09-22-2016 01:04 AM - edited 03-11-2019 12:06 AM
I setup an ACS 5.8 which the Identity Store, first authentication is the LDAP, next is Internal User. In order to test if the Internal User will kick in, we block the LDAP in the firewall. On the log, there's an error in the for the LDAP server and the, Internal User match the policy. When I SSH the router, I key in the username, then it ask for a password, suddenly hangs for a few seconds, asking again the password. As I said, the Internal User matches the policy. No error on the logs. What is the problem here? Why it's accepting the password wherein it said in the log, matched the policy?
09-22-2016 07:41 AM
Do you eventually through with the authentication or it keep asking for the password ? In the screen shot it says you matched the default rule. Run the tcpdump, use the T+ shared secret key to decrypt the traffic and look at T+ response. If you want, you can attach the capture here and send me the key in private.
~ Jatin
09-27-2016 09:46 AM
How can I send your the TCPdump and the logs? It's confidential, I don't want to post it here.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide