[tac_plus] Network devices frequently report TACACS+ service down

Lam Bennie bennie.lam at gmail.com
Thu Sep 5 08:04:14 UTC 2013 

  Dear Sir/Madam,

Grateful for your help in advance.

I have installed TACACS+ daemon (version F4.0.4.26 with basic
configuration) on a HP server (HP ProLiant DL320 G5P operating on Red Hat
Enterprise Linux 5.9, Kernel: 2.6.18-348.3.1.el5PAE i686).

My Alcatel-Lucent routers and LAN switches frequently report TACACS+
service is UP and then DOWN (30+ times per hour).  Below are some of the
syslog messages.

 >>>
Sep  3 10:00:16 xx.yy.kk.1 xx.yy.kk.1 NEWTESTNET: 688680 Base
SECURITY-MINOR-tacplusInetSrvrOperStatusChange-2025 [tacplus server 2]:
TACACS+ server xx.yy.zz.59 operational status changed to down.
Sep  3 10:00:31 xx.yy.kk.1 xx.yy.kk.1 NEWTESTNET: 688703 Base
SECURITY-MINOR-tacplusInetSrvrOperStatusChange-2025 [tacplus server 2]:
TACACS+ server xx.yy.zz.59 operational status changed to down.
Sep  3 10:01:39 xx.yy.kk.1 xx.yy.kk.1 NEWTESTNET: 688713 Base
SECURITY-MINOR-tacplusInetSrvrOperStatusChange-2025 [tacplus server 2]:
TACACS+ server xx.yy.zz.59 operational status changed to down.
Sep  3 10:02:33 xx.yy.kk.1 xx.yy.kk.1 NEWTESTNET: 688727 Base
SECURITY-MINOR-tacplusInetSrvrOperStatusChange-2025 [tacplus server 2]:
TACACS+ server xx.yy.zz.59 operational status changed to down.
>>>

May I have queries below.
**

 *1. Why my Alcatel-Lucent routers and LAN switches frequently report
the TACACS+
service is UP and then DOWN (30+ times per hour)?*
*2. Do Alcatel-Lucent routers and LAN switches have any compatibility issue
with TACACS+ daemon? If yes, any workaround or fix?*
*3. How to show/verify that TACACS+ daemon is running normally without
interruption to my network devices? Can tac_plus "debug" help?*
*4. Is below pattern of tac_plus connections (i.e. 3 times in 4 seconds)
plausible although noboby or no job tried to login with tac_plus?*

"debug" of tac_plus was turned on.  Below is the tac_plus command:
 /var/tacp/tac_plus -C /var/tacp/tac_plus.conf -d 65536 4

As a result, tac_plus log and syslog messages related to one of my
Alcatel-Lucent router (IP address: x.y.z.81) are attached below.

 tac_plus log:
...
Wed Sep  4 14:54:44 2013 [12753]: connect from x.y.z.81 [x.y.z.81]
Wed Sep  4 14:54:44 2013 [12753]: x.y.z.81: exception on fd 1
Wed Sep  4 14:54:44 2013 [12753]: Read -1 bytes from x.y.z.81 , expecting 12
Wed Sep  4 14:55:14 2013 [12832]: connect from x.y.z.81 [x.y.z.81]
Wed Sep  4 14:55:14 2013 [12832]: x.y.z.81: exception on fd 1
Wed Sep  4 14:55:14 2013 [12832]: Read -1 bytes from x.y.z.81 , expecting 12
Wed Sep  4 14:55:44 2013 [12848]: connect from x.y.z.81 [x.y.z.81]
Wed Sep  4 14:55:44 2013 [12848]: x.y.z.81: exception on fd 1
Wed Sep  4 14:55:44 2013 [12848]: Read -1 bytes from x.y.z.81 , expecting 12
...
Wed Sep  4 15:02:10 2013 [13458]: connect from x.y.z.81 [x.y.z.81]
Wed Sep  4 15:02:11 2013 [13460]: connect from x.y.z.81 [x.y.z.81]
Wed Sep  4 15:02:14 2013 [13469]: connect from x.y.z.81 [x.y.z.81]
Wed Sep  4 15:02:16 2013 [13469]: x.y.z.81: exception on fd 1
Wed Sep  4 15:02:16 2013 [13469]: Read -1 bytes from x.y.z.81 , expecting 12

syslog:
Sep  4 15:02:14 x.y.z.81 x.y.z.81 NEWTESTNET: 271981 Base
SECURITY-MINOR-tacplusInetSrvrOperStatusChange-2025 [tacplus server 2]:
TACACS+ server x.y.p.59 operational status changed to down.


Thanks
Bennie
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20130905/cbcb380d/attachment.html>

More information about the tac_plus mailing list