[tac_plus] Re: tac_plus with NX-OS

john heasley heas at shrubbery.net
Wed Jul 15 21:14:01 UTC 2009 

Wed, Jul 15, 2009 at 06:34:16AM -0400, Paul Vdovets:
> that seems to be what the nexus requires i have no extra config specifying
> pap

that seems broken.  you should file a bug with cisco.

> below is the entire config used to get tacacs enabled
> 
> feature tacacs+
> tacacs+ enable
> 
> tacacs-server key 7 "*********"
> tacacs-server host 10.88.4.52 key 7 "*********" timeout 5
> tacacs-server host 10.88.4.52 test username test password test
> aaa group server tacacs+ conaaa
>     server 10.88.4.52
>     use-vrf default                                #needed since i am not
> using the mgmt port on the switch
> aaa authentication login default group conaaa local
> aaa authentication login console group conaaa local
> aaa accounting default group conaaa local
> no aaa authentication login error-enable
> no aaa authentication login mschap enable
> no radius-server directed-request
> tacacs-server directed-request
> 
> 
> 
> On Wed, Jul 15, 2009 at 3:15 AM, john heasley <heas at shrubbery.net> wrote:
> 
> > Tue, Jul 14, 2009 at 11:30:15PM -0400, Paul Vdovets:
> > > i have a working tac_plus server that provides authentication for all the
> > > Cisco IOS switches and routers in our env.
> > >
> > > we just added 2 cisco nexus 5010 and unlike there IOS brethren they do
> > not
> > > seem to work with the tac_plus server
> > >
> > > has anyone seen this  i have been running with debug level 16 and still
> > get
> > > only this for a result
> > >
> > > Jul 14 23:18:20 ldap1 tac_plus[30496]: Reading config
> > > Jul 14 23:18:20 ldap1 tac_plus[30496]: Version F4.0.4.18 Initialized 1
> > > Jul 14 23:18:20 ldap1 tac_plus[30496]: session.peerip is 10.88.2.10
> > > Jul 14 23:18:20 ldap1 tac_plus[30496]: pap-login query for 'my-user' 0
> > from
> > > distsw1 rejected
> >
> > why is it a 'pap-login'?
> >
> > > Jul 14 23:18:20 ldap1 tac_plus[30496]: login failure: pvdovets distsw1
> > > (10.88.2.10) 0
> > > Jul 14 23:18:20 ldap1 xinetd[30445]: EXIT: tacacs status=0 pid=30496
> > > duration=0(sec)
> > >
> > >
> > >
> > > on the nexus when using the test aaa server tacacs comand i get the
> > > following
> > >
> > >  error authenticating to server
> > >  7
> > >
> > >
> > > thanks,
> > >
> > > --
> > > Paul
> > > -------------- next part --------------
> > > An HTML attachment was scrubbed...
> > > URL:
> > http://www.shrubbery.net/pipermail/tac_plus/attachments/20090714/8996cb55/attachment.html
> > > _______________________________________________
> > > tac_plus mailing list
> > > tac_plus at shrubbery.net
> > > http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus
> >
> 
> 
> 
> -- 
> Paul Vdovets

More information about the tac_plus mailing list