Solved: How could remove cache user-account from Nexus 9K ?

Lin Ma · ‎01-29-2016

We got a problem that TACACS user could login to N9K via TACACS ID only one time, after that all login attemps are failure.

The log shows:

2016 Jan 29 01:51:39 HOSTNAME%AUTHPRIV-6-SYSTEM_MSG: START: ssh pid=13840 from=::ffff:10.25.158.105 - dcos-xinetd[7165]
2016 Jan 29 01:51:39 HOSTNAME%AUTH-6-SYSTEM_MSG: Could not load host key: /isan/etc/ssh_host_dsa_key - sshd[13840]
2016 Jan 29 01:51:57 HOSTNAME%DAEMON-3-SYSTEM_MSG: Unable to create temporary user 1473165. Error 0x404a000a usermod: group '1473165' does not exist (100663296) - sshd[13840]
2016 Jan 29 01:51:57 HOSTNAME%AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication failed for user 1473165 from 10.25.158.105 - sshd[13840]
2016 Jan 29 01:51:57 HOSTNAME%AUTHPRIV-5-SYSTEM_MSG: Login failed for user 1473165 - sshd[13840]
2016 Jan 29 01:51:57 HOSTNAME%DAEMON-6-SYSTEM_MSG: Failed password for 1473165 from 10.25.158.105 port 54733 ssh2 - sshd[13840]

All user could only login one time, we confirmed the password are correct.

But when we "show user-account", we found the account were cached which suppose to make this problem.

user:1473165
roles:vdc-operator
account created through REMOTE authentication
Credentials such as ssh server key will be cached temporarily only for this user account
Local login not possible

Is there anyone know how to remove those cached user accounts ? And how to configre auto-remove cache users once logoff ?

Rajeshkumar Gatti · ‎01-29-2016

Most likely you are hitting CSCux43153.

-Raj

View solution in original post

Rajeshkumar Gatti · ‎02-01-2016

Lin,

The bug is present in 7.0(3)I2(2a) as well. The fixed release is not yet out on CCO.

The next 9k NX-OS release on the 7.x train (Don't have the release dates) should have the fix.

-Raj

View solution in original post

Rajeshkumar Gatti · ‎01-29-2016

Most likely you are hitting CSCux43153.

-Raj

Lin Ma · ‎01-31-2016

Hi Gatti:

Thanks for you valuable reply. But from the bug information, it was found in 7.0(3)I2(1a), and my version in N9k is 7.0(3)I2(2a). So is 2a also has same bug ?

Also, the bug also shows it has been fixed in coming version. But from the website, 2a is the latest version, how could we download the newer ?

Rajeshkumar Gatti · ‎02-01-2016

Lin,

The bug is present in 7.0(3)I2(2a) as well. The fixed release is not yet out on CCO.

The next 9k NX-OS release on the 7.x train (Don't have the release dates) should have the fix.

-Raj

Lin Ma · ‎01-30-2016

Hello @Rajeshkumar Gatti

Thanks for the reply, don't know why your comment was not post in this discussion.

As you said, the might relative to bug CSCux43153 , but my NXIOS version is 7.0(3)I2(2a), is it also impacted ? as this is the last version of N9K 9372PX-E on Cisco website.

Could I download newer version for this module ?

IanUK · ‎05-11-2022

I have the same issue 10.1(1) 93180 FX3 , cant keep rebooting a production switch ......also no prepovisioning to upgrade from 5Ks, oh how I wish we'd bought ARISTA instead.