Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
537
Views
0
Helpful
1
Replies

Could not login to N9K via TACACS

Lin Ma
Level 1
Level 1

‎01-29-2016 04:44 AM

The problem is when configure the TACACS for N9K, the TACACS user could only login successful for the first time only. Then all attemps will failure per the log:

 

2016 Jan 29 01:51:39 HOSTNAME%AUTHPRIV-6-SYSTEM_MSG: START: ssh pid=13840 from=::ffff:10.25.158.105 - dcos-xinetd[7165]
2016 Jan 29 01:51:39 HOSTNAME%AUTH-6-SYSTEM_MSG: Could not load host key:  /isan/etc/ssh_host_dsa_key - sshd[13840]
2016 Jan 29 01:51:57 HOSTNAME%DAEMON-3-SYSTEM_MSG: Unable to create temporary user 1473165. Error 0x404a000a usermod: group '1473165' does not exist (10066
3296) - sshd[13840]
2016 Jan 29 01:51:57 HOSTNAME%AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication failed for user 1473165 from 10.25.158.105 - sshd[13840]
2016 Jan 29 01:51:57HOSTNAME%AUTHPRIV-5-SYSTEM_MSG: Login failed for user 1473165 - sshd[13840]
2016 Jan 29 01:51:57 HOSTNAME %DAEMON-6-SYSTEM_MSG: Failed password for 1473165 from 10.25.158.105 port 54733 ssh2 - sshd[13840]

 

Users could login other devices via TACACS ID, and password are confirmed correct.  And when we show user-account on N9K, it shows:

 

user:1473165
        roles:vdc-operator
account created through REMOTE authentication
Credentials such as ssh server key will be cached temporarily only for this user account
Local login not possible

 

Could we remove the cache users from devices ? And how could set auto clear when user logoff ?

Labels:
0 Helpful
1 Reply 1

Lin Ma
Level 1
Level 1

‎01-29-2016 04:52 AM

What's the default timeout for cache user ?

0 Helpful
Customers Also Viewed These Support Documents