Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2241
Views
0
Helpful
6
Replies

TACACS+ Server not logging events.

nos
Level 1
Level 1

‎03-09-2005 11:57 AM - edited ‎03-10-2019 02:02 PM

Hi all,

I am having an issue with the tacacs+ server not logging login requests or commands entered. I am running the tac_plus.F4.0.4.alpha release that cisco provides for free on a mandrake 10.1 linux box. I am able to use the server to authenticate logins to the routers but it is not logging those requests.

Here is the config I used on one of our routers.

aaa group server tacacs+ prego

server xxx.xxx.xxx.xxx

!

aaa authentication login default group tacacs+ enable

aaa authentication enable default group tacacs+ enable

aaa accounting exec default start-stop group prego

aaa accounting commands 15 default start-stop group tacacs+

aaa session-id common

ip subnet-zero

Also here is a sh verion

Cisco Internetwork Operating System Software

IOS (tm) 3700 Software (C3725-IS-M), Version 12.2(15)ZJ3, EARLY DEPLOYMENT RELEASE SOFTWARE (fc2)

TAC Support: http://www.cisco.com/tac

Copyright (c) 1986-2003 by cisco Systems, Inc.

Compiled Thu 25-Sep-03 22:23 by eaarmas

Image text-base: 0x60008954, data-base: 0x61C2C000

ROM: System Bootstrap, Version 12.2(8r)T2, RELEASE SOFTWARE (fc1)

ROM: 3700 Software (C3725-I-M), Version 12.2(8)T10, RELEASE SOFTWARE (fc1)

PRVGW3725 uptime is 10 weeks, 1 day, 7 hours, 35 minutes

System returned to ROM by power-on

System image file is "flash:c3725-is-mz.122-15.ZJ3.bin"

cisco 3725 (R7000) processor (revision 0.1) with 121856K/9216K bytes of memory.

Processor board ID JMX0749L1XC

R7000 CPU at 240Mhz, Implementation 39, Rev 3.3, 256KB L2 Cache

Bridging software.

X.25 software, Version 3.0.0.

SuperLAT software (copyright 1990 by Meridian Technology Corp).

2 FastEthernet/IEEE 802.3 interface(s)

2 Serial network interface(s)

DRAM configuration is 64 bits wide with parity disabled.

55K bytes of non-volatile configuration memory.

31360K bytes of ATA System CompactFlash (Read/Write)

Configuration register is 0x2102

Any help would be great.

Thank you

Joseph Jackson

Labels:
0 Helpful
6 Replies 6

dbshah2000
Level 1
Level 1

‎03-09-2005 09:07 PM

you need to enable aaa authorisation on the router ( ios ) device

for e.g you want to log level 15 cmds then it would be like this

aaa authorisation commands level 15 default group tacacs+ if-authenticated

explore the Cisco IOS aaa authorisation cmds a little more & you will know what to do

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to dbshah2000

‎03-10-2005 06:45 AM

I do not configure my routers with aaa authorization commands level 15 and my routers are reporting (accounting) level 15 commands just fine. So I disagree that this is required to get the results that he wants.

I notice in the original config that the accounting exec uses group prego while the authentication uses group tacacs+. I am not sure if there is an issue with the group prego but I would suggest changing the config for accounting to use group tacacs+ and see what happens.

HTH

Rick

HTH

Rick
0 Helpful

nos
Level 1
Level 1
In response to Richard Burts

‎03-10-2005 09:02 AM

Thank you both for replying to my post. I have entered what you both said but still no luck. Here is the updated config file showing the aaa stuff

aaa authentication login default group tacacs+ enable

aaa authentication enable default group tacacs+ enable

aaa authorization exec default group tacacs+ if-authenticated

aaa authorization commands 15 default group tacacs+ if-authenticated

aaa accounting exec default start-stop group tacacs+

aaa session-id common

ip subnet-zero

If you guys can think of anything else I'll give it a try.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to nos

‎03-10-2005 09:59 AM

If you are able to authenticate via TACACS I would believe that this indicates that there is not a problem with your configuration of the TACACS server(s) (addresses are correct, keys are correct, etc) and that the TACACS server recognizes the router ok.

So I assume that either there is some problem on the router generating the accounting records. Or that there might be a problem on the server and receiving and processing the accounting records.

As a next step in investigating this issue I suggest that you run two debugs on the router:

debug aaa accounting

debug tacacs accounting

While the debug is running have someone access the router and login, access privilege mode, and execute several commands. Then post any debug output.

HTH

Rick

HTH

Rick
0 Helpful

nos
Level 1
Level 1
In response to Richard Burts

‎03-10-2005 10:59 AM

Rick,

I did both of those commands and then logged into the router from another crt term and did not see any debug msgs.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to nos

‎03-10-2005 01:24 PM

How are you looking for the debug messages? (are you logging to logging buffered debug and then using the show log command, or are you logged on somewhere with terminal monitor enabled while the testing activity takes place?)

Please do the test again and this time add another debug: debug tacacs authentication

That should generate some debug output. If we see the authentication output but no accounting output then there is a problem that the router is not generating accounting. If the authentication does not produce output then we have to look more carefully at where the output is going and how to find it.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents