HPE Community
Other HPE Product Questions
1755766 Members
2721 Online
108838 Solutions
New Discussion

TACACS not working on HP 5130 JG937A

 
IhorHanichev
Visitor

‎01-15-2024 03:49 AM - last edited on ‎01-15-2024 08:23 PM by

‎01-15-2024 03:49 AM - last edited on ‎01-15-2024 08:23 PM by

TACACS not working on HP 5130 JG937A

Hi, I have a problem with TACACS on SW 5130 JG937A version 7.1.070, Release 3507, in clearpass I see authentication accepted, but in logs I see error, but I don't understand what is going on.


Log

1 01:04:56:366 2013 HPE TACACS/7/EVENT: PAM_TACACS: Processing TACACS authentication.
*Jan 1 01:04:56:366 2013 HPE TACACS/7/EVENT: PAM_TACACS: Session successfully created.
*Jan 1 01:04:56:367 2013 HPE TACACS/7/EVENT: PAM_TACACS: Getting available server, server-ip=2.2.2.2, server-port=49, VPN instance=--(public).
*Jan 1 01:04:56:368 2013 HPE TACACS/7/EVENT: PAM_TACACS: Connecting to server...
*Jan 1 01:04:56:371 2013 HPE TACACS/7/EVENT: PAM_TACACS: Reply SocketFd received EPOLLOUT event.
*Jan 1 01:04:56:372 2013 HPE TACACS/7/EVENT: PAM_TACACS: Connection succeeded, server-ip=2.2.2.2, port=49, VPN instance=--(public).
*Jan 1 01:04:56:372 2013 HPE TACACS/7/EVENT: PAM_TACACS: Encapsulating authentication request packet.
*Jan 1 01:04:56:373 2013 HPE TACACS/7/send_packet:
version: 0xc0 type: AUTHEN_REQUEST seq_no: 1 flag: ENCRYPTED_FLAG
session-id: 0x1ccf48be
length of payload: 52
action: LOGIN priv_lvl: 0 authen_type: ASCII service: LOGIN
user_len: 13 port_len: 0 rem_len: 10 data_len: 21
user: ihor.hanichev
port:
rem_addr: (IP of my laptop)
data: ******
*Jan 1 01:04:56:388 2013 HPE TACACS/7/EVENT: PAM_TACACS: Reply SocketFd received EPOLLIN event.
*Jan 1 01:04:56:392 2013 HPE TACACS/7/recv_packet:
version: 0xc0 type: AUTHEN_REPLY seq_no: 2 flag: ENCRYPTED_FLAG
session-id: 0x1ccf48be
length of payload: 16
status: STATUS_GETPASS flags: NOECHO
server_msg len: 10 data len: 0
server_msg: Password:
data:
*Jan 1 01:04:56:392 2013 HPE TACACS/7/EVENT: PAM_TACACS: Processing authentication reply packet.
*Jan 1 01:04:56:393 2013 HPE TACACS/7/EVENT: PAM_TACACS: Processing TACACS authentication.
*Jan 1 01:04:56:393 2013 HPE TACACS/7/EVENT: PAM_TACACS: Processing TACACS authentication.
*Jan 1 01:04:56:393 2013 HPE TACACS/7/EVENT: PAM_TACACS: Reply message successfully sent.
*Jan 1 01:04:56:394 2013 HPE TACACS/7/EVENT: PAM_TACACS: Encapsulating authentication continue request packet.
*Jan 1 01:04:56:395 2013 HPE TACACS/7/EVENT: PAM_TACACS: Sending authentication continue request packet.
*Jan 1 01:04:56:395 2013 HPE TACACS/7/send_packet:
version: 0xc0 type: AUTHEN_CONTINUE seq_no: 3 flag: ENCRYPTED_FLAG
session-id: 0x1ccf48be
length of payload: 26
user_msg len: ****** data_len: 0 flags: CONTINUE AUTHEN
user_msg: ******
data:
*Jan 1 01:04:56:427 2013 HPE TACACS/7/EVENT: PAM_TACACS: Reply SocketFd received EPOLLIN event.
*Jan 1 01:04:56:428 2013 HPE TACACS/7/recv_packet:
version: 0xc0 type: AUTHEN_REPLY seq_no: 4 flag: ENCRYPTED_FLAG
session-id: 0x1ccf48be
length of payload: 6
status: STATUS_PASS flags: ECHO
server_msg len: 0 data len: 0
server_msg:
data:
*Jan 1 01:04:56:428 2013 HPE TACACS/7/EVENT: PAM_TACACS: Processing authentication reply packet.
*Jan 1 01:04:56:429 2013 HPE TACACS/7/EVENT: PAM_TACACS: Processing TACACS authentication.
*Jan 1 01:04:56:429 2013 HPE TACACS/7/EVENT: PAM_TACACS: TACACS authentication succeeded.
*Jan 1 01:04:56:432 2013 HPE TACACS/7/EVENT: PAM_TACACS: Reply message successfully sent.
*Jan 1 01:04:56:463 2013 HPE TACACS/7/EVENT: PAM_TACACS: Processing TACACS authorization.
*Jan 1 01:04:56:463 2013 HPE TACACS/7/EVENT: PAM_TACACS: Session successfully created.
*Jan 1 01:04:56:464 2013 HPE TACACS/7/EVENT: PAM_TACACS: Getting available server, server-ip=2.2.2.2, server-port=49, VPN instance=--(public).
*Jan 1 01:04:56:465 2013 HPE TACACS/7/EVENT: PAM_TACACS: Connecting to server...
*Jan 1 01:04:56:467 2013 HPE TACACS/7/EVENT: PAM_TACACS: Reply SocketFd received EPOLLOUT event.
*Jan 1 01:04:56:467 2013 HPE TACACS/7/EVENT: PAM_TACACS: Connection succeeded, server-ip=2.2.2.2, port=49, VPN instance=--(public).
*Jan 1 01:04:56:468 2013 HPE TACACS/7/EVENT: PAM_TACACS: Encapsulating authorization request packet.
*Jan 1 01:04:56:468 2013 HPE TACACS/7/send_packet:
version: 0xc0 type: AUTHOR_REQUEST seq_no: 1 flag: ENCRYPTED_FLAG
session-id: 0xd2673fcc
length of payload: 50
authen_method: TACACSPLUS priv_lvl: 0 authen_type: ASCII authen_service: LOGIN
user_len: 13 port_len: 0 rem_len: 10 arg_cnt: 2
arg0_len: 13 arg1_len: 4
user: ihor.hanichev
port:
rem_addr: (IP of my laptop)
arg0: service=shell arg1: cmd*
*Jan 1 01:04:56:478 2013 HPE TACACS/7/EVENT: PAM_TACACS: Reply SocketFd received EPOLLIN event.
*Jan 1 01:04:56:479 2013 HPE TACACS/7/recv_packet:
version: 0xc0 type: AUTHOR_REPLY seq_no: 2 flag: ENCRYPTED_FLAG
session-id: 0xd2673fcc
length of payload: 34
Status: STATUS_FAIL arg_cnt: 0 server_msg len: 28 data len: 0
server_msg: Tacacs authorization failed

 

Config
hwtacacs scheme softtek
primary authentication 2.2.2.2 key cipher ***************************************
primary authorization 2.2.2.2 key cipher ********************************************
secondary authentication 1.1.1.1 key cipher *******************************************
secondary authorization 1.1.1.1 key cipher **********************************************
user-name-format without-domain
nas-ip (IP of SW)
#
radius scheme softtek
primary authentication 2.2.2.2 key cipher ********************************************* weight 80
primary accounting 2.2.2.2 key cipher ************************************************ weight 80
secondary authentication 1.1.1.1 key cipher ************************************************ weight 80
secondary accounting 1.1.1.1 key cipher *************************************************** weight 80
user-name-format without-domain
nas-ip (IP of SW)
#
radius scheme system
user-name-format without-domain
#
domain local
authentication login local
authorization command local
#
domain softtek
authentication lan-access radius-scheme softtek
authorization lan-access radius-scheme softtek
accounting lan-access radius-scheme softtek
authentication default hwtacacs-scheme softtek
authorization default hwtacacs-scheme softtek
accounting default hwtacacs-scheme softtek none
#
domain system
#
domain default enable softtek
#

0 Kudos
Reply
1 REPLY 1
support_s
System Recommended

‎01-15-2024 08:22 PM

‎01-15-2024 08:22 PM

Query: TACACS not working on HP 5130 JG937A - Apollo system - 5130

Hello,

 

Thank you for Posting! HPE Networking forum has moved to Aruba Airheads Community and for HPE networking and Aruba product queries, request you to visit and post your query here.

 

You can refer to this link for more details.

Please click on "Thumbs Up/Kudo" icon to give a "Kudo".

 

Thank you for being a HPE valuable community member.


Accept or Kudo

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.