Re: No username in request for TACACS+ authentication

r.yard · ‎01-15-2004

I have a 3640 with an NM-16AM (analog modem module). I'm trying to get the dial-in users to authenticate with the Windows Domain Controller via a TACACS+ server (SecureACS 3.2). When the user tries to connect, they get "Error 734: The PPP link control protocol was terminated." The router debug shows "No username in request".

Script and debug follow. This is in a lab, so I can experiment. I'm new to both AAA and SecureACS, so even simple suggestions are appreciated.

version 12.2

service timestamps debug datetime

service timestamps log datetime

service password-encryption

!

hostname ACS3640

!

boot system flash

aaa new-model

aaa authentication login default group tacacs+

aaa authentication login no_tacacs enable

aaa authentication login TELVTY enable

aaa authentication ppp default if-needed group tacacs+

aaa authorization exec default none

aaa authorization network default group tacacs+

aaa accounting exec default start-stop group tacacs+

aaa accounting network default start-stop group tacacs+

enable secret 5 xxxxxxxxxxxxxxx

!

username xxx password 7 xxxxxxxxxxxxx

ip subnet-zero

!

ip audit notify log

ip audit po max-events 100

ip address-pool local

!

call rsvp-sync

!

interface Ethernet2/0

no ip address

shutdown

half-duplex

!

interface Ethernet2/1

no ip address

shutdown

half-duplex

!

interface Ethernet2/2

ip address 192.168.3.124 255.255.255.0

half-duplex

!

interface Ethernet2/3

no ip address

shutdown

half-duplex

!

interface Group-Async2

no ip address

encapsulation ppp

async mode interactive

group-range 33 48

!

ip local pool pool1 192.168.12.1 192.168.12.16

ip classless

ip http server

!

tacacs-server host 192.168.3.70 single-connection key xxxxxxxx

tacacs-server directed-request

!

dial-peer cor custom

!

line con 0

login authentication no_tacacs

line 33 48

flush-at-activation

modem Dialin

modem autoconfigure discovery

autoselect during-login

autoselect ppp

flowcontrol hardware

line aux 0

line vty 0 4

password 7 xxxxxxxx

login authentication TELVTY

transport input telnet

!

end

*Mar 1 01:03:02: Call Handle failed for Modem 1/11

*Mar 1 01:03:02: AAA: parse name=tty44 idb type=10 tty=44

*Mar 1 01:03:02: AAA: name=tty44 flags=0x11 type=4 shelf=0 slot=0 adapter=0 por

t=44 channel=0

*Mar 1 01:03:02: AAA/MEMORY: create_user (0x625601C4) user='NULL' ruser='NULL'

ds0=-1 port='tty44' rem_addr='async' authen_type=ASCII service=LOGIN priv=1 init

ial_task_id='0'

*Mar 1 01:03:02: AAA/AUTHEN/START (1507728324): port='tty44' list='' action=LOG

IN service=LOGIN

*Mar 1 01:03:02: AAA/AUTHEN/START (1507728324): using "default" list

*Mar 1 01:03:02: AAA/AUTHEN/START (1507728324): Method=tacacs+ (tacacs+)

*Mar 1 01:03:02: TAC+: send AUTHEN/START packet ver=192 id=1507728324

*Mar 1 01:03:02: TAC+: ver=192 id=1507728324 received AUTHEN status = GETUSER

*Mar 1 01:03:02: AAA/AUTHEN (1507728324): status = GETUSER

*Mar 1 01:03:04: AAA/AUTHEN/ABORT: (1507728324) because Autoselected.

*Mar 1 01:03:04: TAC+: send abort reason=Autoselected

*Mar 1 01:03:04: AAA/AUTHEN/ABORT: (1507728324) because Autoselected.

*Mar 1 01:03:04: TAC+: send abort reason=Autoselected

*Mar 1 01:03:04: AAA/MEMORY: free_user_quiet (0x625601C4) user='NULL' ruser='NU

LL' port='tty44' rem_addr='async' authen_type=1 service=1 priv=1

*Mar 1 01:03:07: %LINK-3-UPDOWN: Interface Async44, changed state to up

*Mar 1 01:03:07: As44 PPP: Using modem call direction

*Mar 1 01:03:07: As44 PPP: Treating connection as a callin

*Mar 1 01:03:07: As44 AAA/AUTHOR/FSM: (0): LCP succeeds trivially

*Mar 1 01:03:07: AAA: parse name=Async44 idb type=10 tty=44

*Mar 1 01:03:07: AAA: name=Async44 flags=0x11 type=4 shelf=0 slot=0 adapter=0 p

ort=44 channel=0

*Mar 1 01:03:07: AAA/MEMORY: create_user (0x62544678) user='NULL' ruser='NULL'

ds0=-1 port='Async44' rem_addr='async' authen_type=NONE service=PPP priv=1 initi

al_task_id='0'

*Mar 1 01:03:07: As44 AAA/AUTHOR/LCP: Authorize LCP

*Mar 1 01:03:07: As44 AAA/AUTHOR/LCP (1575802302): Port='Async44' list='' servi

ce=NET

*Mar 1 01:03:07: AAA/AUTHOR/LCP: As44 (1575802302) user=''

*Mar 1 01:03:07: As44 AAA/AUTHOR/LCP (1575802302): send AV service=ppp

*Mar 1 01:03:07: As44 AAA/AUTHOR/LCP (1575802302): send AV protocol=lcp

*Mar 1 01:03:07: As44 AAA/AUTHOR/LCP (1575802302): found list "default"

*Mar 1 01:03:07: As44 AAA/AUTHOR/LCP (1575802302): Method=tacacs+ (tacacs+)

*Mar 1 01:03:07: %AAA/AUTHOR/TAC+: (1575802302): no username in request

*Mar 1 01:03:07: AAA/AUTHOR/TAC+: (1575802302): send AV service=ppp

*Mar 1 01:03:07: AAA/AUTHOR/TAC+: (1575802302): send AV protocol=lcp

*Mar 1 01:03:08: TAC+: (1575802302): received author response status = FAIL

*Mar 1 01:03:08: As44 AAA/AUTHOR (1575802302): Post authorization status = FAIL

*Mar 1 01:03:08: As44 AAA/AUTHOR/LCP: Denied

*Mar 1 01:03:08: As44 AUTH: Started process 0 pid 96

*Mar 1 01:03:11: %LINK-5-CHANGED: Interface Async44, changed state to reset

*Mar 1 01:03:11: AAA/MEMORY: free_user (0x62544678) user='NULL' ruser='NULL' po

rt='Async44' rem_addr='async' authen_type=NONE service=PPP priv=1

*Mar 1 01:03:16: %LINK-3-UPDOWN: Interface Async44, changed state to down

umedryk · ‎01-21-2004

Any ppp settings defect? check the ppp settings and make sure that under ppp settings negotiate multi-link for single link connections is not checked. Unchecking should resolve the issue.

r.yard · ‎03-10-2004

Which screen is this selection on? I looked at CiscoSecure ACS --> Interface Configuration --> TACACS+ Services menu and have the following selected for both user and group: PPP IP, PPP LCP, SLIP. "PPP Multilink" is not selected. I also have "Advanced TACACS Features" selected on the menu below.