HI  Subeh
        

I just try to type the username and pass   of my ACS account and this error messgae appear when i type the username and pass and it can not log me in to the router although i tried by my ACS account using the console and i can log in to the router

Hi Jatin

Yes i found hits in my ACS administration log

and when i type WHO , i found only my line VTY which i make debug from it  through it and attached my debug when authenticate using AAA account

Why we are looking at tacacs administration logs? We need to check tacacs authentication logs i.e failed attempts in case we have ACS 4.x or tacacs authentication in case we have acs 5.x

From debugs I can see authentication and authorization successful.

TPLUS: Received authen response status PASS (2)

AAA/AUTHOR/EXEC(00000043): Authorization successful

I requested show run in my last post. can you please attach the same if not then please provide the below listed outputs:

show run | in aaa

show run | in tacacs

show run | beg line

Jatin Katyal


- Do rate helpful posts -

yes i saw that the authentication is done good but my status was after cuting of power to all my data center and i was able to use my aaa account before this incident smoothly , attached the requested show

The configuration looks fine. I see the vty lines are configured for line password and privilege but aaa commands shows you have local method in place.

did you try to clear the tcp session?

can you run turn on the debugs ( we don't need debug aaa accounting)

debug tacacs

debug aaa authentication

debug aaa authorization

run the below listed command with tacacs username and password.

test aaa group tacacs+ leg

Jatin Katyal


- Do rate helpful posts -

when i tried to clear TCP line vty , i got the following :

*May 22 10:12:19.463: AAA/AUTHOR: auth_need : user= 'blombank' ruser= 'HQ_VocieGW1'rem_addr= '10.30.28.1' priv= 15 list= '' AUTHOR-TYPE= 'command'

*May 22 10:12:19.463: TPLUS: Queuing AAA Accounting request 50 for processing

*May 22 10:12:19.463: TPLUS: processing accounting request id 50

*May 22 10:12:19.463: TPLUS: Sending AV task_id=297

*May 22 10:12:19.467: TPLUS: Sending AV timezone=UTC

*May 22 10:12:19.467: TPLUS: Sending AV service=shell

*May 22 10:12:19.467: TPLUS: Sending AV priv-lvl=15

*May 22 10:12:19.467: TPLUS: Sending AV cmd=clear tcp line vty 0

*May 22 10:12:19.467: TPLUS: Accounting request created for 50(blombank)

*May 22 10:12:19.467: TPLUS: using previously set server 10.7.11.112 from group tacacs+

*May 22 10:12:19.467: TPLUS(00000032)/0/NB_WAIT/78472D48: Started 5 sec timeout

*May 22 10:12:19.467: TPLUS(00000032)/0/NB_WAIT: socket event 2

*May 22 10:12:19.467: TPLUS(00000032)/0/NB_WAIT: wrote entire 126 bytes request

*May 22 10:12:19.467: TPLUS(00000032)/0/READ: socket event 1

*May 22 10:12:19.467: TPLUS(00000032)/0/READ: Would block while reading

*May 22 10:12:19.551: TPLUS(00000032)/0/READ: socket event 1

*May 22 10:12:19.551: TPLUS(00000032)/0/READ: read entire 12 header bytes (expect 5 bytes data)

*May 22 10:12:19.551: TPLUS(00000032)/0/READ: socket event 1

[confirm]

*May 22 10:12:19.551: TPLUS(00000032)/0/READ: read entire 17 bytes response

*May 22 10:12:19.551: TPLUS(00000032)/0/78472D48: Processing the reply packet

*May 22 10:12:19.551: TPLUS: Received accounting response with status PASS

[confirm]

%Clear TCP failed: line 706 doesn't exist or doesn't have TCP

and attached the debug output

the attached debugs were not captured correctly. I don't see the authentication and authorization debugs for a test.

What did you see on the router, when you ran the test command?

Jatin Katyal

- Do rate helpful posts -

the test command can not be applied on router

NOTE : some of other router which authenticate using ACS account is working but others not

kindly find attached

Could you please check ACS user/group setup and see if there is some auto-command configured?

Jatin Katyal


- Do rate helpful posts -

kindly note some other routers ,  i can login using ACS account

thank you jatin

thank you very much

really when i removed the auto command check box all is ok now with me