Cisco Community
English
Register
Great changes are coming to Cisco Community in July. LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
3519
Views
0
Helpful
4
Replies
parismita_0305
Beginner
Beginner
‎03-10-2017 01:43 AM
‎03-10-2017 01:43 AM

Nexus 9k switch is giving the error %TACACS-3-TACACS_ERROR_MESSAGE: All servers failed to respond

i have recently configured 2 new Nexus 9k series switches 

i configured the tacacs and the aaa and i am able to ping the tacacs server from the switch. but when i try to login with my tacacs id and pw its not authenticating for some reason.

here are the error logs:

%AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication failed for user
%DAEMON-3-SYSTEM_MSG: error: PAM: Authentication failure for illegal user 
%TACACS-3-TACACS_ERROR_MESSAGE: All servers failed to respond

suggestions??

Labels:
2 people had this problem
0 Helpful
4 REPLIES 4
Ganesh Hariharan
Advisor
Advisor
‎03-12-2017 04:20 AM
‎03-12-2017 04:20 AM 

i have recently configured 2 new Nexus 9k series switches 
i configured the tacacs and the aaa and i am able to ping the tacacs server from the switch. but when i try to login with my tacacs id and pw its not authenticating for some reason.
here are the error logs:
%AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication failed for user 
%DAEMON-3-SYSTEM_MSG: error: PAM: Authentication failure for illegal user 
%TACACS-3-TACACS_ERROR_MESSAGE: All servers failed to respond
suggestions??

Hi ,

what error logs are you seeing at TACAS server ..??

have a look on the TACAS integration with Nexus Switches ...

Hope it Helps...

-GI

0 Helpful
mkriss5681
Beginner
Beginner
‎04-19-2019 08:44 AM
‎04-19-2019 08:44 AM

Seeing this as well in 7.0(3)I7(6). I see open bugs for the other Nexus lines, but not 9k. 

0 Helpful
Fincey
Beginner
Beginner
In response to mkriss5681
‎11-04-2019 12:42 PM
‎11-04-2019 12:42 PM

I have 9Ks - On 7.0.3.i7.6 and 9.3.1 code I saw this issue.  

 

I was able to use the hidden command sync-snmp-password passwd userabc  1.2.3.4   

passwd - is the password of the user

userabc- TACACs authenticated account

1.2.3.4 - TACACs server address.    

 

The command will return to the CLI with no output.,  Nothing added to the running-config,  but the annoying, constant 5 min. interval  TACACs error messages stopped.   Tested on Version 9.3.1 on 9Ks.  Reload shows initial syslog "failed to respond" error, but it did NOT repeat in 5 min. intervals again.

0 Helpful
Fincey
Beginner
Beginner
In response to mkriss5681
‎11-04-2019 12:45 PM
‎11-04-2019 12:45 PM

 
0 Helpful
Latest Contents
DR and the Type-2 LSA in OSPFv3 versus OSPFv2
Created by Meddane on 06-24-2022 04:35 PM
0
0
0
0
When moving from OSPFv2 to OSPFv3, there are many changes in the format of the LSAs Type, but the most known changes are: IP prefix informations are no longer carried in Type-1 LSA and Type-2 LSA, new LSAs Type 8 and 9 are added to carry these prefixes. L... view more
Preview of the Book OSPF CCIE The Ultimate Ccie Enterprise E...
Created by Meddane on 06-23-2022 08:45 PM
0
0
0
0
Read a preview of my book OSPF The ultimate for CCIE Enterprise and Infrastructure exam in Books Google Doc.   Read a preview of my book OSPF The ultimate for CCIE Enterprise and Infrastructure exam in Books Google Doc #CCIE #Cisco #exam #Enterprise ... view more
Series of 20 OSPF Questions With Concise Answers.
Created by Meddane on 06-21-2022 03:08 AM
0
5
0
5
  Question 1: What are the OSPF Loop Prevention Mechanisms   In single area, the routers have the Link State Database, having the same LSDB helps the routers to build a loop-free topology.   Now in a multiarea topology, the ABRs are respon... view more
Preparing a series of OSPF questions and answers
Created by Meddane on 06-19-2022 05:29 AM
2
5
2
5
Question 1: What are the OSPF Loop Prevention Mechanisms Question 2: Why area 0 is required? Question 3: what is the command to stop Type-7 LSA ? Question 4: How the NSSA ABR translator election occurs? Question 5: How to stop receiving specific subnets I... view more
Why an NSSA ABR does not inject a default route automaticall...
Created by Meddane on 06-18-2022 03:44 AM
0
0
0
0
If an NSSA ASBR originates a default route into the OSPF in order to reach an external domain, the default route is injected as a Type 7 NSSA External LSA.  If at the same time the NSSA ABR connecting that NSSA to Area 0 is generating a default route... view more
Ask a Question
Create
+ Discussion
+ Blog
+ Document
+ Video
+ Project Story
Find more resources
Discussions
Blogs
Documents
Events
Videos
Project Gallery
New Community Member Guide
Related support document topics
Recognize Your Peers
Spotlight Award Nomination
Content for Community-Ad