Re: Not able to login in 4.2.3c

dhanasekaran.r · ‎04-05-2011

Hi All,

We have an WAE with code 4.2.3c recently upgraded from 4.1.5f. We were able to telnet to device until there was an alarm "disk_failure critical alarm " which was generated. We are able to ping the device and we are getting the login prompt but it does not allow us to login with TACACS or local passwords.

Is there some feature which has changed with authentication feature from 4.1.5f to 4.2.3c for the box to act like this.

Thanks,

Dhana

Bhavin Yadav · ‎04-05-2011

Hi Dhana,

Nope, nothing is changed in the authentication process from 4.1.5f to 4.2.3c. Couple of things you may want to verify:

1. Try to avoid any special characters in passcode or TACACS key.

2. Make sure CM config is synced up properly with WAE. You can use show cms info on WAE cli to make sure WAE is talking to CM nicely.

3. Disable all TACACS config and verify with admin login.

Hope this helps.

Regards.

PS: Please mark this Answered, if this resolves your issue.

dhanasekaran.r · ‎04-05-2011

Hi Bhavin,

Thanks for your reply. The Box was working fine and it lost the raid controller and i am not able to telnet. Even when i take console i need to remove the Network cables for Local passwords to work.

In the previous version it was not the case, i can login even the disk has raid failure , i would easily telnet and recreate raid. This feature just disappeared in the OS 4.2.3c or i am doing something wrong ?

Bhavin Yadav · ‎04-05-2011

Hmm. not really. As I mentioned before, nothing has changed from TACACS perspective. Just avoid special characters and limit TACACS key to 10-12 letters.

About RAID controller issue, if you think this is RAID / disk failure, you may want to open TAC case for RMA.

Regards.

dhanasekaran.r · ‎04-05-2011

Hi Bhavin,,

Thanks again, I checked my TACACS key and it does not have any special charcter and less than 12 character. I just downgraded the box to 4.1.5f and created the disk issue in my lab and i was able to login with no issues. i upgraded to 4.2.3c and created disk issue i am not able to login. Strange !!!.

Bhavin Yadav · ‎04-05-2011

Well. We will need to check you sysreport for that matter. Is there a way you can send us sysreport from this WAE? I want to see if CM is playing any role here.

You may want to open a TAC case for this one.

One more thing: What username you are using? admin? or any other customized user?

Thanks.

dhanasekaran.r · ‎04-28-2011

Hi Bhavin,

I tried to reproduce the issue again and i have the Logs which shows incorrect TACACS key in the logs in both ACS server and in the WAAS box.

ACS Log :

04/26/2011,00:38:14,Authen failed,,Default Group (No Access),,Key Mismatch,,,,10.132.5.193,ustccsec2,10.132.5.193,Waas Group,

WAE Log :

2011 Apr 27 14:57:07 abcdwa1 login: %WAAS-UTILLIN-4-801060: _tac_crypt: using no TACACS+ encryption
2011 Apr 27 14:57:07 abcdwa1 login: %WAAS-UTILLIN-3-801060: tac_account_read: invalid reply content, incorrect key?
2011 Apr 27 14:57:07 abcdwa1 login: %WAAS-UTILLIN-4-801060: _pam_send_account: accounting stop failed (task 6273)
2011 Apr 27 14:57:07 abcdwa1 login: %WAAS-UTILLIN-4-801060: ***pam_tac _pam_account: error sending STOP (acct)
2011 Apr 27 14:57:07 abcdwa1 login: %WAAS-UTILLIN-4-801060: _tac_crypt: using no TACACS+ encryption
2011 Apr 27 14:57:08 abcdwa1 login: %WAAS-UTILLIN-3-801060: tac_account_read: invalid reply content, incorrect key?
2011 Apr 27 14:57:08 abcdwa1 login: %WAAS-UTILLIN-4-801060: _pam_send_account: accounting stop failed (task 6273)
2011 Apr 27 14:57:08 abcdwa1 login: %WAAS-UTILLIN-4-801060: ***pam_tac _pam_account: error sending STOP (acct)
2011 Apr 27 14:57:08 abcdwa1 login: %WAAS-UTILLIN-3-801060: SendExecReport: PAM session problem
2011 Apr 27 14:57:08 abcdwa1 Nodemgr: %WAAS-NODEMGR-5-330027: Process with pid 6273 exits
2011 Apr 27 14:57:08 abcdwa1 Nodemgr: %WAAS-NODEMGR-5-330024: Service 'mingetty' exited normally with code 0
2011 Apr 27 14:57:08 abcdwa1 Nodemgr: %WAAS-NODEMGR-5-330032: Stopping service: 'mingetty'.

The above logs shows there is some kind of mismatch happening with TACACS key after WAAS goes offline.