I have a Catalyst 4003 with a locauser configured and local authentication enabled as backup. Tacacs is primary auth method. If I perform a "Device Credential Verification" for "Telner Enable Mode Username and Password" with the Tacacs server reachable the job is "Successful" and the details are "Ok(Primary Successful)". If I check "Fallback to Secondary Credentials" in RME and disable access to the Tacacs server, then perform the same test it tells me the job is "Successful" with the details again being "Ok(Primary Successful)". If I perform the same check but uncheck "Fallback to Secondary Credentials" with no access to Tacacs, the job is again Successful with the details stating "Did Not Try".
I seem to be getting Successful jobs when I should have failures (the third test above). I also would expect that for the second test it would be "Successful" and the details would say "Ok (Fallback Successful)". I need to verify password changes but can't seem to get Ciscoworks to help with this job.
This does not sound right. Can you capture a sniffer trace of all telnet (tcp/23) traffic between the RME server and the device when running the Device Credential Verification job with the various configurations you describe? This would be helpful in spotting the problem. Unfortunately, debugging DCV via logs is not very easy to do.
If the purpose of the trace is to verify that the appropriate credentials were used between RME and the device then the log buffer on the device confirms they were. For test 1 the tacacs acccount was used. For test 2 the local account was used. For test 3 nothing was tried. It seems as if the job is working correctly. What isn't is the info for the successful job.
If you still need to see something else from a trace let me know. It will take me a little while since this switch isn't close. I can attempt the same test on a switch closer to my location if necessary.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...