Authentication error........
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-06-2012 05:48 AM - edited 03-10-2019 07:16 PM
I'm unable to login Switch.......getting follwing error...I have tried this commands on other 3560 that worked....
when I enter username & password relogging uthentication failed error occures .........This is remote site Switch..Pls help
Coreswitch1(config)#username netcheck secret 5 $1$MLGj$T8EpiRyFhQspjsIRZH8x30
Replacing <username netcheck secret 5 $1$MLGj$T8EpiRyFhQspjsIRZH8x30> with <user
name netcheck secret 5 $1$MLGj$T8EpiRyFhQspjsIRZH8x30>
ERROR: Can not have both a user password and a user secret.
Please choose one or the other.
Coreswitch1(config)#aaa new-model
Coreswitch1(config)#aaa authentication login default group tacacs+ local
Coreswitch1(config)#aaa authentication dot1x default group radius
Coreswitch1(config)#aaa authorization config-commands
Coreswitch1(config)#$c default group tacacs+ local if-authenticated
Coreswitch1(config)#aaa authorization commands 0 default group tacacs+ local
Coreswitch1(config)#aaa authorization commands 1 default group tacacs+ local
Coreswitch1(config)#$zation commands 15 default group tacacs+ local
Coreswitch1(config)#aaa accounting dot1x default start-stop group radius
% Authorization failed.
Coreswitch1(config)#aaa accounting exec default start-stop group tacacs+
% Authorization failed.
Coreswitch1(config)#$ing commands 1 default start-stop group tacacs+
% Authorization failed.
Coreswitch1(config)#$ing commands 15 default start-stop group tacacs+
% Authorization failed.
Coreswitch1(config)#aaa accounting network default start-stop group tacacs+
% Authorization failed.
Coreswitch1(config)#$ing connection default start-stop group tacacs+
% Authorization failed.
Coreswitch1(config)#aaa accounting system default start-stop group tacacs+
% Authorization failed.
Coreswitch1(config)#dot1x system-auth-control
% Authorization failed.
Coreswitch1(config)#
Coreswitch1(config)#clock timezone kolkata 5 30
% Authorization failed.
Coreswitch1(config)#
Coreswitch1(config)#no ip domain-lookup
% Authorization failed.
Coreswitch1(config)#ip domain-name kgc.kirloskar.com
% Authorization failed.
Coreswitch1(config)#ip name-server 10.3.2.101
% Authorization failed.
Coreswitch1(config)#ip name-server 10.3.2.106
% Authorization failed.
Coreswitch1(config)#
Coreswitch1(config)#ip http server
% Authorization failed.
Coreswitch1(config)#ip http authentication local
% Authorization failed.
Coreswitch1(config)#snmp-server community Axis RW
% Authorization failed.
Coreswitch1(config)#snmp-server enable traps vtp
% Authorization failed.
Coreswitch1(config)#snmp-server host 10.3.4.10 version 2c Axis
% Authorization failed.
Coreswitch1(config)#tacacs-server host 10.3.4.100
% Authorization failed.
Coreswitch1(config)#tacacs-server timeout 120
% Authorization failed.
Coreswitch1(config)#tacacs-server directed-request
% Authorization failed.
Coreswitch1(config)#tacacs-server key 7 0152472F0A392A5F74676F3B5844
% Authorization failed.
Coreswitch1(config)#$ey 7 08600D65582B294747202D366719050C6200775246
% Authorization failed.
Coreswitch1(config)#^Z
Coreswitch1#CONF T
% Authorization failed.
Coreswitch1#SH RUN
% Authorization failed.
- Labels:
-
AAA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-06-2012 02:06 PM
Santosh,
Did you previously identify the tacacs servers?
You can change the shared secret on the tacacs server and wait for the command authorization to error out and then authorize the command locally. If that doesnt work then you best bet is to reboot the switch.
thanks,
Tarik Admani

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-07-2012 01:19 AM
Make sure that your TACACS+ configuration is correct. If you have shell authorization set configured, make sure they authorize you on this device to provide the commands in configuration terminal. I think it is only a TACACS+ mis-configuration.
If the same config worked perfectly on another device, you may be providing different command authorization sets to different devices.
Check your TACACS+ configuration please.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-10-2012 04:59 AM
when i enter same commands on another switch..it gives same error...but I relogin with netcheck.....and enter other commands that not worked....
but on this switch I'm unable to login.....may be problem in following error
Coreswitch1(config)#username netcheck secret 5 $1$MLGj$T8EpiRyFhQspjsIRZH8x30
Replacing
name netcheck secret 5 $1$MLGj$T8EpiRyFhQspjsIRZH8x30>
ERROR: Can not have both a user password and a user secret.
Please choose one or the other.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-10-2012 05:19 AM
can you please elaborate a bit?
what is the command when you enter you get an error?
It seems you have username configured with a password, not a secret.
username netcheck privelege
The message simply tells you if you have the username with a configured password it will not allow you to configure a secret for same user!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-10-2012 11:01 PM
Santosh,
Please mark Amjad latest response as resolved so this can be archived as resolved.
Thanks,
Tarik Admani
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-11-2012 01:27 AM
previously on switch.....
username netcheck password 7 04550E120C29494D0259
after entering following command I got an error....
username netcheck secret 5 $1$MLGj$T8EpiRyFhQspjsIRZH8x30
when i'm tried to login....it asks username....but problem may be in passwords...
I tried both but no worked.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-11-2012 08:23 AM
If you are using tacacs then you will have to use the credentials on the tacacs server in order to get access.
thanks,
Tarik Admani
