1. Home
  2. Cisco Systems
  3. tacacs and 2950

tacacs and 2950

I cannot get the tacacs authentication to work on our 2950's. I have it working on 3750's and other various swithes. The commands that I have entered on the tacacs side are:

aaa new-model aaa authentication login MYGROUP group tacacs+ local line enable aaa authentication enable default group tacacs+ enable

tacacs-server host 10.29.2.32 key dingdong123

line vty 0 4 exec-timeout 15 0 logging synchronous login authentication MYGROUP length 0 transport input telnet

username joesmith privilege 15 secret 5 whateverlistedhere

I have listed the commands that are part of the tacacs config I am using.

I appreciate your help...

thx Bran

Reply to
Branigan
Loading thread data ...

your config looks good.

does the tacacs server show authentication attempt. any reasons for authentication failure ?

OR else you see authentication debugs and see if the tacacs server is reachable and if it is returning "FAIL"

Reply to
Vivek

Can you ping the TACACS server from the box ? maybe you have forgot a def gateway or something, or a source interface statement.

Reply to
Martin Bilgrav

just for kicks: Have you tried the tacacs-server key

command aswell ?

Reply to
Martin Bilgrav

Just as a test I created another account in active directory and that one worked. They both use the same password and are not disabled in AD all seems well. Can an account be corrupt? restart tacacs server service etc. Any thoughts on that one?

Reply to
branigan

Reply to
Branigan

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.