02-12-2008 07:17 AM - edited 03-10-2019 03:39 PM
I have configured an ASA running 7.2.3 code to do authentication, authorization, and accounting to an ACS server. The authentication and command shell authorization is working fine, but it seems that the accounting portion is not.
Previously I was running ACS 4.1.1 build 23 (unpatched) and I was getting accounting messages in the TACACS+ Accounting log which showed a user and a login but no commands. When I did a 'show aaa-server TACACS' from the ASA prompt it was showing Auhtorization requests and Accounting requests and incrementing accepts properly with no rejects, but nothing was showing up in the TACACS+ Accounting or TACACS+ Administration logs (i.e. when a command was executed).
I applied 4.1.1 build 23 (patch 5) which is supposed to fix a number of issues but now I get any authorization request increments with a accept and any accounting request increments a reject. My ASA configuration is below:
aaa authentication telnet console LOCAL
aaa authentication ssh console TACACS LOCAL
aaa authentication enable console TACACS LOCAL
aaa authentication http console TACACS LOCAL
aaa authorization command TACACS LOCAL
aaa accounting enable console TACACS
aaa accounting command TACACS
Here is a snippet of the 'show aaa-server TACACS' command:
Server status: ACTIVE, Last transaction at 10:12:27 EST Tue Feb 12 2008
Number of pending requests 0
Average round trip time 20ms
Number of authentication requests 0
Number of authorization requests 16
Number of accounting requests 7
Number of retransmissions 0
Number of accepts 16
Number of rejects 7
Number of challenges 0
Number of malformed responses 0
Number of bad authenticators 0
Number of timeouts 0
Number of unrecognized responses 0
Any ideas?
02-12-2008 10:16 AM
This issue was resolved by upgrading to minor release 4.1.4 build 13 patch 5.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide