(RADIATOR) Problem with cisco router login authentication using TACACS

Hugh Irvine hugh at open.com.au
Mon Mar 14 15:42:53 CST 2005 

Hello Josh -

Could you please send me a trace 4 debug from Radiator showing a TACACS 
request both  from a switch and from a router.

regards

Hugh


On 14 Mar 2005, at 20:22, Ward, Josh wrote:

> Hello,
>
> I'm having a problem getting our Cisco routers to do login
> authentication using radiator and TACACS.  All of our switches are 
> doing
> TACACS authentication without a problem, but I am having problems
> getting it running on any of our routers.
>
> Here is the error message(s) I get when trying to log in to a TACACS+
> configured router:
> Mon Mar 14 11:07:06 2005: WARNING: TacacsplusConnection unknown
> authentication action 173, type 107. Bad encryption Key?
> Mon Mar 14 11:07:44 2005: WARNING: TacacsplusConnection unknown
> authentication action 252, type 123. Bad encryption Key?
> Mon Mar 14 11:08:18 2005: WARNING: TacacsplusConnection unknown
> authentication action 20, type 188. Bad encryption Key?
> Mon Mar 14 11:08:22 2005: WARNING: TacacsplusConnection unknown
> authentication action 121, type 186. Bad encryption Key?
> Mon Mar 14 11:08:25 2005: WARNING: TacacsplusConnection unknown
> authentication action 103, type 182. Bad encryption Key?
>
> I know that the encryption key is set the same as it is on our IOS 
> based
> switches, and they seem to be working fine.
>
> Here is the relevant configuration from our radius server:
> <ServerTACACSPLUS>
>         Key *******
> </Server>
> <Realm DEFAULT>
>         #AuthByPolicy ContinueUntilAccept
>         <AuthBy FILE>
>                 Filename /etc/radiator/users
>                 NoDefaultIfFound
>         </AuthBy>
> </Realm>
>
> And the configuration from one of our routers:
> aaa new-model
> aaa authentication login default group tacacs+ local
> tacacs-server host 132.241.x.x key ******
>
> Seems pretty straight forward to me.  The same configuration works 
> great
> on our IOS based switches, but the routers do not want to cooperate.  I
> have most of my routers doing radius authentication.  However, some of
> our routers for one reason of another do not support radius.
>
> Any help would be appreciated.
>
> Thanks!!!
>
> -Josh
> Network Analyst - Network Operations
> California State University, Chico
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: I am travelling this week, so there may be delays in our 
correspondence.

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list