09-05-2006 02:12 AM
Dear ALL,
we have some trouble with TACACS on the CSS. We have configured all relevant stuff on the box, but we will receive no successfull replay from the Server, when we use our RADIUS Server then the reply will be done very nice and successfully. The Setup is the easiest way the Server will be in the same subnet as the CSS. ANy hints or tricks ?
The log from CSS is this :
SEP 5 02:59:28 1/1 9 SECURITY-7: SECMGR:SecurityAuth:Request from 0x00004b07
SEP 5 02:59:28 1/1 10 SECURITY-7: SECMGR:SecurityMgrProc:Try Primary
SEP 5 02:59:28 1/1 11 SECURITY-7: Security Manager sending error 7 reply to caller 1c01
SEP 5 02:59:28 1/1 12 SECURITY-7: SECMGR:SecurityMgrProc:Try Secondary
SEP 5 02:59:28 1/1 13 SECURITY-7: Security Manager sending error 7 reply to caller 1c01
SEP 5 02:59:28 1/1 14 SECURITY-7: SECMGR:SecurityMgrProc:Try Tertiary
SEP 5 02:59:28 1/1 15 SECURITY-7: Security Manager sending success 0 reply to caller 1c01
SEP 5 02:59:28 1/1 16 SECURITY-7: SECMGR:SecurityMgrProc:Try Done, Send 0x00004b07
SEP 5 03:00:01 1/1 17 NETMAN-6: Session logged out due to idle timer
SEP 5 03:03:10 1/1 18 SECURITY-7: SECMGR:SecurityAuth:Request from 0x00004b09
SEP 5 03:03:10 1/1 19 SECURITY-7: SECMGR:SecurityMgrProc:Try Primary
SEP 5 03:03:10 1/1 20 SECURITY-7: Security Manager sending error 7 reply to caller 1c01
SEP 5 03:03:10 1/1 21 SECURITY-7: SECMGR:SecurityMgrProc:Try Secondary
SEP 5 03:03:10 1/1 22 SECURITY-7: Security Manager sending error 7 reply to caller 1c01
SEP 5 03:03:10 1/1 23 SECURITY-7: SECMGR:SecurityMgrProc:Try Tertiary
SEP 5 03:03:10 1/1 24 SECURITY-7: Security Manager sending success 0 reply to caller 1c01
SEP 5 03:03:10 1/1 25 SECURITY-7: SECMGR:SecurityMgrProc:Try Done, Send 0x00004b09
SEP 5 03:03:41 1/1 26 NETMAN-6: Session logged out due to idle timer
09-07-2006 05:03 AM
HI Joerg,
Are you trying to have CSS logins authenticate through TACACS ? If so, can you paste a the important part of the TACACS CSS config here for a review ?
Thanks
Pete..
09-08-2006 12:54 AM
Hi There,
here are the config.
we Have also tried with the quoted text password. Decrypted and encrypted. Nothing helps. Thx for a solution
virtual authentication primary tacacs
virtual authentication secondary local
cdp run
logging subsystem security level debug-7
logging subsystem netman level info-6
tacacs-server 192.168.0.5 49
tacacs-server authorize config
tacacs-server key testsecret
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide