[tac_plus] tacplus timeout values

Kevin.Cruse at Instinet.com Kevin.Cruse at Instinet.com
Fri Feb 26 17:17:02 UTC 2016 


Hi All

I am having some issues with our tacacs clients timing out quite
frequently. We have hundreds of network devices pointing to 2 tacacs
servers and many users complain they are prompted for a password a few
times before getting authenticated or their session being terminated. This
does not happen constantly all day long but seems rather random.  I also
notice there are 'tacacs' timeout messages in our logging buffers. I have a
suspicion the tacacs server is busy handling requests and users get backed
up in a queue and router timeout is reached before daemon can respond. I
run the daemon with following command:

tac_plus -C /usr/local/sbin/tacplus/tac_plus.cfg -L -p 49 -G

Ok - now you are probably asking "why does he run it in
foreground?"...well...I cannot prove this but it seems there were some
security changes performed on our hosts which prevented me from running it
without the -G. I had been running the daemon with this command:

tac_plus -C /usr/local/sbin/tacplus/tac_plus.cfg -L -p 49

quite happily for sometime. We then had some maintenance work to test ldap
failover and when i restarted the daemon it would not start unless i ran in
foreground. i've been working with our admin team to resolve but still
cannot figure out why one day it just stopped working ( We run it on centos
7 ). Anyway - im getting away from my original question. I am fielding alot
of complaints about these timeouts and hope someone has had similar issues
and can provide some direction. Many thanks!!!


$ ./tac_plus -v
tac_plus version F4.0.4.28


-----------------------------------------------------------------
Kevin Cruse
US Networks
Instinet LLC
309 West 49th Street
New York, NY 10019 US
kevin.cruse at instinet.com
212-310-4734

=========================================================================================================  <<<< Disclaimer >>>>   This message is intended solely for use by the named addressee(s). If you receive this transmission in error, please immediately notify the sender and destroy this message in its entirety, whether in electronic or hard copy format. Any unauthorized use (and reliance thereon), copying, disclosure, retention, or distribution of this transmission or the material in this transmission is forbidden. We reserve the right to monitor and archive electronic communications. This material does not constitute an offer or solicitation with respect to the purchase or sale of any security. It should not be construed to contain any recommendation regarding any security or strategy. Any views expressed are those of the individual sender, except where the message states otherwise and the sender is authorized to state them to be the views of any such entity. This communication is provided on an “as is” basis. It contains material that is owned by Instinet Incorporated, its subsidiaries or its or their licensors, and may not, in whole or in part, be (i) copied, photocopied or duplicated in any form, by any means, or (ii) redistributed, posted, published, excerpted, or quoted without Instinet Incorporated's prior written consent. Please access the following link for important information and instructions:  http://instinet.com/includes/index.jsp?thePage=/html/le_index.txt   Securities products and services are provided by locally registered brokerage subsidiaries of Instinet Incorporated: Instinet Australia Pty Limited (ACN: 131 253 686 AFSL No: 327834), regulated by the Australian Securities & Investments Commission; Instinet Canada Limited, member IIROC/CIPF; Instinet Pacific Limited, authorized and regulated by the Securities and Futures Commission of Hong Kong; Instinet Singapore Services Private Limited, regulated by the Monetary Authority of Singapore, trading member of The Singapore Exchange Securities Trading Private Limited and clearing member of The Central Depository (Pte) Limited; and Instinet, LLC, member SIPC.  

=========================================================================================================  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20160226/04552b28/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 43650360.gif
Type: image/gif
Size: 4077 bytes
Desc: not available
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20160226/04552b28/attachment.gif>

More information about the tac_plus mailing list