We got a problem that TACACS user could login to N9K via TACACS ID only one time, after that all login attemps are failure.
The log shows:
2016 Jan 29 01:51:39 HOSTNAME%AUTHPRIV-6-SYSTEM_MSG: START: ssh pid=13840 from=::ffff:10.25.158.105 - dcos-xinetd[7165]
2016 Jan 29 01:51:39 HOSTNAME%AUTH-6-SYSTEM_MSG: Could not load host key: /isan/etc/ssh_host_dsa_key - sshd[13840]
2016 Jan 29 01:51:57 HOSTNAME%DAEMON-3-SYSTEM_MSG: Unable to create temporary user 1473165. Error 0x404a000a usermod: group '1473165' does not exist (100663296) - sshd[13840]
2016 Jan 29 01:51:57 HOSTNAME%AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication failed for user 1473165 from 10.25.158.105 - sshd[13840]
2016 Jan 29 01:51:57 HOSTNAME%AUTHPRIV-5-SYSTEM_MSG: Login failed for user 1473165 - sshd[13840]
2016 Jan 29 01:51:57 HOSTNAME%DAEMON-6-SYSTEM_MSG: Failed password for 1473165 from 10.25.158.105 port 54733 ssh2 - sshd[13840]
All user could only login one time, we confirmed the password are correct.
But when we "show user-account", we found the account were cached which suppose to make this problem.
user:1473165
roles:vdc-operator
account created through REMOTE authentication
Credentials such as ssh server key will be cached temporarily only for this user account
Local login not possible
Is there anyone know how to remove those cached user accounts ? And how to configre auto-remove cache users once logoff ?
