TACACS problem

Hi would really appreciate if anyone could make any suggestions on an error I am seeing on my test switch regardings a new TACACS + server I have just built. Here is the config on the switch:-

aaa new-model aaa authentication login default group tacacs+ local enable aaa authentication login vtymethod group tacacs+ enable aaa authorization exec default group tacacs+ local none aaa authorization commands 0 default group tacacs+ local none aaa authorization commands 1 default group tacacs+ local none aaa authorization commands 15 default group tacacs+ local none aaa accounting commands 15 default start-stop group tacacs+

tacacs-server host 192.168.112.100 tacacs-server key xxxxxxxxxx

When I run a debug aaa authentuication on the switch I get the following error message.

16:52:21: AAA: parse name=tty2 idb type=-1 tty=-1 16:52:21: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=2 channel=0 16:52:21: AAA/MEMORY: create_user (0x80CF57A4) user='' ruser='' port='tty2' rem_addr='172.16.11.211' authen_type=ASCII service=LOGIN priv=1 16:52:21: AAA/AUTHEN/START (4186451996): port='tty2' list='' action=LOGIN service=LOGIN 16:52:21: AAA/AUTHEN/START (4186451996): using "default" list 16:52:21: AAA/AUTHEN/START (4186451996): Method=tacacs+ (tacacs+) 16:52:21: TAC+: send AUTHEN/START packet ver=192 id=4186451996 16:52:22: AAA/AUTHEN (4186451996): status = ERROR ********** PROBLEM HERE****** 16:52:22: AAA/AUTHEN/START (4186451996): Method=LOCAL 16:52:22: AAA/AUTHEN (4186451996): status = GETUSER 16:52:52: AAA/AUTHEN/ABORT: (4186451996) because CTRL-C pressed. 16:52:54: AAA/MEMORY: free_user (0x80CF57A4) user='' ruser='' port='tty2' rem_addr='172.16.11.211' authen_type=ASCII service=LOGIN priv=1
Reply to
Gazza
Loading thread data ...

Gazza,

may be "debug tacacs" digs up a bit more.

Rainer

Reply to
Rainer Temme

Thanks I found the problem was with the tacacs.conf file. I had put in a typo.. now works OK however I can't stop it dropping straight into enable mode. I want it to prompt for an enable password still, any more ideas ?

Ra> > When I run a debug aaa authentuication on the switch I get the

Reply to
Gazza

Gazza,

i didn't use tacacs for this so far ... but if users are configured locally ... like ...

user USERNAME priv xx pass 0 pass

... may be there is an equivalent to this "priv xx" in your tacacs-config.

Rainer

Reply to
Rainer Temme

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.