We got a problem that TACACS user could login to N9K via TACACS ID only one time, after that all login attemps are failure.
The log shows:
2016 Jan 29 01:51:39 HOSTNAME%AUTHPRIV-6-SYSTEM_MSG: START: ssh pid=13840 from=::ffff:10.25.158.105 - dcos-xinetd
2016 Jan 29 01:51:39 HOSTNAME%AUTH-6-SYSTEM_MSG: Could not load host key: /isan/etc/ssh_host_dsa_key - sshd
2016 Jan 29 01:51:57 HOSTNAME%DAEMON-3-SYSTEM_MSG: Unable to create temporary user 1473165. Error 0x404a000a usermod: group '1473165' does not exist (100663296) - sshd
2016 Jan 29 01:51:57 HOSTNAME%AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication failed for user 1473165 from 10.25.158.105 - sshd
2016 Jan 29 01:51:57 HOSTNAME%AUTHPRIV-5-SYSTEM_MSG: Login failed for user 1473165 - sshd
2016 Jan 29 01:51:57 HOSTNAME%DAEMON-6-SYSTEM_MSG: Failed password for 1473165 from 10.25.158.105 port 54733 ssh2 - sshd
All user could only login one time, we confirmed the password are correct.
But when we "show user-account", we found the account were cached which suppose to make this problem.
account created through REMOTE authentication
Credentials such as ssh server key will be cached temporarily only for this user account
Local login not possible
Is there anyone know how to remove those cached user accounts ? And how to configre auto-remove cache users once logoff ?
Solved! Go to Solution.
Thanks for you valuable reply. But from the bug information, it was found in 7.0(3)I2(1a), and my version in N9k is 7.0(3)I2(2a). So is 2a also has same bug ?
Also, the bug also shows it has been fixed in coming version. But from the website, 2a is the latest version, how could we download the newer ?
Hello @Rajeshkumar Gatti
Thanks for the reply, don't know why your comment was not post in this discussion.
As you said, the might relative to bug CSCux43153 , but my NXIOS version is 7.0(3)I2(2a), is it also impacted ? as this is the last version of N9K 9372PX-E on Cisco website.
Could I download newer version for this module ?