How can I configure MS ACS 4.1.1.23 to allow Linux TACACS authentication

hunterdl10 · ‎09-21-2011

I am running ACS 4.1.1.23 on a Microsoft server and I am trying to get TACACS to work with two Linux servers. The servers are capable of TACACS, are using port 49 and have the correct shared secret. I believe I do not have the devices configured properly on the ACS side. These 2 servers currently are using RADIUS and we are getting bit by the bug where the ACS application will start rejecting RADIUS authentication requests but still accept TACACS requests. Any help would be greatlly appreciated.

Regards,

-Hunter

Javier Henderson · ‎09-23-2011

You need to define the Linux systems to be AAA clients on ACS using TACACS+. Go to the Network Configuration page, select each of the Linux servers and change their authentication protocol to TACACS+.

hunterdl10 · ‎09-23-2011

I already did that. It is a Red hat 5 Server Enterprise. In etc/services it has port 49 as both udp and tcp. There is nothing in the ACS log, despite the fact that it can communicate with the box.

Javier Henderson · ‎09-23-2011

The steps I detailed earlier are to be executed on ACS, not the Linux boxes.

hunterdl10 · ‎09-23-2011

That is where I did it.

Javier Henderson · ‎09-23-2011

Then I would set the log level detail to full (System Configuration -> Service Control), reproduce the problem, and then look in the auth.log and tcs.log files for clues. You may also want to run tcpdump on the Linux boxes to see the traffic between them and ACS.

hunterdl10 · ‎09-23-2011

Here was the problem. The NGD group is configured fro RADIUS and that over rides TACACS+. I made the shared secret the same as the Radius one and now it works. Thanks for your replies.

Regards,

-Hunter