[tac_plus] Re: Issue when starting up

Hailu Meng hailumeng at gmail.com
Fri Feb 19 01:10:52 UTC 2010 

Here is my tac_plus conf in linux box:

accounting file = /var/log/tacacs_acct
key = mykey

user = $enab15$ {
  login = des "DKxtKRZ/XeEgM"
}

group = admin {
  default service = permit
  service = exec {
    priv-lvl = 15
  }
}

group = limited {
  default service = deny
  service = exec {
        priv-lvl = 1
  }
  cmd = show {
        permit ip
        permit interface
  }
}

user = testuser{
        member = admin
        login = PAM
}


On Thu, Feb 18, 2010 at 5:45 PM, john heasley <heas at shrubbery.net> wrote:

> Thu, Feb 18, 2010 at 02:02:46PM -0600, Hailu Meng:
> > Thu Feb 18 13:42:22 2010 [27117]: Writing AUTHEN/SUCCEED size=18
> > Thu Feb 18 13:42:22 2010 [27117]: PACKET: key=mykey
> > Thu Feb 18 13:42:22 2010 [27117]: version 192 (0xc0), type 1, seq no 6,
> > flags 0x1
> > Thu Feb 18 13:42:22 2010 [27117]: session_id 3918696952 (0xe99291f8),
> Data
> > length 6 (0x6)
> > Thu Feb 18 13:42:22 2010 [27117]: End header
> > Thu Feb 18 13:42:22 2010 [27117]: type=AUTHEN status=1 (AUTHEN/SUCCEED)
> > flags=0x0
> > Thu Feb 18 13:42:22 2010 [27117]: msg_len=0, data_len=0
> > Thu Feb 18 13:42:22 2010 [27117]: msg:
> > Thu Feb 18 13:42:22 2010 [27117]: data:
> > Thu Feb 18 13:42:22 2010 [27117]: End packet
> > Thu Feb 18 13:42:22 2010 [27117]: 10.1.2.1: disconnect
> > *<------ This above is the same as successful one, from here, I got
> another
> > "Password" Prompt asking for password*. *Even I input my correct password
> > for the 2nd time, it just doesn't allow me in*.* I also tried wrong
> password
> > for the first time password input on purpose, I did get rejected message
> > like "login query for 'testuser' tty1 from 10.1.2.1 rejected"*
>
> > Thu Feb 18 13:42:28 2010 [27116]: session request from 10.1.2.1 sock=2
> > Thu Feb 18 13:42:28 2010 [27135]: connect from 10.1.2.1 [10.1.2.1]
> > Thu Feb 18 13:42:28 2010 [27135]: Waiting for packet
> > Thu Feb 18 13:42:28 2010 [27135]: Read AUTHEN/START size=35
> > Thu Feb 18 13:42:28 2010 [27135]: validation request from 10.1.2.1
> > Thu Feb 18 13:42:28 2010 [27135]: PACKET: key=mykey
> > Thu Feb 18 13:42:28 2010 [27135]: version 192 (0xc0), type 1, seq no 1,
> > flags 0x1
> > Thu Feb 18 13:42:28 2010 [27135]: session_id 3154815253 (0xbc0aa915),
> Data
> > length 23 (0x17)
>
> its starting a new auth connection.
>
> whats the tacacs conf on the device?
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/tac_plus/attachments/20100218/b47b56fb/attachment.html

More information about the tac_plus mailing list