08-26-2014 08:11 AM - edited 03-10-2019 09:58 PM
Hey guys,
Wonder if you guys can assist me in troubleshooting a Tacacs/ AAA issue.
Cisco ACS 5.3 server decided to blow up and corrupt itself on the weekend. However, I managed to build it up again with most of the configurations.
I'm having trouble getting pass privilege mode on the switches and routers.
I can authenticate using my Active directory account username and password fine but when I issue commands I get Command Authorization Failed:
Welcome any thoughts!
** Tacacs was working before the server blew up! I suspect I've missed something on the ACS GUI setup**
Attached debug tacacs
=====================
username:
Aug 26 12:39:14.142: TPLUS: Queuing AAA Authentication request 4950 for processing
Aug 26 12:39:14.142: TPLUS(00001356) login timer started 1020 sec timeout
Aug 26 12:39:14.142: TPLUS: processing authentication start request id 4950
Aug 26 12:39:14.143: TPLUS: Authentication start packet created for 4950()
Aug 26 12:39:14.143: TPLUS: Using server 192.168.x.x
Aug 26 12:39:14.148: TPLUS(00001356)/0/NB_WAIT/3A72C8D0: Started 5 sec timeout
Aug 26 12:39:14.150: TPLUS(00001356)/0/NB_WAIT: socket event
username: 2
Aug 26 12:39:14.151: TPLUS(00001356)/0/NB_WAIT: wrote entire 29 bytes request
Aug 26 12:39:14.151: TPLUS(00001356)/0/READ: socket event 1
Aug 26 12:39:14.151: TPLUS(00001356)/0/READ: Would block while reading
Aug 26 12:39:14.155: TPLUS(00001356)/0/READ: socket event 1
Aug 26 12:39:14.155: TPLUS(00001356)/0/READ: read entire 12 header bytes (expect 16 bytes data)
Aug 26 12:39:14.155: TPLUS(00001356)/0/READ: socket event 1
Aug 26 12:39:14.155: TPLUS(00001356)/0/READ: read entire 28 bytes response
username: Aug 26 12:39:14.155: TPLUS(00001356)/0/3A72C8D0: Processing the reply packet
Aug 26 12:39:14.155: TPLUS: Received authen response status GET_USER (7)
username: USER55
password:
Aug 26 12:39:23.813: TPLUS: Queuing AAA Authentication request 4950 for processing
Aug 26 12:39:23.813: TPLUS(00001356) login timer started 1020 sec timeout
Aug 26 12:39:23.813: TPLUS: processing authentication continue request id 4950
Aug 26 12:39:23.813: TPLUS: Authentication continue packet generated for 4950
Aug 26 12:39:23.813: TPLUS(00001356)/0/WRITE/3A72C8D0: Started 5 sec timeout
Aug 26 12:39:23.814: TPLUS(00001356)/0/WRITE: wrote entire 28 bytes request
Aug 26 12:39:25.077: TPLUS(00001356)/0/READ: socket event 1
Aug 26 12:39:25.077: TPLUS(00001356)/0/READ: read entire 12 header bytes (expect 16 bytes data)
Aug 26 12:39:25.077: TPLUS(00001356)/0/READ: socket event 1
Aug 26 12:39:25.077: TPLUS(00001356)/0/READ: read entire 28 bytes response
Aug 26 12:39:25.077: TPLUS(00001356)/0/3A72C8D0: Processing the reply packet
Aug 26 12:39:25.077: TPLUS: Received authen response status GET_PASSWORD (8)
Aug 26 12:39:33.670: TPLUS: Queuing AAA Authentication request 4950 for processing
Aug 26 12:39:33.671: TPLUS(00001356) login timer started 1020 sec timeout
Aug 26 12:39:33.671: TPLUS: processing authentication continue request id 4950
Aug 26 12:39:33.671: TPLUS: Authentication continue packet generated for 4950
Aug 26 12:39:33.671: TPLUS(00001356)/0/WRITE/3AB36584: Started 5 sec timeout
Aug 26 12:39:33.671: TPLUS(00001356)/0/WRITE: wrote entire 31 bytes request
Aug 26 12:39:33.953: TPLUS(00001356)/0/READ: socket event 1
Aug 26 12:39:33.953: TPLUS(00001356)/0/READ: read entire 12 header bytes (expect 6 bytes data)
Aug 26 12:39:33.953: TPLUS(00001356)/0/READ: socket event 1
Aug 26 12:39:33.953: TPLUS(00001356)/0/READ: read entire 18 bytes response
Aug 26 12:39:33.953: TPLUS(00001356)/0/3AB36584: Processing the reply packet
Aug 26 12:39:33.953: TPLUS: Received authen response status PASS (2)
Aug 26 12:39:33.954: TPLUS: Queuing AAA Authorization request 4950 for processing
Aug 26 12:39:33.954: TPLUS(00001356) login timer started 1020 sec timeout
Aug 26 12:39:33.954: TPLUS: processing authorization request id 4950
Aug 26 12:39:33.954: TPLUS: Protocol set to None .....Skipping
Aug 26 12:39:33.954: TPLUS: Sending AV service=shell
Aug 26 12:39:33.954: TPLUS: Sending AV cmd*
Aug 26 12:39:33.954: TPLUS: Authorization request created for 4950(USER55)
Aug 26 12:39:33.955: TPLUS: using previously set server 192.168.x.x from group tacacs+
Aug 26 12:39:33.960: TPLUS(00001356)/0/NB_WAIT/3AB36584: Started 5 sec timeout
Aug 26 12:39:33.962: TPLUS(00001356)/0/NB_WAIT: socket event 2
Aug 26 12:39:33.962: TPLUS(00001356)/0/NB_WAIT: wrote entire 59 bytes request
Aug 26 12:39:33.962: TPLUS(00001356)/0/READ: socket event 1
Aug 26 12:39:33.962: TPLUS(00001356)/0/READ: Would block while reading
Aug 26 12:39:34.098: TPLUS(00001356)/0/READ: socket event 1
Aug 26 12:39:34.098: TPLUS(00001356)/0/READ: read entire 12 header bytes (expect 18 bytes data)
Aug 26 12:39:34.098: TPLUS(00001356)/0/READ: socket event 1
Aug 26 12:39:34.098: TPLUS(00001356)/0/READ: read entire 30 bytes response
Aug 26 12:39:34.098: TPLUS(00001356)/0/3AB36584: Processing the reply packet
Aug 26 12:39:34.099: TPLUS: Processed AV priv-lvl=15
Aug 26 12:39:34.099: TPLUS: received authorization response for 4950: PASS
Aug 26 12:39:34.100: TPLUS: Queuing AAA Accounting request 4950 for processing
Aug 26 12:39:34.100: TPLUS: processing accounting request id 4950
Aug 26 12:39:34.100: TPLUS: Sending AV task_id=7145
Aug 26 12:39:34.
100: TPLUS: Sending AV timezone=GMT
Aug 26 12:39:34.100: TPLUS: Sending AV service=shell
Aug 26 12:39:34.100: TPLUS: Sending AV start_time=1409056774
Aug 26 12:39:34.100: TPLUS: Accounting request created for 4950(USER55)
Aug 26 12:39:34.100: TPLUS: using previously set server 192.168.x.x from group tacacs+
Aug 26 12:39:34.106: TPLUS(00001356)/0/NB_WAIT/3A72C8D0: Started 5 sec timeout
Aug 26 12:39:34.108: TPLUS(00001356)/0/NB_WAIT: socket event 2
Aug 26 12:39:34.108: TPLUS(00001356)/0/NB_WAIT: wrote entire 103 bytes request
Aug 26 12:39:34.108: TPLUS(00001356)/0/READ: socket event 1
Aug 26 12:39:34.108: TPLUS(00001356)/0/READ: Would block while reading
Aug 26 12:39:34.114: TPLUS(00001356)/0/READ: socket event 1
Aug 26 12:39:34.114: TPLUS(00001356)/0/READ: read entire 12 header bytes (expect 5 bytes data)
Aug 26 12:39:34.114: TPLUS(00001356)/0/READ: socket event 1
Aug 26 12:39:34.114: TPLUS(00001356)/0/READ: read entire 17 bytes response
Aug 26 12:39:34.114: TPLUS(00001356)/0/3A72C8D0:
Processing the reply packet
Aug 26 12:39:34.114: TPLUS: Received accounting response with status PASS
SW-Comms-9#sh
Command authorization failed.
Aug 26 12:39:47.222: TAC+: using previously set server 192.168.x.x from group tacacs+
Aug 26 12:39:47.222: TAC+: Opening TCP/IP to 192.168.x.x/49 timeout=5
Aug 26 12:39:47.230: TAC+: Opened TCP/IP handle 0x3BE31D1C to 192.168.x.x/49
Aug 26 12:39:47.230: TAC+: Opened 192.168.x.x index=1
Aug 26 12:39:47.230: TAC+: 192.168.x.x (4007938957) AUTHOR/START queued
Aug 26 12:39:47.430: TAC+: (4007938957) AUTHOR/START processed
Aug 26 12:39:47.430: TAC+: (-287028339): received author response status = FAIL
Aug 26 12:39:47.431: TAC+: Closing TCP/IP 0x3BE31D1C connection to 192.168.x.x/49
SW-Comms-9#sh int
Command authorization failed.
Aug 26 12:40:01.241: TAC+: using previously set server 192.168.x.x from group tacacs+
Aug 26 12:40:01.241: TAC+: Opening TCP/IP to 192.168.x.x/49 timeout=5
Aug 26 12:40:01.249: TAC+: Opened TCP/IP handle 0x3BE31D1C to 192.168.x.x/49
Aug 26 12:40:01.249: TAC+: Opened 192.168.x.x index=1
Aug 26 12:40:01.250: TAC+: 192.168.x.x (3653537180) AUTHOR/START queued
Aug 26 12:40:01.449: TAC+: (3653537180) AUTHOR/START processed
Aug 26 12:40:01.449: TAC+: (-641430116): received author response status = FAIL
Aug 26 12:40:01.450: TAC+: Closing TCP/IP 0x3BE31D1C connection to 192.168.x.x/49
Solved! Go to Solution.