Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4777
Views
0
Helpful
3
Replies

AAA Authorization not working -

khwajanusrat
Level 1
Level 1

‎02-15-2010 08:44 AM - edited ‎03-10-2019 04:57 PM

I have a very strange problem. I set up tacacs on two Nexus 5000 switches with exactly the same tacacs, aaa config (see below). N01 is working fine but N02 has problems in Authorization. I am able to authenticate into N02 but can use only a few commands, whereas N01 has the full set of commands available.

I see error messages in the log (see bottom).

ked1.dcacc.n02(config)# ?

end Go to exec mode

exit Exit from command interpreter

no Negate a command or set its defaults

username Configure user information.

ked1.dcacc.n02# sho run aaa

version 4.1(3)N2(1)

aaa authentication login default group tacacs local

aaa authorization config-commands default group tacacs local

aaa authorization commands default group tacacs local

aaa accounting default group tacacs local

aaa authentication login error-enable

ked1.dcacc.n02# sho run tacacs

version 4.1(3)N2(1)

feature tacacs+

tacacs-server host 167.54.254.113 key 7 .....

ip tacacs source-interface Vlan2

aaa group server tacacs+ tacacs

server 167.54.254.113

source-interface Vlan2

- Comparing CONFIG with ked1.dcacc.n01:

ked1.dcacc.n01# sho run tacacs

version 4.1(3)N2(1)

feature tacacs+

tacacs-server host 167.54.254.113 key 7 .....

ip tacacs source-interface Vlan2

aaa group server tacacs+ tacacs

server 167.54.254.113

source-interface Vlan2

ked1.dcacc.n01# sho run aaa

version 4.1(3)N2(1)

aaa authentication login default group tacacs local

aaa authorization config-commands default group tacacs local

aaa authorization commands default group tacacs local

aaa accounting default group tacacs local

aaa authentication login error-enable

ked1.dcacc.n02# sho log last 10

2010 Feb 12 13:55:13.697 ked1.dcacc.n02 %TACACS-3-TACACS_ERROR_MESSAGE: All servers failed to respond

2010 Feb 12 13:56:14.975 ked1.dcacc.n02 %TACACS-3-TACACS_ERROR_MESSAGE: All servers failed to respond

2010 Feb 12 13:56:14.975 ked1.dcacc.n02 %VSHD-5-VSHD_SYSLOG_CONFIG_I: Configured from vty by khwajan on 167.54.254.2@pt

s/0

2010 Feb 12 13:56:14.987 ked1.dcacc.n02 9836]: CLIC-6-EXIT_CONFIG: Configured from 0 by systest

2010 Feb 12 13:56:15.087 ked1.dcacc.n02 snmpd: snmpd: send_trap: Failure in sendto (No route to host)

2010 Feb 12 13:56:15.088 ked1.dcacc.n02 snmpd: snmpd: send_trap: Failure in sendto (No route to host)

2010 Feb 12 13:56:15.088 ked1.dcacc.n02 snmpd: NETWORK- UNREACHABLE

2010 Feb 12 14:01:22.771 ked1.dcacc.n02 %TACACS-3-TACACS_ERROR_MESSAGE: All servers failed to respond

2010 Feb 12 14:01:34 ked1.dcacc.n02 %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication failed for user admin from 172.19.1.

3 - login[9969]

2010 Feb 12 14:01:50.349 ked1.dcacc.n02 %TACACS-3-TACACS_ERROR_MESSAGE: All servers failed to respond

2. Both N01 and N02 have the following message logged frequently,

%TACACS-3-TACACS_ERROR_MESSAGE: All servers failed to respond

3. Our tacacs server is V3.0

Labels:
0 Helpful
3 Replies 3

Ganesh Hariharan
VIP Alumni
VIP Alumni

‎02-16-2010 12:20 AM

Hi,

As per the logs if request is going to TACAS server and TACAS server is failed to respond mean check the services of tacas services in tacas server are flaaping or check the connectivity of tacas server from switches they are reachable or not.

hope to help

Ganesh.H

0 Helpful

Jasper van Nederpelt
Level 1
Level 1

‎06-25-2010 03:05 AM

Hi Nusrat,

Did you found a solution for this problem?

We are having the same issue with the Nexus 5000 concerning Authorization.

Regards,

Jasper

0 Helpful

khwajanusrat
Level 1
Level 1
In response to Jasper van Nederpelt

‎06-25-2010 06:29 AM

no response so far.

0 Helpful
Customers Also Viewed These Support Documents