I didn't want to leave this thread hanging without an answer, since you've taken the trouble to try to help, but I think I've found the solution, after doing some debugging.
Hi MHM CISCO WORLD:
show aaa server <<- share this --> only show radius server, my problems is tacacs and local.
debug aaa authC <<- share this --> yes interesting and it is important debug aaa authoR, Sometimes the authentication works and the authorization fails and other times they both work, but normally they both fail .
For all people,
I have reviewed the configuration again and another technician must have entered dot1x configuration and I think the old configuration has interfered. Above the normal aaa lines but below aaa-new model,:
"aaa local authentication default authorization default"
which I understand in turn calls:
"aaa authentication dot1x default group Radius1 local"
This makes me try with Radius and it fails. It tries to logon by entering the user as a radius user and not as a local user when tacacs fail.
I have seen in the debug that it seems that sometimes it authenticates but does not authorize and other times it authorizes and authenticates but these are the least frequent, normally the authorization fails.
When sometimes it succesfully I can see in the log two different behaviors for the same user, a messagge of radius dead and not responding, maybe it is casual when radius is dead, then I imagine it already uses local authentication and works.
Other time when authenticates it is follow radius user and process, I dont understand how to go to loggon but it is successfully, I don't understand how it manages to authenticate with the same user that fails other times by radius. I would need to capture more logs and analyze the Radius configuration that I do not know right now, but the important thing is why it doesn't work as I said, normal behavior is that it fails, because it tries to logon by entering the user as a radius user and not as a local user.
g 13 11:05:36.906: %SEC_LOGIN-5-WEBLOGIN_SUCCESS: Login Success [user: ciscotest] [Source: 192.168.1.1] at 13:05:36 UTC Mon Aug 10 2024
WLCISCO#
Aug 13 11:06:08.063: AAA/BIND(000010C5): Bind i/f
Aug 13 11:06:08.063: AAA/AUTHEN/LOGIN (000010C5): Pick method list 'LOGINTEST'
Aug 13 11:06:28.209: AAA/BIND(000010C6): Bind i/f
Aug 13 11:06:28.209: AAA/BIND(000010C7): Bind i/f
Aug 13 11:06:28.209: AAA/AUTHOR: auth_need : user= 'copyrightbanneruser' ruser= WLCISCO 'rem_addr= 'async' priv= 15 list= '' AUTHOR-TYPE= 'commands'
Aug 13 11:06:28.261: AAA/BIND(000010C8): Bind i/f
Aug 13 11:06:28.261: AAA/AUTHEN/LOGIN (000010C8): Pick method list ' LOGINTEST '
Aug 13 11:06:28.083: %WEBSERVER-5-LOGIN_FAILED: Chassis 2 Login Un-Successful from host 192.168.1.1
Aug 13 11:06:48.406: AAA/BIND(000010C9): Bind i/f
Aug 13 11:06:48.406: AAA/BIND(000010CA): Bind i/f
Aug 13 11:06:48.407: AAA/AUTHOR: auth_need : user= 'copyrightbanneruser' ruser= WLCISCO 'rem_addr= 'async' priv= 15 list= '' AUTHOR-TYPE= 'commands'
Aug 13 11:06:48.459: AAA/BIND(000010CB): Bind i/f
Aug 13 11:06:48.459: AAA/AUTHEN/LOGIN (000010CB): Pick method list ' LOGINTEST '
Aug 13 11:06:48.281: %WEBSERVER-5-LOGIN_FAILED: Chassis 2 Login Un-Successful from host 192.168.1.1
But there is a log that I don't understand and it is this user, maybe it doesn't have much to do with it but I don't know. and I don't know if it's something internal: "copyrightbanneruser":
13 10:34:35.169: AAA/AUTHOR: auth_need : user= 'copyrightbanneruser' ruser=...........
I didn't have time for more tests but the other quiestion for me, why via SSH it uses the local ones and does not do the same as in the attempts via https if both call the same method. Maybe another time I can do more debugging and test the ssh and look for differences.
