<div dir="ltr"><div><div><div>Removed -L since that was adding a bunch of noise.<br><br></div>Found something worth mentioning when adding -d256:</div><div><br></div><div>**client ip**: Illegal major version specified: found 97 wanted 192<br>**client ip**: disconnect</div><div><br></div><div><br></div>Rest of the Log:<br>session request from 10.99.99.166 sock=6<br>connect from 10.99.99.166 [10.99.99.166]<br>Waiting for packet<br>Read AUTHEN/START size=43<br>validation request from 10.99.99.166<br>PACKET: key=**tacacs key**<br>version 192 (0xc0), type 1, seq no 1, flags 0x1<br>session_id 453907388 (0x1b0e13bc), Data length 31 (0x1f)<br>End header<br>type=AUTHEN/START, priv_lvl = 1<br>action=login<br>authen_type=ascii<br>service=login<br>user_len=6 port_len=4 (0x4), rem_addr_len=13 (0xd)<br>data_len=0<br>User: <br>rancid<br>port: <br>tty3<br>rem_addr: <br></div><div>**client ip**<br></div><div>data: <br>End packet<br>Authen Start request<br>choose_authen chose default_fn<br>Calling authentication function<br>Writing AUTHEN/GETPASS size=28<br>PACKET: key=**tacacs key**<br>version 192 (0xc0), type 1, seq no 2, flags 0x1<br>session_id 453907388 (0x1b0e13bc), Data length 16 (0x10)<br>End header<br>type=AUTHEN status=5 (AUTHEN/GETPASS) flags=0x1<br>msg_len=10, data_len=0<br>msg: <br>Password: <br>data: <br>End packet<br>Waiting for packet<br><br><br><br></div>Turned on debug aaa authentication and debug tacacs authentication:<br><br>Nov 21 14:36:49.113: TPLUS(00000FE0)/1/READ/FF96035DF8: timed out<br>Nov 21 14:36:49.113: TPLUS: Authentication start packet created for 4064(rancid)<br>Nov 21 14:36:49.113: TPLUS(00000FE0)/1/READ/FF96035DF8: timed out, clean up<br>Nov 21 14:36:49.113: TPLUS(00000FE0) login timer stopped<br>Nov 21 14:36:49.113: TPLUS(00000FE0)/1/FF96035DF8: Processing the reply packet<br>Nov 21 14:36:49.114: TPLUS: Invalid Client information received as input<br>Nov 21 14:36:52.119: AAA/AUTHEN/LOGIN (00000FE0): Pick method list 'default' <br>Nov 21 14:36:52.120: TPLUS: Queuing AAA Authentication request 4064 for processing<br>Nov 21 14:36:52.120: TPLUS(00000FE0) login timer started 1020 sec timeout<br>Nov 21 14:36:52.120: TPLUS: processing authentication start request id 4064<br>Nov 21 14:36:52.120: TPLUS: Authentication start packet created for 4064(rancid)<br>Nov 21 14:36:52.121: TPLUS: Using server **tacacs server**<br>Nov 21 14:36:52.122: TPLUS(00000FE0)/1/NB_WAIT/FF97B1F858: Started 5 sec timeout<br>Nov 21 14:36:52.125: TPLUS(00000FE0)/1/NB_WAIT: socket event 2<br>Nov 21 14:36:52.126: TPLUS(00000FE0)/1/NB_WAIT: wrote entire 43 bytes request<br>Nov 21 14:36:52.126: TPLUS(00000FE0)/1/READ: socket event 1<br>Nov 21 14:36:52.127: TPLUS(00000FE0)/1/READ: Would block while reading<br>Nov 21 14:36:57.122: TPLUS(00000FE0)/1/READ/FF97B1F858: timed out<br>Nov 21 14:36:57.122: TPLUS: Authentication start packet created for 4064(rancid)<br>Nov 21 14:36:57.123: TPLUS(00000FE0)/1/READ/FF97B1F858: timed out, clean up<br>Nov 21 14:36:57.123: TPLUS(00000FE0) login timer stopped<br>Nov 21 14:36:57.123: TPLUS(00000FE0)/1/FF97B1F858: Processing the reply packet<br>Nov 21 14:36:57.124: TPLUS: Invalid Client information received as input<br><br><div><div><div><br></div></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Nov 20, 2017 at 8:56 PM, heasley <span dir="ltr"><<a href="mailto:heas@shrubbery.net" target="_blank">heas@shrubbery.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Mon, Nov 20, 2017 at 02:21:53PM -0700, Daniel Schmidt:<br>
<span class="">> wild guess:<br>
><br>
> try adding pap = cleartext "blahblahblah"<br>
><br>
<br>
</span>yeah, or try it with -d 8 -d 256. find the service type, because this<br>
is weird:<br>
<span class=""><br>
> > Nov 20 15:43:09.240: TPLUS: Details of client session<br>
> > Nov 20 15:43:09.240: Client PID : 502<br>
> > Nov 20 15:43:09.240: Allocator PC : 0<br>
> > Nov 20 15:43:09.240: Transaction Type : Authentication<br>
> > Nov 20 15:43:09.240: Transaction Status : GET_PASSWORD<br>
> > Nov 20 15:43:09.240: Service : none <<<<<<<<<<<<<<<br>
> > Nov 20 15:43:09.240: Protocol : none<br>
> > Nov 20 15:47:59.067: TPLUS(00000FCA) login timer stopped<br>
> > Nov 20 15:47:59.067: TPLUS(00000FCA)/0/None: Started 120 sec timeout<br>
</span> ^ wonder what the 0 is.<br>
</blockquote></div><br></div>