03-29-2006 11:51 PM - edited 02-21-2020 10:15 AM
When prompted for user authentication, it won't accept the credentials though it is valid from the ACS database. But when the router is configured for local authentication it works.
Can someone pls help
03-30-2006 02:26 AM
Can you check ACS failed attemts??
try in ACS from left menu - Reports and activity than Failed attepmts
You can find there some error message - it could help you debug problem
M.
Rate useful posts
03-31-2006 02:50 AM
i've had the exact same problem (see my post in the AAA forum)
try using radius instead - ie add the router into ACS as a radius client, configure radius authentication on the router and then change to using "group radius" instead of "group tacacs+" in the router aaa config.
this worked for me, but I still haven't been able to get tacacs working and am beginning to suspect its a bug.
03-31-2006 02:58 AM
I remember I had similar problems, it was really some bug
solution was following
instead
tacacs-server host 10.250.1.21
tacacs-server key yourkey
try
tacacs-server host 10.250.1.21 key yourkey
Hope that helps, rate if it does
03-31-2006 03:13 AM
didn't work for me
I should add - tacacs is working fine for telnet authentication and authorization on the same router.
I did some debugging and it very much looked like the router was receiving the password from the client but not sending it onto ACS. ACS kept replying "GET_PASSWORD"
04-11-2006 05:33 AM
i fixed this by upgrading to 12.4 - this seems to be a bug in a number of versions of 12.3.
xauth sends the password to the router, but the router doesn't send the password to the tacacs server. this is why you don't get a failed login in the logs.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: