[tac_plus] Tac Plus Auth Error with IOS 16

Andrew Villano andrew.villano at gmail.com
Tue Nov 21 14:42:09 UTC 2017 

Removed -L since that was adding a bunch of noise.

Found something worth mentioning when adding -d256:

**client ip**: Illegal major version specified: found 97 wanted 192
**client ip**: disconnect


Rest of the Log:
session request from 10.99.99.166 sock=6
connect from 10.99.99.166 [10.99.99.166]
Waiting for packet
Read AUTHEN/START size=43
validation request from 10.99.99.166
PACKET: key=**tacacs key**
version 192 (0xc0), type 1, seq no 1, flags 0x1
session_id 453907388 (0x1b0e13bc), Data length 31 (0x1f)
End header
type=AUTHEN/START, priv_lvl = 1
action=login
authen_type=ascii
service=login
user_len=6 port_len=4 (0x4), rem_addr_len=13 (0xd)
data_len=0
User:
rancid
port:
tty3
rem_addr:
**client ip**
data:
End packet
Authen Start request
choose_authen chose default_fn
Calling authentication function
Writing AUTHEN/GETPASS size=28
PACKET: key=**tacacs key**
version 192 (0xc0), type 1, seq no 2, flags 0x1
session_id 453907388 (0x1b0e13bc), Data length 16 (0x10)
End header
type=AUTHEN status=5 (AUTHEN/GETPASS) flags=0x1
msg_len=10, data_len=0
msg:
Password:
data:
End packet
Waiting for packet



Turned on debug aaa authentication and debug tacacs authentication:

Nov 21 14:36:49.113: TPLUS(00000FE0)/1/READ/FF96035DF8: timed out
Nov 21 14:36:49.113: TPLUS: Authentication start packet created for
4064(rancid)
Nov 21 14:36:49.113: TPLUS(00000FE0)/1/READ/FF96035DF8: timed out, clean up
Nov 21 14:36:49.113: TPLUS(00000FE0) login timer stopped
Nov 21 14:36:49.113: TPLUS(00000FE0)/1/FF96035DF8: Processing the reply
packet
Nov 21 14:36:49.114: TPLUS: Invalid Client information received as input
Nov 21 14:36:52.119: AAA/AUTHEN/LOGIN (00000FE0): Pick method list
'default'
Nov 21 14:36:52.120: TPLUS: Queuing AAA Authentication request 4064 for
processing
Nov 21 14:36:52.120: TPLUS(00000FE0) login timer started 1020 sec timeout
Nov 21 14:36:52.120: TPLUS: processing authentication start request id 4064
Nov 21 14:36:52.120: TPLUS: Authentication start packet created for
4064(rancid)
Nov 21 14:36:52.121: TPLUS: Using server **tacacs server**
Nov 21 14:36:52.122: TPLUS(00000FE0)/1/NB_WAIT/FF97B1F858: Started 5 sec
timeout
Nov 21 14:36:52.125: TPLUS(00000FE0)/1/NB_WAIT: socket event 2
Nov 21 14:36:52.126: TPLUS(00000FE0)/1/NB_WAIT: wrote entire 43 bytes
request
Nov 21 14:36:52.126: TPLUS(00000FE0)/1/READ: socket event 1
Nov 21 14:36:52.127: TPLUS(00000FE0)/1/READ: Would block while reading
Nov 21 14:36:57.122: TPLUS(00000FE0)/1/READ/FF97B1F858: timed out
Nov 21 14:36:57.122: TPLUS: Authentication start packet created for
4064(rancid)
Nov 21 14:36:57.123: TPLUS(00000FE0)/1/READ/FF97B1F858: timed out, clean up
Nov 21 14:36:57.123: TPLUS(00000FE0) login timer stopped
Nov 21 14:36:57.123: TPLUS(00000FE0)/1/FF97B1F858: Processing the reply
packet
Nov 21 14:36:57.124: TPLUS: Invalid Client information received as input



On Mon, Nov 20, 2017 at 8:56 PM, heasley <heas at shrubbery.net> wrote:

> Mon, Nov 20, 2017 at 02:21:53PM -0700, Daniel Schmidt:
> > wild guess:
> >
> > try adding pap = cleartext "blahblahblah"
> >
>
> yeah, or try it with -d 8 -d 256.  find the service type, because this
> is weird:
>
> > > Nov 20 15:43:09.240: TPLUS: Details of client session
> > > Nov 20 15:43:09.240:  Client PID : 502
> > > Nov 20 15:43:09.240:  Allocator PC : 0
> > > Nov 20 15:43:09.240:  Transaction Type : Authentication
> > > Nov 20 15:43:09.240:  Transaction Status : GET_PASSWORD
> > > Nov 20 15:43:09.240:  Service : none        <<<<<<<<<<<<<<
> > > Nov 20 15:43:09.240:  Protocol : none
> > > Nov 20 15:47:59.067: TPLUS(00000FCA) login timer stopped
> > > Nov 20 15:47:59.067: TPLUS(00000FCA)/0/None: Started 120 sec timeout
>                                          ^ wonder what the 0 is.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20171121/407e980d/attachment.html>

More information about the tac_plus mailing list