[tac_plus] HWTACACS with H3C and 3Com

Vetoll vetoll at gmail.com
Sun Nov 4 14:32:11 UTC 2012 

Hi,

Here is my tac_plus config... How do I modify the privilege level on H3C?

user = vetoll {
        login = PAM
        member = lab
        maxsess = 10
}


#LAB Group
group = lab {
        default service = permit
        service = exec {
                        priv-lvl=15
                        }
}


This is my debug from the H3C switch... my user just fails to login.

*May  2 12:42:22:696 2000 H3C.Linux.Core TAC/7/Event:  Create HWTACACS
authentication request packet success
*May  2 12:42:22:698 2000 H3C.Linux.Core TAC/7/Event:
TAC_MESSAGE for AAA->TAC:
*May  2 12:42:22:699 2000 H3C.Linux.Core TAC/7/Event:
TAC_MESSAGE for AAA->TAC:
UserID=50  PacketType=3  AuthenType=1
AuthenService=1  PrivLevel=0  Version=c0  TemplateNum=0
UserName=vetoll at lab.test  PortName=vty1  RemAddress=10.0.0.5
UserMsg=  DataMsg=

*May  2 12:42:22:741 2000 H3C.Linux.Core TAC/7/Event:
TAC_MESSAGE for AAA->TAC:
*May  2 12:42:22:743 2000 H3C.Linux.Core TAC/7/Event:
TAC_MESSAGE for AAA->TAC:
UserID=50  PacketType=3  AuthenType=1
AuthenService=1  PrivLevel=0  Version=c0  TemplateNum=0
UserName=vetoll at lab.test  PortName=vty1  RemAddress=10.0.0.5
UserMsg=  DataMsg=

*May  2 12:42:22:744 2000 H3C.Linux.Core TAC/7/Event: Successfully found
the FIB information for the server (Server IP: 10.200.159.251, VPN index:
0).
*May  2 12:42:22:745 2000 H3C.Linux.Core TAC/7/Event: Got nas-ip 10.0.0.3
and VPN 0 of server 10.200.159.251.
*May  2 12:42:22:746 2000 H3C.Linux.Core TAC/7/Event: Successfully set
socket VPN attribute (VPN index: 0).
*May  2 12:42:22:748 2000 H3C.Linux.Core TAC/7/Event:
 hwtacacs create new session :
 session id: 24107, user id: 50, server ip: 10.200.159.251
*May  2 12:42:22:749 2000 H3C.Linux.Core TAC/7/Event:
version:c0  type:AUTHEN_REQUEST
seq_no:1  flag:ENCRYPTED_FLAG
session_id:5e2b  length:42
action:AUTHEN_LOGIN  priv_lvl:VISIT  authen_type:AUTHEN_TYPE_ASCII
service:AUTHEN_SVC_LOGIN
user len:22      port len:4      rem_addr len:8  data len:0
user name:vetoll at lab.test  port:vty1  rem_addr:10.0.0.5  data:

*May  2 12:42:22:750 2000 H3C.Linux.Core TAC/7/Event: statistic: transmit
flag:1, server flag: 0,packet flag:0xff
*May  2 12:42:22:843 2000 H3C.Linux.Core TAC/7/Event:
 hwtacacs packet sending success!
 version:c0 type:01 sequence:01 flag:00 session id:24107 length:42
*May  2 12:42:22:844 2000 H3C.Linux.Core TAC/7/Event: Authentication
sending(Result = 0)
*May  2 12:42:23:145 2000 H3C.Linux.Core TAC/7/Event:
version:c0  type:AUTHEN_REPLY
seq_no:2  flag:ENCRYPTED_FLAG
session_id:5e2b  length:16
status:AUTHEN_STATUS_GETPASS  flag:REPLY_FLAG_NOECHO
server_msg len:10  data len:0
server_msg:Password:   data:

*May  2 12:42:23:146 2000 H3C.Linux.Core TAC/7/Event: statistic: transmit
flag:2, server flag: 0,packet flag:0x5
*May  2 12:42:23:147 2000 H3C.Linux.Core TAC/7/Event:
version:c0  type:AUTHEN_CONTINUE
seq_no:3  flag:ENCRYPTED_FLAG
session_id:5e2b  length:15
user_msg len:******  data len:0 flag:0
user_msg:******
data:

*May  2 12:42:23:148 2000 H3C.Linux.Core TAC/7/Event:
 hwtacacs packet sending success!
 version:c0 type:01 sequence:03 flag:00 session id:24107 length:15
*May  2 12:42:23:150 2000 H3C.Linux.Core TAC/7/Event: statistic: transmit
flag:1, server flag: 0,packet flag:0xff
*May  2 12:42:23:151 2000 H3C.Linux.Core TAC/7/Event: Authentication
sending(Result = 0)
*May  2 12:42:23:246 2000 H3C.Linux.Core TAC/7/Event:
version:c0  type:AUTHEN_REPLY
seq_no:4  flag:ENCRYPTED_FLAG
session_id:5e2b  length:6
status:AUTHEN_STATUS_FAIL  flag:REPLY_FLAG_ECHO
server_msg len:0  data len:0
server_msg:  data:

*May  2 12:42:23:247 2000 H3C.Linux.Core TAC/7/Event:
TAC_MESSAGE for TAC->AAA:
*May  2 12:42:23:249 2000 H3C.Linux.Core TAC/7/Event:
TAC_MESSAGE for TAC->AAA:
ulUserID=50
ucTACTemplateNO=0
ucflag=2
Echo=0
ServerMsg=

*May  2 12:42:23:250 2000 H3C.Linux.Core TAC/7/Event: statistic: transmit
flag:2, server flag: 0,packet flag:0x2
*May  2 12:42:23:251 2000 H3C.Linux.Core TAC/7/Event:
 hwtacacs session is deleted due to finishing session:
 session id: 24107, user id: 50, server ip: 10.200.159.251


Thanks!!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20121104/eb83585c/attachment.html>

More information about the tac_plus mailing list