[tac_plus] Tac Plus Auth Error with IOS 16

Tue Nov 21 17:50:22 UTC 2017

Tue, Nov 21, 2017 at 09:42:09AM -0500, Andrew Villano:
> Removed -L since that was adding a bunch of noise.
> 
> Found something worth mentioning when adding -d256:
> 
> **client ip**: Illegal major version specified: found 97 wanted 192
> **client ip**: disconnect

yeah, weird.  the debug o/p looks normal to me.

> Turned on debug aaa authentication and debug tacacs authentication:
> 
> Nov 21 14:36:49.113: TPLUS(00000FE0)/1/READ/FF96035DF8: timed out
> Nov 21 14:36:49.113: TPLUS: Authentication start packet created for
> 4064(rancid)
> Nov 21 14:36:49.113: TPLUS(00000FE0)/1/READ/FF96035DF8: timed out, clean up
> Nov 21 14:36:49.113: TPLUS(00000FE0) login timer stopped
> Nov 21 14:36:49.113: TPLUS(00000FE0)/1/FF96035DF8: Processing the reply
> packet
> Nov 21 14:36:49.114: TPLUS: Invalid Client information received as input
> Nov 21 14:36:52.119: AAA/AUTHEN/LOGIN (00000FE0): Pick method list
> 'default'
> Nov 21 14:36:52.120: TPLUS: Queuing AAA Authentication request 4064 for
> processing
> Nov 21 14:36:52.120: TPLUS(00000FE0) login timer started 1020 sec timeout
> Nov 21 14:36:52.120: TPLUS: processing authentication start request id 4064
> Nov 21 14:36:52.120: TPLUS: Authentication start packet created for
> 4064(rancid)
> Nov 21 14:36:52.121: TPLUS: Using server **tacacs server**
> Nov 21 14:36:52.122: TPLUS(00000FE0)/1/NB_WAIT/FF97B1F858: Started 5 sec
> timeout
> Nov 21 14:36:52.125: TPLUS(00000FE0)/1/NB_WAIT: socket event 2
> Nov 21 14:36:52.126: TPLUS(00000FE0)/1/NB_WAIT: wrote entire 43 bytes
> request
> Nov 21 14:36:52.126: TPLUS(00000FE0)/1/READ: socket event 1
> Nov 21 14:36:52.127: TPLUS(00000FE0)/1/READ: Would block while reading
> Nov 21 14:36:57.122: TPLUS(00000FE0)/1/READ/FF97B1F858: timed out

why did it timeout.  do you have filters somewhere that are interfering?
or perhaps a routing problem or duplicate address?  maybe add aaa packet
debugging.

> Nov 21 14:36:57.122: TPLUS: Authentication start packet created for
> 4064(rancid)
> Nov 21 14:36:57.123: TPLUS(00000FE0)/1/READ/FF97B1F858: timed out, clean up
> Nov 21 14:36:57.123: TPLUS(00000FE0) login timer stopped
> Nov 21 14:36:57.123: TPLUS(00000FE0)/1/FF97B1F858: Processing the reply
> packet
> Nov 21 14:36:57.124: TPLUS: Invalid Client information received as input
> 
> 
> 
> On Mon, Nov 20, 2017 at 8:56 PM, heasley <heas at shrubbery.net> wrote:
> 
> > Mon, Nov 20, 2017 at 02:21:53PM -0700, Daniel Schmidt:
> > > wild guess:
> > >
> > > try adding pap = cleartext "blahblahblah"
> > >
> >
> > yeah, or try it with -d 8 -d 256.  find the service type, because this
> > is weird:
> >
> > > > Nov 20 15:43:09.240: TPLUS: Details of client session
> > > > Nov 20 15:43:09.240:  Client PID : 502
> > > > Nov 20 15:43:09.240:  Allocator PC : 0
> > > > Nov 20 15:43:09.240:  Transaction Type : Authentication
> > > > Nov 20 15:43:09.240:  Transaction Status : GET_PASSWORD
> > > > Nov 20 15:43:09.240:  Service : none        <<<<<<<<<<<<<<
> > > > Nov 20 15:43:09.240:  Protocol : none
> > > > Nov 20 15:47:59.067: TPLUS(00000FCA) login timer stopped
> > > > Nov 20 15:47:59.067: TPLUS(00000FCA)/0/None: Started 120 sec timeout
> >                                          ^ wonder what the 0 is.
> >