[tac_plus] Re: More firewall grief
john heasley
heas at shrubbery.net
Tue Jun 9 16:58:06 UTC 2009
Tue, Jun 09, 2009 at 10:25:09AM -0600, Schmidt, Daniel:
> My apologies for filling up your inboxes, but I thought this was
> noteworthy.
>
> Anybody ever noticed this? Tac_pairs are returned for login, enable,
> and disable. However, for the second enable I get no tac_pairs returned
> - it is like the connection suddenly died. In fact, this login below
> was completely open - I'm not using an after authorization script and
> everything is allowed.
thats a device bug. each tacacs transaction is autonomous.
> I regret, I do not have a spare firewall to debug on. (Spare switches &
> routers, plenty, but no spare pix or asa)
>
> FW>
> FW> en
> Password: ********
> FW# disa
> FW> en
> Command authorization failed
> FW> en
> Command authorization failed
> FW>
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus
More information about the tac_plus
mailing list