ACS Failing Local User

Srinivasan Nagarajan — Tue, 02 Nov 2021 15:15:37 GMT

Hi Experts,

We've Cisco ASA firewalls being authenticated and authorized by the Cisco ACS (5.8 Patch 10) for the TACACS users. We've Local/Internal users to ACS configured and I'm noticing an issue when the Internal user is unable to authenticate using the secondary ACS. Both the ACS is in cluster and this is specific to a user.

Other Local users and AD users are able to authenticate with the firewall successfully. This is working perfectly working when authenticating with the primary ACS using the same username/password. I've tested this behavior with the test aaa-server command and I enter the correct username/password.

Below debug logs for that specific user from the firewall when connecting with the secondary ACS.

Please assist?

INFO: Attempting Authentication test to IP address (10.0.0.10) (timeout: 10 seconds)
mk_pkt - type: 0x1, session_id: 2147483655
user: username
Tacacs packet sent
Sending TACACS Start message. Session id: 2147483655, seq no:1
Received TACACS packet. Session id:379906433 seq no:2
tacp_procpkt_authen: GETPASS
mk_pkt - type: 0x1, session_id: 2147483655
mkpkt_continue - response: ***
Tacacs packet sent
Sending TACACS Continue message. Session id: 2147483655, seq no:3
Received TACACS packet. Session id:379906433 seq no:4
tacp_procpkt_authen: FAIL
TACACS Session finished. Session id: 2147483655, seq no: 3

++++++

INFO: Attempting Authentication test to IP address (10.0.0.10) (timeout: 10 seconds)
ERROR: Authentication Rejected: Unspecified

Re: ACS Failing Local User

balaji.bandi — Tue, 02 Nov 2021 15:17:13 GMT

 this is specific to a user.

if this is specific to the only 1 user, i would suggest to delete the user and create back, make sure ACS synched 100%

topic ACS Failing Local User in Network Access Control

ACS Failing Local User

Re: ACS Failing Local User