09-02-2009 06:18 AM - edited 03-10-2019 04:40 PM
Hi All,
I just setup my ACS server for Windows. It running software version 4.1. I having problems authenticating. I have my AAA Clients setup in the ACS gui use tacacs to authenticate. I the switch key and ACS server keys matching. I have users setup. Here is my AAA config on the switch..
aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
Here is the debug info on tacacs
183757: Sep 2 10:14:22.131 edt: TAC+: send AUTHEN/START packet ver=192 id=2789804961
183758: Sep 2 10:14:22.131 edt: TAC+: Using default tacacs server-group "tacacs+" list.
183759: Sep 2 10:14:22.131 edt: TAC+: Opening TCP/IP to 10.11.8.200/49 timeout=5
183760: Sep 2 10:14:22.135 edt: TAC+: Opened TCP/IP handle 0x80E767B8 to 10.11.8.200/49
183761: Sep 2 10:14:22.135 edt: TAC+: 10.11.8.200 (2789804961) AUTHEN/START/LOGIN/ASCII queued
183762: Sep 2 10:14:22.335 edt: TAC+: (2789804961) AUTHEN/START/LOGIN/ASCII processed
183763: Sep 2 10:14:22.335 edt: TAC+: received bad AUTHEN packet: length = 6, expected 128683
WC2950-12#
183764: Sep 2 10:14:22.335 edt: TAC+: Invalid AUTHEN/START/LOGIN/ASCII packet (check keys).
183765: Sep 2 10:14:22.335 edt: TAC+: Closing TCP/IP 0x80E767B8 connection to 10.11.8.200/49
183766: Sep 2 10:14:22.339 edt: TAC+: Using default tacacs server-group "tacacs+" list.
183767: Sep 2 10:14:22.339 edt: SSH1: password authentication failed for wcromwell
I have same keys on the AAA server as I do on my switch..
Thanks
Solved! Go to Solution.
09-02-2009 06:59 AM
Please check the NDG secret key and aaa client key. NDG override aaa client key.
Make sure you have correct key in NDG>
Regards,
~JG
Do rate helpful posts
09-02-2009 06:59 AM
Please check the NDG secret key and aaa client key. NDG override aaa client key.
Make sure you have correct key in NDG>
Regards,
~JG
Do rate helpful posts
09-02-2009 08:11 AM
That all set! thanks... I have accounting questioned. I set accounting for commands in the switch . Were do I view the report in ACS? In the Report and Activity I don't see the report for commands. I click on Tacacs+ Accounting but that report doesn't have any of the commands that I have used. If I debug AAA i do see AAA recording the commands.
09-02-2009 08:18 AM
Here are the command you need on IOS
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 aaa-list start-stop group tacacs+
aaa accounting commands 15 aaa-list start-stop group tacacs+
These logs are stored in tacacs administration report, so make sure you are checking the correct head.
Still it is not working then check acs code. Incase it is 4.1.1 then you need to apply patch 5 to fix it.
To download patch for appliance,
http://www.cisco.com/cgi-bin/tablebuild.pl/acs-soleng-3des
For windows
http://www.cisco.com/cgi-bin/tablebuild.pl/acs-win-3des
Regards,
~JG
Do rate helpful posts
09-02-2009 09:30 AM
Thanks, Thanks worked!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide