Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4543
Views
0
Helpful
4
Replies

Nexus 7000 AAA tacacs+ issue

ckeithjones
Beginner
Beginner

‎12-06-2011 11:49 AM - edited ‎03-07-2019 03:46 AM

I cannot get the AAA tacacs+ authentication to work on my Nexus 7000. The following is the logging error I get:

2011 Dec  7 01:17:05 MCN-CORE-D-7020 %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication failed for user ctcrgrf from 172.26.32.200 - sshd[16930]

2011 Dec  7 01:17:05 MCN-CORE-D-7020 %DAEMON-3-SYSTEM_MSG: error: PAM: Authentication failure for illegal user ctcrgrf from 172.26.32.200 - sshd[16922]

2011 Dec  7 01:17:08 MCN-CORE-D-7020 %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication failed for user ctcrgrf from 172.26.32.200 - sshd[16935]

2011 Dec  7 01:17:08 MCN-CORE-D-7020 %DAEMON-3-SYSTEM_MSG: error: PAM: Authentication failure for illegal user ctcrgrf from 172.26.32.200 - sshd[16922]

2011 Dec  7 01:17:08 MCN-CORE-D-7020 %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication failed for user ctcrgrf from 172.26.32.200 - sshd[16936]

2011 Dec  7 01:17:08 MCN-CORE-D-7020 %DAEMON-3-SYSTEM_MSG: error: PAM: Authentication failure for illegal user ctcrgrf from 172.26.32.200 - sshd[16922]

2011 Dec  7 01:17:42 MCN-CORE-D-7020 %VSHD-5-VSHD_SYSLOG_CONFIG_I: Configured from vty by ncbranch on 172.26.22.20@pts/0

2011 Dec  7 01:19:46 MCN-CORE-D-7020 %VSHD-5-VSHD_SYSLOG_CONFIG_I: Configured from vty by ncbranch on 172.26.22.20@pts/0

2011 Dec  7 01:29:34 MCN-CORE-D-7020 %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication failed for user ctcrsrackj from 172.26.22.20 - sshd[17316]

2011 Dec  7 01:29:34 MCN-CORE-D-7020 %DAEMON-3-SYSTEM_MSG: error: PAM: Authentication failure for illegal user ctcrsrackj from 172.26.22.20 - sshd[17315]

Relevant config:

MCN-CORE-D-7020# show run tacacs+

!Command: show running-config tacacs+

!Time: Wed Dec  7 01:33:42 2011

version 5.1(3)

feature tacacs+

tacacs-server key 7 "XXXXXXX"

ip tacacs source-interface mgmt0

tacacs-server timeout 60

tacacs-server host 172.26.32.200

tacacs-server host 172.25.35.9

aaa group server tacacs+ tacacs+

    server 172.26.32.200

    server 172.25.35.9

    use-vrf management

    source-interface mgmt0

All users get this same error when trying to log in. Any other switch works with that username.

Labels:
0 Helpful