(RADIATOR) Problem with cisco router login authentication using TACACS

Ward, Josh JWard at csuchico.edu
Mon Mar 14 13:22:11 CST 2005


Hello,

I'm having a problem getting our Cisco routers to do login
authentication using radiator and TACACS.  All of our switches are doing
TACACS authentication without a problem, but I am having problems
getting it running on any of our routers.

Here is the error message(s) I get when trying to log in to a TACACS+
configured router:
Mon Mar 14 11:07:06 2005: WARNING: TacacsplusConnection unknown
authentication action 173, type 107. Bad encryption Key?
Mon Mar 14 11:07:44 2005: WARNING: TacacsplusConnection unknown
authentication action 252, type 123. Bad encryption Key?
Mon Mar 14 11:08:18 2005: WARNING: TacacsplusConnection unknown
authentication action 20, type 188. Bad encryption Key?
Mon Mar 14 11:08:22 2005: WARNING: TacacsplusConnection unknown
authentication action 121, type 186. Bad encryption Key?
Mon Mar 14 11:08:25 2005: WARNING: TacacsplusConnection unknown
authentication action 103, type 182. Bad encryption Key?

I know that the encryption key is set the same as it is on our IOS based
switches, and they seem to be working fine.

Here is the relevant configuration from our radius server:
<ServerTACACSPLUS>
        Key *******
</Server>
<Realm DEFAULT>
        #AuthByPolicy ContinueUntilAccept
        <AuthBy FILE>
                Filename /etc/radiator/users
                NoDefaultIfFound
        </AuthBy>
</Realm>

And the configuration from one of our routers:
aaa new-model
aaa authentication login default group tacacs+ local
tacacs-server host 132.241.x.x key ******

Seems pretty straight forward to me.  The same configuration works great
on our IOS based switches, but the routers do not want to cooperate.  I
have most of my routers doing radius authentication.  However, some of
our routers for one reason of another do not support radius.

Any help would be appreciated.

Thanks!!!

-Josh
Network Analyst - Network Operations
California State University, Chico

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list