Hi Experts,

We've Cisco ASA firewalls being authenticated and authorized by the Cisco ACS (5.8 Patch 10) for the TACACS users. We've Local/Internal users to ACS configured and I'm noticing an issue when the Internal user is unable to authenticate using the secondary ACS. Both the ACS is in cluster and this is specific to a user.

Other Local users and AD users are able to authenticate with the firewall successfully. This is working perfectly working when authenticating with the primary ACS using the same username/password. I've tested this behavior with the test aaa-server command and I enter the correct username/password.

Below debug logs for that specific user from the firewall when connecting with the secondary ACS.

Please assist?

INFO: Attempting Authentication test to IP address (10.0.0.10) (timeout: 10 seconds)
mk_pkt - type: 0x1, session_id: 2147483655
user: username
Tacacs packet sent
Sending TACACS Start message. Session id: 2147483655, seq no:1
Received TACACS packet. Session id:379906433 seq no:2
tacp_procpkt_authen: GETPASS
mk_pkt - type: 0x1, session_id: 2147483655
mkpkt_continue - response: ***
Tacacs packet sent
Sending TACACS Continue message. Session id: 2147483655, seq no:3
Received TACACS packet. Session id:379906433 seq no:4
tacp_procpkt_authen: FAIL
TACACS Session finished. Session id: 2147483655, seq no: 3

++++++

INFO: Attempting Authentication test to IP address (10.0.0.10) (timeout: 10 seconds)
ERROR: Authentication Rejected: Unspecified