10-30-2007 04:24 AM - edited 03-10-2019 03:29 PM
Hi all
We are having problems with a GSS box here (ver 1.3) which we are trying to auth against ACS 4.1.
Have configured the following on the GSS
tacacs-server timeout 5
tacacs-server host xx.xx.xx.xx port 49 key blahblah
aaa authentication ssh local
config'd ACS with all the same parameters and using tac+
Now using a known working account in ACS (working against multiple other devices) I cannot log into the GSS box. ACS reports "ACS password invalid" when we know it isnt.
Have tcpdump'd the GSS and the tcp keepalives with ACS are good and reports the box as alive
Any ideas???
11-05-2007 09:52 AM
Does this happen with all the usernames or with a single one. If this happens with a single one then probably the same username is configured with two passwords. Use a different username/password combination to check this. If this happens with all usernames then reinstall ACS and try again.
11-05-2007 02:43 PM
Hi,
Yes this happens with all usernames both ACS internal and external DB accounts for the GSS.
This error is for the GSS only and the other myriad of devices work OK so a reinstall isnt going to fix this
thanks
11-19-2007 01:20 AM
Hi - I've just been testing this myself with GSS versions 2.0(2) and 1.3(2).
1.3(2) just doesn't work! I've enabled 'full' service logging on the ACS side and examined the resulting tcs.log. When 1.3(2) tries to authenticate, it seems to be padding the password. I get messages like USER_MSG_LEN=d (0xd), USER_DATA_LEN=13 (0x0) FLAGS=0x0.
However, when I log in through a working TACACS client, the USER_DATA_LEN field has a length equal to the actual password length.
Hope this helps!
Testing on 2.0(2) gets past the initial authentication but I can't manage to get authorized properly yet.
I'm getting
gss1>en
Authorization failed. Admin privilege required.
I've got priv-lvl set to 15 already so I don't see what the problem might be.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide