Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
387
Views
3
Helpful
8
Replies

LMS 2.2 and Tacacs attributes incorrect

todd.martin-02
Level 1
Level 1

‎03-27-2004 08:26 AM - edited ‎03-02-2019 02:35 PM

I have RME 3.5 and a RADTAC tacacs server.

I have created an acct =cw2k on radtac and set up the attributes in RME using the appropriate tacacs acct info.

when I run the check device attributes applet, the value of INCORRECT is returned in the TACACS field. I have checked this several times to ensure that the username and password are correct when setting the attributes.

I am successfull at logging into the router when I telnet to the device using the cw2k account created in TACACS. so, I know that Authentcation is working.

the following is my config on the router.

( basic standard stuff )

aaa new-model

aaa authentication login admin group tacacs+ local

aaa authentication enable default group tacacs+ enable

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting system default start-stop group tacacs+

enable secret 5 <removed>

line vty 0 4

session-timeout 5

access-class 1 in

exec-timeout 15 0

password 7 <removed>

logging synchronous

login authentication admin

transport input telnet

I dont know why RME is returning an value of INCORRECT when I know that it is indeed correct!

Frustrated Net Man,

Labels:
0 Helpful
8 Replies 8

b.orth
Level 1
Level 1

‎03-29-2004 10:15 AM

I have the same problem, but only with 4006's running 7.6(5) code. I know this doesn't help much but I need to open a TAC case for this one!

Good Luck!

0 Helpful

b.orth
Level 1
Level 1
In response to b.orth

‎03-31-2004 04:47 AM

Just as I suspected, TAC says I need to upgrade to 7.6(6).

Have not tested yet but here is the bug for my problem: CSCed45576.

Hope this helps, Good Luck!

0 Helpful

todd.martin-02
Level 1
Level 1
In response to b.orth

‎04-02-2004 07:45 AM

did the OS upgrade fix your problem?

I have a solution that may be of interest to you if not.

does the prompt for your 4006's differ from the rest of the network?

Tacacs may expect to see username: but your prompt may be username : (space after the colon). to resolve this

look for a file called "tacacsprompts.ini" open it and see if your 4006 prompt is listed in the expected prompt list.

hope this helps

Todd Martin

b.orth
Level 1
Level 1
In response to todd.martin-02

‎04-02-2004 11:51 AM

Thanks Todd,

Haven't had a chance to do an upgrade yet, maybe this weekend. I did see the fix you mentioned somewhere before. May need to use it because we can't upgrade some of the switches for a long period of time. Also are you aware of what is broken in your server when the Tacacs logins don't work? Mine seems to be working for most reports and tasks.

Thanks again.

0 Helpful

b.orth
Level 1
Level 1
In response to todd.martin-02

‎04-13-2004 05:22 AM

Hi Todd,

Finally upgraded code and tested. The new code does fix the problem for us. But your other suggestion is probably better for high availability/Data center switches.

Did you fix your problem that way?

Thanks

0 Helpful

vnealy
Level 1
Level 1
In response to b.orth

‎04-19-2004 07:00 AM

This piece of Ciscoworks had never been very good and

this problem used to frustrate me to no end in the past. Now, I just ignore it. Cisco is going to have to address in later ( hopefully not too much later ) versions. They have a reason why we see this "error". Here is the relevant text from the help for that page:

Incorrect

Test completed and device attribute does not match physical device for one of the following reasons:

* The device attribute setting in inventory is not correct.

* The device is unreachable or offline.

* One of the interfaces on the device is down.

Hope this helps.

0 Helpful

mlheureux
Level 1
Level 1
In response to todd.martin-02

‎05-04-2004 10:09 AM

Hi,

I have the same problem,

I have upgraded my Catalysts 6000 to 8.2 and now I have to press a key before my login banner appears. I found the Bug number in your discussion: CSCed45576.

The problem is now CiscoWorks(RME 3.5) can't access my switchs using TACACS.

I verified my password in RME/Admin/Inventory/Check device attributes, but it still says :

TACACS : INCORRECT.

Only the switchs I upgraded to 8.2 can't communicate with CW.

Is the Bug the problem ? Is there a patch in CW to fix it ?

Thanks

0 Helpful

john.sobrinho
Level 1
Level 1

‎04-20-2004 08:36 AM

check case.

if you have insterted and deleted device several times, there maybe several instances of the device in the db.

always delete first before reimporting.

try deleting device. stop cw2k services and re-enter device. I have seen this issue twice and was able to reconcile.

if you think there are shadow instances of this device in the db contact tac to get instructions to delete devices thru dbreader.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents