[tac_plus] Odd issue with NXOS + do_auth
John Fraizer
john at op-sec.us
Wed Oct 7 23:50:07 UTC 2015
Turned out to be that the person who deployed the devices didn't have:
feature privilege
...in the config. Oddly enough, things worked via SSH. The problem only
showed up when connecting via console.
--
John Fraizer
LinkedIn profile: http://www.linkedin.com/in/johnfraizer/
On Wed, Oct 7, 2015 at 10:08 AM, Daniel Schmidt <daniel.schmidt at wyo.gov>
wrote:
> Do you have aaa on the line?
>
> On Tue, Oct 6, 2015 at 5:56 PM, John Fraizer <john at op-sec.us> wrote:
>
>> I'm seeing strangeness with NXOS using tac_plus + doauth.
>>
>> If a user connects via SSH, everything works perfectly.
>> If a user connects via the console, they can authenticate but, the NXOS
>> apparently isn't sending the username when it requests the shell and I get
>> this in the logs:
>>
>> 2015-10-06 16:54:23,901 [CRITICAL]: Username not provided. Argument
>> -u/--username is required!
>>
>> When I do a show priv, I get level -1 and feature privilege: Disabled.
>> It shows the same when connected via SSH.
>>
>> Does anyone have any ideas about what might be causing this and how I
>> might
>> remedy the issue?
>>
>>
>> --
>> John Fraizer
>> LinkedIn profile: http://www.linkedin.com/in/johnfraizer/
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL: <
>> http://www.shrubbery.net/pipermail/tac_plus/attachments/20151006/ba1ff567/attachment.html
>> >
>> _______________________________________________
>> tac_plus mailing list
>> tac_plus at shrubbery.net
>> http://www.shrubbery.net/mailman/listinfo/tac_plus
>>
>
>
>
> E-Mail to and from me, in connection with the transaction
> of public business, is subject to the Wyoming Public Records
> Act and may be disclosed to third parties.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20151007/fe1e6277/attachment.html>
More information about the tac_plus
mailing list