Re: Tacacs do not function in Nexus 5000

Sergio Arroyo · ‎08-07-2013

Dear

For some reason, the tacacs not work on my nexus 5000.

This is the settings:

feature tacacs+

logging level tacacs 5

tacacs-server key 7 "clave"

ip tacacs source-interface Vlanx

tacacs-server host x.x.x.x >>> with this host works tacacs+

tacacs-server host x.x.x.x key 7 "clave" >>> with this host does not work the tacacs+

aaa group server tacacs+ TACSERVER

server x.x.x.x

server x.x.x.x

source-interface Vlanx

!

aaa authentication login default group TACSERVER

aaa authentication login error-enable

tacacs-server directed-request

These are the tests I've done to validate the configuration without success:

Nexus# test aaa server tacacs+ x.x.x.x user pass

error authenticating to server

7

Nexus# 2013 Aug 6 12:45:38 NITE4 %TACACS-3-TACACS_ERROR_MESSAGE: received bad authentication packet from x.x.x.x

NITE4# test aaa group TACSERVER user pass

user has failed authentication

The strange thing is that the other host is configured runs smoothly.

tacacs + the application is on a linux server has the following version:

tac_plus version F5.0.0a1

The problem is very strange.

I need help.

Best regards

Sam Hertica · ‎08-07-2013

Hi Sergio,

It sounds like a shared secret mismatch between your server and the device. Since TACACS+ encrypts the entire packet, if the shared secret is off then each device recieves garble for their "communication"

I would check to make sure the shared secrets match. What could be the issue is the command

tacacs-server host x.x.x.x key 7 "clave"

the 'key 7' bit indicates that a previously hashed password will be put here. I would use the

tacacs-server host x.x.x.x key 0 clave

If clave is your shared secret.

Mohammadchowdury · ‎12-13-2022

You are awesome!.. Struggled for couple of days to figure it out and finally it worked..