[tac_plus] Re: tac_plus process automatically shutdown after too many login

john heasley heas at shrubbery.net
Fri Apr 2 20:12:32 UTC 2010 

Fri, Apr 02, 2010 at 11:21:52AM -0500, Hailu Meng:
> Hi there,
> 
> I recently setup Ciscoworks to backup the cisco device configuration every
> day. Right now I configured 126 devices in CiscoWorks to be back up. But
> after Ciscoworks finished the scheduled backup job, I found my tac_plus
> process has been stopped automatically. I checked the tac_plus log and found
> the end of log file has one error:
> Fri Apr  2 08:20:28 2010 [3417]: Error 10.x.x.x: Bad sequence number 3
> should be even
> what does it mean?

the sequence increments with each packet.  its value depends upon where
it is in the communication.

either the device has become confused or you've enabled single-connection
tacacs on the device, which neither IOS doesnt do properly and tac_plus
doesnt support.

> Some devices got successfully telneted and get into the enable mode. But
> some devices failed. In addition, I found the below error, it seems the
> device is not reachable but the device didn't have any issue at that time.
> Is there any possiblity that the unexpected delay cause this issue? Can I
> adjust some kind of timeout parameter in tac_plus to be suitable for the
> situation?
> 
> Fri Apr  2 08:20:24 2010 [3417]: Authen Start request
> Fri Apr  2 08:20:24 2010 [3417]: choose_authen returns 1
> Fri Apr  2 08:20:24 2010 [3417]: Writing AUTHEN/GETUSER size=55
> Fri Apr  2 08:20:24 2010 [3417]: PACKET: key=tac_key
> Fri Apr  2 08:20:24 2010 [3417]: version 192 (0xc0), type 1, seq no 2, flags
> 0x1
> Fri Apr  2 08:20:24 2010 [3417]: session_id 1720821293 (0x6691a62d), Data
> length 43 (0x2b)
> Fri Apr  2 08:20:24 2010 [3417]: End header
> Fri Apr  2 08:20:24 2010 [3417]: type=AUTHEN status=4 (AUTHEN/GETUSER)
> flags=0x0
> Fri Apr  2 08:20:24 2010 [3417]: msg_len=37, data_len=0
> Fri Apr  2 08:20:24 2010 [3417]: msg:
> Fri Apr  2 08:20:24 2010 [3417]:  0xa User Access Verification 0xa
> Fri Apr  2 08:20:24 2010 [3417]: data:
> Fri Apr  2 08:20:24 2010 [3417]: End packet
> Fri Apr  2 08:20:24 2010 [3417]: Waiting for packet
> Fri Apr  2 08:20:24 2010 [3417]: 10.x.x.x: exception on fd 6
> Fri Apr  2 08:20:24 2010 [3417]: Read -1 bytes from 10.x.x.x tty1, expecting
> 12
> Fri Apr  2 08:20:24 2010 [3417]: Error 10.x.x.x tty1: Null reply packet,
> expecting CONTINUE
> Fri Apr  2 08:20:24 2010 [3417]: 10.x.x.x: disconnect
> 
> Appreciated for your help!  Thanks!
> 
> Lou
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: http://www.shrubbery.net/pipermail/tac_plus/attachments/20100402/8d493c05/attachment.html 
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus

More information about the tac_plus mailing list