Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2455
Views
0
Helpful
7
Replies

Cisco Works, RME, Check device attributes, tacacs "incorrect

ron-gagnon
Level 1
Level 1

‎02-22-2005 09:17 AM

Cisco Works 3.5, RME, check device attributes function fails on tacacs username and password with "incorrect" when in fact the tacacs username and password are correct!! You can use them to telnet to the same device that cda just failed on. Using Cisco ACS 3.1 and have sniffer traces of failure but still cannot figure out why.

Tcekada@syseng.com

Labels:
0 Helpful
7 Replies 7

rmushtaq
Level 8
Level 8

‎02-22-2005 10:41 AM

RME have several bugs on Check Device Attribute feature. The best way to do an Export to File and then see if the credentials show as correct or else

0 Helpful

tcekada
Level 1
Level 1
In response to rmushtaq

‎02-22-2005 11:09 AM

I have already done the export and the tacacs username and password matches fine. I think it has something to do with the script that RME executes to do a telnet to a device when you do a check device attribute. The trace seems to indicate that there is some miscommunication between the values that the cw2000 server is sending to the router and thus get sent to the tacacs server. Do you know the perl script file name that the RME would use to execute a Check Device Attribute function. Maybe there is some timer in the there or extraneous value that cw2000 is sending to the tacacs server??

Thanks,

Tony

0 Helpful

steve.busby
Level 5
Level 5
In response to tcekada

‎02-22-2005 11:39 AM

What do your CSACS logs show? Check the Failed Attempts and/or Passed Authentications. Perhaps there are access limitations on the CW2K CSACS user account?

HTH

Steve

0 Helpful

georg.tresselt
Level 1
Level 1

‎02-22-2005 11:52 PM

I've seen that behaviour. It sometimes helps to enter tacacs username/password also in the fields for local user/pw. It is stupid that the CDA then shows these values as correct, but at least it works.

0 Helpful

tcekada
Level 1
Level 1
In response to georg.tresselt

‎02-23-2005 05:43 AM

Thanks Georg. I will try that. Also, having another issue with a process called "sm_server" which apparently is part of Device Fault Manager. For reasons unknown that process will spike the processor to 100% for hours on end bringing the system to a crawl. Have you ever seen this before?? If not, no need to respond.

Again thanks,

Tony

0 Helpful

bbo
Level 1
Level 1
In response to tcekada

‎04-07-2005 09:07 AM

another problem might be the login-prompt. older ios sometime prompt with username : and password : instead of username: and password: (watch the spaces)..

in lms < 2.5 you can troubleshoot this with adjusting [$nmsroot]/objects/cmf/data/TacacsPrompts.ini , but with LMS 2.5 this doesn't work anymore. If anyone knows the new workaround, please let me know....

see also: http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=Network%20Management&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1dd60eb1

0 Helpful

getwithrob
Level 3
Level 3
In response to bbo

‎04-07-2005 01:51 PM

I had the same problem. I corrected it by doing a check device attributes on the nodes with DA errors.

0 Helpful
Customers Also Viewed These Support Documents