Re: ACI APIC TACACS authentication Issue

umesh_1211 · ‎01-03-2018

I am facing strange issue. Initially we were facing issue to login one of APIC (APIC-3) with TACACS authentication and rest of APIC in cluster was working fine for authentication.We did upgrade and after that same issue started for APIC-1.

Currently I am able to login to APIC-2 using TACACS authentication but getting error "AAA servers are unreachable" for other APICs.

Our Security team remove and added APIC config in TACACS but still issue is not resolved.

Please suggest what should we check on APIC side and how?

All TACACS configuration is standard and on other site same config is working.

gmonroy · ‎01-09-2018

umesh_1211,

A few points for clarification:

1. Are all 3 APICs running the same version at this point? if not, what ver is working vs non-working?

2. Have we been able to perform a simple ping test from all 3 APICs to the TACACS server? What are the results?

3. The /var/log/dme/log/nginx.bin.log file will contain the nginx logging, including when a user attempts to authenticate against the apic you are viewing the logfile of. Please attempt a login and capture surrounding logs (for both working and non working).

-Gabriel

sarabsin · ‎11-08-2018

Hi,

I am troubleshooting authentication issue with LDAP for ACI.

How can i view /var/log/dme/log/nginx.bin.log file ?

When i try from APIC itself using more command ..i get permission denied.

APIC# more /var/log/dme/log/nginx.bin.log
/var/log/dme/log/nginx.bin.log: Permission denied
APIC# more /var/log/dme/log/nginx.bin.log
/var/log/dme/log/nginx.bin.log: Permission denied

ACI APIC TACACS authentication Issue

Unable to login to APIC using TACACS and Admin