[tac_plus] Re: Issue when starting up

[john heasley]

Wed, Feb 17, 2010 at 04:16:04PM -0600, Hailu Meng:
> Hi All,
> 
> I have been running tac_plus in my redhat for couple of months. And I always
> run it as "tac_plus -C /etc/tac_plus.conf -t -d 120 -g" at frontground.
> Right now I try to setup a service for tac_plus and run as a daemon. But
> when I tried to run
> "tac_plus -C /etc/tac_plus.conf -t -d 120", I can't login my cisco switch.
> It still ask me for username. but it won't accept my password. The log
> shows:
> 
> Wed Feb 17 15:44:44 2010 [25229]: Reading config
> Wed Feb 17 15:44:44 2010 [25229]: Version F4.0.4.19 Initialized 1
> Wed Feb 17 15:44:44 2010 [25229]: tac_plus server F4.0.4.19 starting
> Wed Feb 17 15:44:44 2010 [25230]: Backgrounded
> Wed Feb 17 15:44:44 2010 [25231]: uid=505 euid=505 gid=505 egid=505 s=0
> Wed Feb 17 15:44:54 2010 [25231]: session.peerip is 10.1.1.10
> Wed Feb 17 15:44:54 2010 [25234]: connect from 10.1.1.10 [10.1.1.10]
> Wed Feb 17 15:44:55 2010 [25234]: pam_verify username
> Wed Feb 17 15:44:55 2010 [25234]: pam_tacacs received 1 pam_messages
> Wed Feb 17 15:44:55 2010 [25234]: Error 10.1.1.10 tty1: PAM_PROMPT_ECHO_OFF
> Wed Feb 17 15:44:59 2010 [25234]: pam_verify returns 1
> Wed Feb 17 15:44:59 2010 [25234]: Password has not expired <no expiry date
> set>
> Wed Feb 17 15:44:59 2010 [25234]: login query for 'username' tty1 from
> 10.1.1.10 accepted
> Wed Feb 17 15:45:05 2010 [25231]: session.peerip is 10.1.1.10
> Wed Feb 17 15:45:05 2010 [25238]: connect from 10.1.1.10 [10.1.1.10]
> 
> After the above log, the switch pop up "Password" again asking me for the
> password. I compared the normal log. It is same with the above. Wondering
> why it already accepted but still keep asking me the password.
> 
> Does anyone have idea about this?

you might try -d 256 and verify that the config on the device is correct.
also inspect the syslog for messages from the device.