Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

LMS 2.2 and Tacacs attributes incorrect

I have RME 3.5 and a RADTAC tacacs server.

I have created an acct =cw2k on radtac and set up the attributes in RME using the appropriate tacacs acct info.

when I run the check device attributes applet, the value of INCORRECT is returned in the TACACS field. I have checked this several times to ensure that the username and password are correct when setting the attributes.

I am successfull at logging into the router when I telnet to the device using the cw2k account created in TACACS. so, I know that Authentcation is working.

the following is my config on the router.

( basic standard stuff )

aaa new-model

aaa authentication login admin group tacacs+ local

aaa authentication enable default group tacacs+ enable

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting system default start-stop group tacacs+

enable secret 5 <removed>

line vty 0 4

session-timeout 5

access-class 1 in

exec-timeout 15 0

password 7 <removed>

logging synchronous

login authentication admin

transport input telnet

I dont know why RME is returning an value of INCORRECT when I know that it is indeed correct!

Frustrated Net Man,

8 REPLIES
New Member

Re: LMS 2.2 and Tacacs attributes incorrect

I have the same problem, but only with 4006's running 7.6(5) code. I know this doesn't help much but I need to open a TAC case for this one!

Good Luck!

New Member

Re: LMS 2.2 and Tacacs attributes incorrect

Just as I suspected, TAC says I need to upgrade to 7.6(6).

Have not tested yet but here is the bug for my problem: CSCed45576.

Hope this helps, Good Luck!

New Member

Re: LMS 2.2 and Tacacs attributes incorrect

did the OS upgrade fix your problem?

I have a solution that may be of interest to you if not.

does the prompt for your 4006's differ from the rest of the network?

Tacacs may expect to see username: but your prompt may be username : (space after the colon). to resolve this

look for a file called "tacacsprompts.ini" open it and see if your 4006 prompt is listed in the expected prompt list.

hope this helps

Todd Martin

New Member

Re: LMS 2.2 and Tacacs attributes incorrect

Thanks Todd,

Haven't had a chance to do an upgrade yet, maybe this weekend. I did see the fix you mentioned somewhere before. May need to use it because we can't upgrade some of the switches for a long period of time. Also are you aware of what is broken in your server when the Tacacs logins don't work? Mine seems to be working for most reports and tasks.

Thanks again.

New Member

Re: LMS 2.2 and Tacacs attributes incorrect

Hi Todd,

Finally upgraded code and tested. The new code does fix the problem for us. But your other suggestion is probably better for high availability/Data center switches.

Did you fix your problem that way?

Thanks

New Member

Re: LMS 2.2 and Tacacs attributes incorrect

This piece of Ciscoworks had never been very good and

this problem used to frustrate me to no end in the past. Now, I just ignore it. Cisco is going to have to address in later ( hopefully not too much later ) versions. They have a reason why we see this "error". Here is the relevant text from the help for that page:

Incorrect

Test completed and device attribute does not match physical device for one of the following reasons:

* The device attribute setting in inventory is not correct.

* The device is unreachable or offline.

* One of the interfaces on the device is down.

Hope this helps.

New Member

Re: LMS 2.2 and Tacacs attributes incorrect

Hi,

I have the same problem,

I have upgraded my Catalysts 6000 to 8.2 and now I have to press a key before my login banner appears. I found the Bug number in your discussion: CSCed45576.

The problem is now CiscoWorks(RME 3.5) can't access my switchs using TACACS.

I verified my password in RME/Admin/Inventory/Check device attributes, but it still says :

TACACS : INCORRECT.

Only the switchs I upgraded to 8.2 can't communicate with CW.

Is the Bug the problem ? Is there a patch in CW to fix it ?

Thanks

New Member

Re: LMS 2.2 and Tacacs attributes incorrect

check case.

if you have insterted and deleted device several times, there maybe several instances of the device in the db.

always delete first before reimporting.

try deleting device. stop cw2k services and re-enter device. I have seen this issue twice and was able to reconcile.

if you think there are shadow instances of this device in the db contact tac to get instructions to delete devices thru dbreader.

107
Views
3
Helpful
8
Replies