topic Re: auth-proxy tacacs question in Network Access Control https://community.cisco.com/t5/network-access-control/auth-proxy-tacacs-question/m-p/469543#M428383 <HTML><HEAD></HEAD><BODY><P>Figured it out: I had not put in a default aaa authentication login default tacacas+ command. I didn't think it was necessary. I was wrong.</P></BODY></HTML> Tue, 04 Oct 2005 20:06:42 GMT nickpowers 2005-10-04T20:06:42Z auth-proxy tacacs question https://community.cisco.com/t5/network-access-control/auth-proxy-tacacs-question/m-p/469542#M428380 <P>My Cisco ACS is not allowing me to log in using the auth-proxy http page. It states: unknown username. When I debug AAA Tacacs I get this information:</P><P></P><P>5d23h: HTTP: parsed uri '/'</P><P>5d23h: HTTP: client version 1.1</P><P>5d23h: HTTP: parsed extension Accept</P><P>5d23h: HTTP: parsed extension Referer</P><P>5d23h: HTTP: parsed extension Accept-Language</P><P>5d23h: HTTP: parsed extension Content-Type</P><P>5d23h: HTTP: parsed extension Accept-Encoding</P><P>5d23h: HTTP: parsed extension User-Agent</P><P>5d23h: HTTP: parsed extension Host</P><P>5d23h: HTTP: parsed extension Content-Length</P><P>5d23h: HTTP: Content-length 56</P><P>5d23h: HTTP: parsed extension Connection</P><P>5d23h: HTTP: parsed extension Cache-Control</P><P>5d23h: HTTP: received POST '/' 4</P><P>5d23h: HTTP: parsed variable 'au_pxytimetag'</P><P>5d23h: HTTP: parsed value '517088482'</P><P>5d23h: HTTP: parsed variable 'uname'</P><P>5d23h: HTTP: parsed value 'myuser'</P><P>5d23h: HTTP: parsed variable 'pwd'</P><P>5d23h: HTTP: parsed value 'mypass'</P><P>5d23h: HTTP: parsed variable 'ok'</P><P>5d23h: HTTP: proxy done with post parsing</P><P>5d23h: AUTH-PROXY FUNC: auth_proxy_required_reauth</P><P>5d23h: AUTH-PROXY FUNC: auth_proxy_same_timestamp</P><P>5d23h: AUTH-PROXY FUNC: auth_proxy_wait_for_next_pwd</P><P>5d23h: AAA: parse name=FastEthernet0/1 idb type=-1 tty=-1</P><P>5d23h: AAA: name=FastEthernet0/1 flags=0x15 type=12 shelf=0 slot=0 adapter=0 port=1 channel=0</P><P>5d23h: AAA: parse name=&lt;no string&gt; idb type=-1 tty=-1</P><P>5d23h: AAA/MEMORY: create_user (0x826145A0) user='NULL' ruser='NULL' ds0=0 port='FastEthernet0/1' rem_addr='192.168.1.34' authen_type=ASCII service=LOGIN priv=0 initial_task_id='0'</P><P>5d23h: AAA/AUTHEN/START (4001909351): port='FastEthernet0/1' list='default' action=LOGIN service=LOGIN</P><P>5d23h: AAA/AUTHEN/START (4001909351): console login - default to "no auth required"</P><P>5d23h: AAA/AUTHEN/START (4001909351): Method=NONE</P><P>5d23h: AAA/AUTHEN (4001909351): status = PASS</P><P>5d23h: FastEthernet0/1 AAA/AUTHOR/HTTP (3914281355): Port='FastEthernet0/1' list='default' service=AUTH-PROXY</P><P>5d23h: AAA/AUTHOR/HTTP: FastEthernet0/1 (3914281355) user=''</P><P>5d23h: FastEthernet0/1 AAA/AUTHOR/HTTP (3914281355): send AV service=auth-proxy</P><P>5d23h: FastEthernet0/1 AAA/AUTHOR/HTTP (3914281355): send AV cmd*</P><P>5d23h: FastEthernet0/1 AAA/AUTHOR/HTTP (3914281355): found list "default"</P><P>5d23h: FastEthernet0/1 AAA/AUTHOR/HTTP (3914281355): Method=tacacs+ (tacacs+)</P><P>5d23h: %AAA/AUTHOR/TAC+: (3914281355): no username in request</P><P>5d23h: AAA/AUTHOR/TAC+: (3914281355): send AV service=auth-proxy</P><P>5d23h: AAA/AUTHOR/TAC+: (3914281355): send AV cmd*</P><P>5d23h: TAC+: Using default tacacs server-group "tacacs+" list.</P><P>5d23h: TAC+: Opening TCP/IP to ###.###.###.###/49 timeout=20</P><P>5d23h: TAC+: Opened TCP/IP handle 0x8279F504 to ###.###.###.###/49</P><P>5d23h: TAC+: periodic timer started</P><P>5d23h: TAC+: ###.###.###.### req=82615960 Qd id=3914281355 ver=192 handle=0x8279F504 (ESTAB) expire=19 AUTHOR/START queued</P><P>5d23h: TAC+: ###.###.###.### (3914281355) AUTHOR/START queued</P><P>5d23h: TAC+: ###.###.###.### ESTAB id=3914281355 wrote 71 of 71 bytes</P><P>5d23h: TAC+: ###.###.###.### req=82615960 Qd id=3914281355 ver=192 handle=0x8279F504 (ESTAB) expire=19 AUTHOR/START sent</P><P>5d23h: TAC+: ###.###.###.### ESTAB read=12 wanted=12 alloc=12 got=12</P><P>5d23h: TAC+: ###.###.###.### ESTAB read=56 wanted=56 alloc=56 got=44</P><P>5d23h: TAC+: ###.###.###.### received 56 byte reply for 82615960</P><P>5d23h: TAC+: req=82615960 Tx id=3914281355 ver=192 handle=0x8279F504 (ESTAB) expire=19 AUTHOR/START processed</P><P>5d23h: TAC+: (3914281355) AUTHOR/START processed</P><P>5d23h: TAC+: periodic timer stopped (queue empty)</P><P>5d23h: TAC+: (3914281355): received author response status = FAIL</P><P>5d23h: TAC+: Closing TCP/IP 0x8279F504 connection to ###.###.###.##/49</P><P>5d23h: AAA/AUTHOR (3914281355): Post authorization status = FAIL</P><P>5d23h: HTTP: proxy authorization rejected</P><P></P><P>The line that interests me is:</P><P>5d23h: %AAA/AUTHOR/TAC+: (3914281355): no username in request</P><P></P><P>Could this be my problem?? Could not be sending the username I entered?? Anybody ever seen this message before?</P><P></P><P>Thanks</P><P></P> Sun, 10 Mar 2019 21:20:04 GMT https://community.cisco.com/t5/network-access-control/auth-proxy-tacacs-question/m-p/469542#M428380 nickpowers 2019-03-10T21:20:04Z Re: auth-proxy tacacs question https://community.cisco.com/t5/network-access-control/auth-proxy-tacacs-question/m-p/469543#M428383 <HTML><HEAD></HEAD><BODY><P>Figured it out: I had not put in a default aaa authentication login default tacacas+ command. I didn't think it was necessary. I was wrong.</P></BODY></HTML> Tue, 04 Oct 2005 20:06:42 GMT https://community.cisco.com/t5/network-access-control/auth-proxy-tacacs-question/m-p/469543#M428383 nickpowers 2005-10-04T20:06:42Z Re: auth-proxy tacacs question https://community.cisco.com/t5/network-access-control/auth-proxy-tacacs-question/m-p/469544#M428385 <HTML><HEAD></HEAD><BODY><P>I have the same problem.</P><P></P><P>Laptom</P></BODY></HTML> Thu, 05 Jan 2006 22:52:59 GMT https://community.cisco.com/t5/network-access-control/auth-proxy-tacacs-question/m-p/469544#M428385 CSCO10685980 2006-01-05T22:52:59Z