[tac_plus] Unable to get details in the log for authentication failure.

Alan McKinnon alan.mckinnon at gmail.com
Mon Oct 19 22:54:48 UTC 2015 

On 19/10/2015 12:57, Manoj Kannachari wrote:
> More details from the log:
> 
> Mon Oct 19 21:36:27 2015 [14792]: Reading config
> Mon Oct 19 21:36:27 2015 [14792]: Version F4.0.4.28 Initialized 1
> Mon Oct 19 21:36:27 2015 [14792]: tac_plus server F4.0.4.28 starting
> Mon Oct 19 21:36:27 2015 [14793]: Backgrounded
> Mon Oct 19 21:36:27 2015 [14794]: socket FD 0 AF 2
> Mon Oct 19 21:36:27 2015 [14794]: socket FD 2 AF 10
> Mon Oct 19 21:36:27 2015 [14794]: uid=0 euid=0 gid=0 egid=0 s=31384336
> Mon Oct 19 21:38:01 2015 [14815]: connect from x.x.x.x [x.x.x.x]
> Mon Oct 19 21:38:01 2015 [14815]: pap-login query for 'cisco' port InfiTac from x.x.x.x rejected
> Mon Oct 19 21:38:01 2015 [14815]: login failure: cisco x.x.x.x (x.x.x.x) InfiTac
> 
> 
> 
> How can I =increase the debug print level so as to get detailed logs?


man tac_plus

The -d values are listed there. It's a bit-wise field so just keep
adding more -d options till the logs start telling you what you want.

Caveat: Above -d 32 things start to get very verbose very quick.




> 
> Thanks
> Manoj
> From: Manoj Kannachari
> Sent: Monday, October 19, 2015 4:22 PM
> To: 'tac_plus at shrubbery.net' <tac_plus at shrubbery.net>
> Subject: Unable to get details in the log for authentication failure.
> 
> Hi
> I installed tacacs+ server from shrubbery with following configuration details:
> #key
> key = "cisco"
> #user details
> user=cisco {
> default service = permit
> member = admingroup
> login = cleartext cisco
> }
> #group details
> # admin group
> group = admingroup {
> default service = permit
> service = exec {
> priv-lvl = 15
> }
> }
> #Enable password setup for users:
> user = $enable$ {
> login = cleartext HD.Hw0OHKmO/c
> }
> I ran the server with logs enabled using:  tac_plus -C etc/tacacs/tac_plus.conf -d 16.
> When I am trying to connect to the server using my client with above credentials , all I can see in tac_plus.log is
> 
> 
> Oct 19 21:36:27 in-sjain-dt tac_plus[14792]: Reading config
> Oct 19 21:36:27 in-sjain-dt tac_plus[14792]: Version F4.0.4.28 Initialized 1
> Oct 19 21:38:01 in-sjain-dt tac_plus[14815]: connect from x.x.x.x [x.x.x.x]
> Oct 19 21:38:01 in-sjain-dt tac_plus[14815]: login failure: cisco x.x.x.x(x.x.x.x) InfiTac
> 
> Without detailed logs I am not able to decipher the cause of failure. Would you provide me details on anything that is missing ?
> How can I =increase the debug print level so as to get detailed logs?
> 
> Thanks
> Manoj
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20151019/d5fa846c/attachment.html>
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/tac_plus
> 


-- 
Alan McKinnon
alan.mckinnon at gmail.com

More information about the tac_plus mailing list