取消
显示结果 
搜索替代 
您的意思是: 
cancel
1371
查看次数
0
有帮助
2
回复

做了个华为交换机 tac+认证授权(登入后管理画面直接消失)帮我看下日志授权成功了没

angel9999
Level 1
Level 1

Steps
13005 Received TACACS+ Authorization Request - administrator
15049 Evaluating Policy Group - dotcomlab.net
15008 Evaluating Service Selection Policy - administrator
15048 Queried PIP - dotcomlab.net
15041 Evaluating Identity Policy - administrator
15013 Selected Identity Source - administrator
24432 Looking up user in Active Directory - administrator
24325 Resolving identity - huanggq
24313 Search for matching accounts at join point - dotcomlab.net
24319 Single matching account found in forest - dotcomlab.net
24323 Identity resolution detected single matching account
24355 LDAP fetch succeeded - dotcomlab.net
24420 User's Attributes retrieval from Active Directory succeeded - administrator
24100 Some of the expected attributes are not found on the subject record. The default values, if configured, will be used for these attributes - administrator
22037 Authentication Passed
15036 Evaluating Authorization Policy
24432 Looking up user in Active Directory
24355 LDAP fetch succeeded
24416 User's Groups retrieval from Active Directory succeeded
24355 LDAP fetch succeeded
24420 User's Attributes retrieval from Active Directory succeeded
24100 Some of the expected attributes are not found on the subject record. The default values, if configured, will be used for these attributes
15048 Queried PIP - administrator.ExternalGroups
15017 Selected Shell Profile
22081 Max sessions policy passed
22080 New accounting session created in Session cache
13034 Returned TACACS+ Authorization Reply

1 个已接受解答

已接受的解答

angel9999
Level 1
Level 1

第三方软件的问题,使用本地CMD  SSH 就可以了

在原帖中查看解决方案

2 条回复2

ISE的log看起来没有什么明显的错误,你可以在设备上debug检查下tacacs的信息吧,看看是否有什么异常,另外ISE方面tacacs的Live logs可以直接看到是否成功。

Operations > TACACS > Live Logs

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rps-Cheers | If it solves your problem, please mark as answer. Thanks !

angel9999
Level 1
Level 1

第三方软件的问题,使用本地CMD  SSH 就可以了

快捷链接