03-27-2004 08:26 AM - edited 03-02-2019 02:35 PM
I have RME 3.5 and a RADTAC tacacs server.
I have created an acct =cw2k on radtac and set up the attributes in RME using the appropriate tacacs acct info.
when I run the check device attributes applet, the value of INCORRECT is returned in the TACACS field. I have checked this several times to ensure that the username and password are correct when setting the attributes.
I am successfull at logging into the router when I telnet to the device using the cw2k account created in TACACS. so, I know that Authentcation is working.
the following is my config on the router.
( basic standard stuff )
aaa new-model
aaa authentication login admin group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
enable secret 5 <removed>
line vty 0 4
session-timeout 5
access-class 1 in
exec-timeout 15 0
password 7 <removed>
logging synchronous
login authentication admin
transport input telnet
I dont know why RME is returning an value of INCORRECT when I know that it is indeed correct!
Frustrated Net Man,
03-29-2004 10:15 AM
I have the same problem, but only with 4006's running 7.6(5) code. I know this doesn't help much but I need to open a TAC case for this one!
Good Luck!
03-31-2004 04:47 AM
Just as I suspected, TAC says I need to upgrade to 7.6(6).
Have not tested yet but here is the bug for my problem: CSCed45576.
Hope this helps, Good Luck!
04-02-2004 07:45 AM
did the OS upgrade fix your problem?
I have a solution that may be of interest to you if not.
does the prompt for your 4006's differ from the rest of the network?
Tacacs may expect to see username: but your prompt may be username : (space after the colon). to resolve this
look for a file called "tacacsprompts.ini" open it and see if your 4006 prompt is listed in the expected prompt list.
hope this helps
Todd Martin
04-02-2004 11:51 AM
Thanks Todd,
Haven't had a chance to do an upgrade yet, maybe this weekend. I did see the fix you mentioned somewhere before. May need to use it because we can't upgrade some of the switches for a long period of time. Also are you aware of what is broken in your server when the Tacacs logins don't work? Mine seems to be working for most reports and tasks.
Thanks again.
04-13-2004 05:22 AM
Hi Todd,
Finally upgraded code and tested. The new code does fix the problem for us. But your other suggestion is probably better for high availability/Data center switches.
Did you fix your problem that way?
Thanks
04-19-2004 07:00 AM
This piece of Ciscoworks had never been very good and
this problem used to frustrate me to no end in the past. Now, I just ignore it. Cisco is going to have to address in later ( hopefully not too much later ) versions. They have a reason why we see this "error". Here is the relevant text from the help for that page:
Incorrect
Test completed and device attribute does not match physical device for one of the following reasons:
* The device attribute setting in inventory is not correct.
* The device is unreachable or offline.
* One of the interfaces on the device is down.
Hope this helps.
05-04-2004 10:09 AM
Hi,
I have the same problem,
I have upgraded my Catalysts 6000 to 8.2 and now I have to press a key before my login banner appears. I found the Bug number in your discussion: CSCed45576.
The problem is now CiscoWorks(RME 3.5) can't access my switchs using TACACS.
I verified my password in RME/Admin/Inventory/Check device attributes, but it still says :
TACACS : INCORRECT.
Only the switchs I upgraded to 8.2 can't communicate with CW.
Is the Bug the problem ? Is there a patch in CW to fix it ?
Thanks
04-20-2004 08:36 AM
check case.
if you have insterted and deleted device several times, there maybe several instances of the device in the db.
always delete first before reimporting.
try deleting device. stop cw2k services and re-enter device. I have seen this issue twice and was able to reconcile.
if you think there are shadow instances of this device in the db contact tac to get instructions to delete devices thru dbreader.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: