AAA Authorization error with Cisco and HP iMC TAM (Tacacs+ Server)

GuillaumeE · ‎01-05-2018

Hi,

I'm having some trouble getting AAA authorization working on my Cisco 2960G using HP iMC TACACS+ module. I'm using iMC v7.3.

The config command failing is :

aaa authorization commands 15 default group MYGROUP local

The debug output of "debug aaa author " is :

AAA/AUTHOR (915254943): Post authorization status = ERROR

Also, everything regarding authen and accounting works fine.

I didn't watch the iMC TAM logs yet, if there is any. But if anyone has an idea ...

Thanks for your help.

GuillaumeE · ‎01-05-2018

Here is the full TAM log in debug level :

% 2018-01-05 15:04:04 ; [WARNING (2)] ; [4064271168] ; TAM ; $SYS$ ; (NULL) ; (NULL) ; (NULL) ; Invalid Message Length(headlength = 0).

Here is the full IOS log :

*Mar 2 03:34:28.980: AAA: parse name=tty1 idb type=-1 tty=-1
*Mar 2 03:34:28.980: AAA: name=tty1 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=1 channel=0
*Mar 2 03:34:28.980: AAA/MEMORY: create_user (0x36E2AFC) user='admin' ruser='SWITCH1' ds0=0 port='tty1' rem_addr='192.168.10.25' authen_type=ASCII service=NONE priv=15 initial_task_id='0', vrf= (id=0)
*Mar 2 03:34:28.980: tty1 AAA/AUTHOR/CMD (4228447960): Port='tty1' list='' service=CMD
*Mar 2 03:34:28.980: AAA/AUTHOR/CMD: tty1 (4228447960) user='admin'
*Mar 2 03:34:28.980: tty1 AAA/AUTHOR/CMD (4228447960): send AV service=shell
*Mar 2 03:34:28.980: tty1 AAA/AUTHOR/CMD (4228447960): send AV cmd=configure
*Mar 2 03:34:28.980: tty1 AAA/AUTHOR/CMD (4228447960): send AV cmd-arg=terminal
*Mar 2 03:34:28.980: tty1 AAA/AUTHOR/CMD (4228447960): send AV cmd-arg=<cr>
*Mar 2 03:34:28.980: tty1 AAA/AUTHOR/CMD (4228447960): found list "default"
*Mar 2 03:34:28.980: tty1 AAA/AUTHOR/CMD (4228447960): Method=TACACS-GRP (tacacs+)
*Mar 2 03:34:28.980: AAA/AUTHOR/TAC+: (4228447960): user=admin
*Mar 2 03:34:28.980: AAA/AUTHOR/TAC+: (4228447960): send AV service=shell
*Mar 2 03:34:28.980: AAA/AUTHOR/TAC+: (4228447960): send AV cmd=configure
*Mar 2 03:34:28.980: AAA/AUTHOR/TAC+: (4228447960): send AV cmd-arg=terminal
*Mar 2 03:34:28.980: AAA/AUTHOR/TAC+: (4228447960): send AV cmd-arg=<cr>
*Mar 2 03:34:28.980: AAA/AUTHOR (4228447960): Post authorization status = ERROR
*Mar 2 03:34:28.980: tty1 AAA/AUTHOR/CMD (4228447960): Method=LOCAL
*Mar 2 03:34:28.980: AAA/AUTHOR/LOCAL: no entry for admin
*Mar 2 03:34:28.980: AAA/AUTHOR (4228447960): Post authorization status = ERROR
*Mar 2 03:34:28.980: tty1 AAA/AUTHOR/CMD (4228447960): Method=NONE
*Mar 2 03:34:28.980: AAA/AUTHOR (4228447960): Post authorization status = PASS_ADD
*Mar 2 03:34:28.980: AAA/MEMORY: free_user (0x36E2AFC) user='admin' ruser='SWITCH1' port='tty1' rem_addr='192.168.10.25' authen_type=ASCII service=NONE priv=15

GuillaumeE · ‎01-09-2018

Hi,

Problem was solved by replacing the switch. Works fine in fact, switch was defective.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

AAA Authorization error with Cisco and HP iMC TAM (Tacacs+ Server)

AAA Authorization error with Cisco and HP iMC TAM (Tacacs+ Server)

Re: AAA Authorization error with Cisco and HP iMC TAM (Tacacs+ Server)

Re: AAA Authorization error with Cisco and HP iMC TAM (Tacacs+ Server)