Thanks and Regards,

0 Helpful

halima.naboulsi
Level 1
Level 1
In response to halima.naboulsi

‎11-24-2010 07:12 AM

Hello,

I had this erreor on ACS side:

Response = {Type=Authentication; Authen-Reply-Status=Error; }

Juste to clarify, It uses PAM.

Thanks and Regards,

0 Helpful

Nicolas Darchis
Cisco Employee
Cisco Employee
In response to halima.naboulsi

‎11-25-2010 05:35 AM

That RPM was not made by Cisco afaik so I'm not sure if anyone here can help you.

What's your ACS version btw ? That output would look like ACS for Unix ??

Nicolas

0 Helpful
Customers Also Viewed These Support Documents