Windows 2003 Domain Controller för AD Authentication
Goal: Admin access to network devices requires Authentication via TACACS+ to ACS (-> Active Directory). Network devices need to be managed by Prime. SSH access to Network Devices via putty and authentication against ACS/AD works just fine.
Problem: During device discovery in Prime, I get a "Partial Collection Failure" with possible cause "Could not connect to device via CLI (SSH/telnet). Check device credentials and SSH/telnet reachability". The device gets inserted into the device work center with blank SSH credentials If SSH redentials are configured manually, the device synch is successful. So basically the discovered devices need to be manually configured with SSH credentials in the device work center in order for the synch to work, which is a pain in a large environment.
- I have double-checked the credentials, and everything seems fine.
- Same result with local ACS user.
- Installed the latest patch pi_update_2.0-3.zip
- tacacs debug on network devices shows PASS
Network Device TACACS+ config:
aaa authentication login default local
aaa authentication login LOGINLIST group tacacs+ line
aaa authentication enable default group tacacs+ enable
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 7 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...