Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

TACACS+ Problems

I am facing following problems :

1. Logged in users is not showing any user list

2. TACACS+ Accounting is not working. No log file generated though there is activity.

We have installed

TACACS+ (ACS version 3.0)

Installed on NT 4.00 (Build 1381)

Service pack 6 (128 bit high encryption)

Internet Explorer 5.5.50.4807.2300

  • Other Security Subjects
4 REPLIES
Cisco Employee

Re: TACACS+ Problems

Go to System Configuration > Logging and make sure if the CSV TACACS+ Accounting is enabled.

Other than that, hope you have configured AAA accounting on the router correctly, is yes, then do 'debug accounting' on the router and see if the accounting packets are being sent to the ACS, is not, then your problem is on the router.

HTH

R/Yusuf

New Member

Re: TACACS+ Problems

Thnx Yusuf for prompt reply.

CSV TACACS + Accounting is enabled in logging on ACS.

Router command is added as "aaa accounting commands 15 default stop-only group tacacs+ "

Wht abt loggin user list also it does not display.

Cisco Employee

Re: TACACS+ Problems

that explains then

aaa accounting commands 15 default stop-only group tacacs+

is not enough to display logged-in users on ACS, you need to enable following

(if users are logged-in on the router)

aaa accounting exec default start-stop|stop-only group tacacs+

(if users are dialin users using PPP etc)

aaa accounting network default start-stop|stop-only group tacacs+

http://www.cisco.com/warp/public/480/csntfaq.html#Q28

HTH

R/Yusuf

New Member

Re: TACACS+ Problems

aaa accounting started working. Thanks

But logged in users list still problem. checked the url given by u.

For authentication packet I hv checked sysytem configuration -->Logging -->CSV passed Authentication -->logged attributes are NAS-Port & NAS-IP Address alongwith other three.

For accounting start & stop packet, I hv checked sysytem configuration -->Logging -->CSV TACACS+ Accounting -->logged attributes are NAS-Portname & NAS-IP-Address but session-id & framed-ip-address are not there.

251
Views
0
Helpful
4
Replies
This widget could not be displayed.