Wireless Access

Reply
Occasional Contributor II
Posts: 22
Registered: ‎09-16-2013

Auth server did not reply in time or auth module is too busy using aruba

Hi,

we have a aruba controller 3200 and we configured the tacacs authentication to aruba CPPM. We already properly configured the keys and the other parameters in both controller and CPPM but when I do aaa test-server pap [CPPM server name] [username] [password] this error will came up "Auth server did not reply in time or auth module is too busy using aruba" Can somebody has same exprience this kind of issue? We have a lot of controllers authentication tacacs to CPPM but this controller has an issue like this.

Guru Elite
Posts: 21,491
Registered: ‎03-29-2007

Re: Auth server did not reply in time or auth module is too busy using aruba

I would look in Monitoring>  Event Viewer on ClearPass to see if possibly CPPM is discarding it for some reason:

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 22
Registered: ‎09-16-2013

Re: Auth server did not reply in time or auth module is too busy using aruba

Hi,

 

Yes I already check the CPPM but it doestn't came up any logs from there.

Guru Elite
Posts: 21,491
Registered: ‎03-29-2007

Re: Auth server did not reply in time or auth module is too busy using aruba

[ Edited ]

Do you have a TACACS service configured on CPPM to service the TACACS request?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 22
Registered: ‎09-16-2013

Re: Auth server did not reply in time or auth module is too busy using aruba

Yes, we already configured the Tacacs parameters in the CPPM side. But we cannot see any logs from this controller to the CPPM Access Tracker.

Guru Elite
Posts: 21,491
Registered: ‎03-29-2007

Re: Auth server did not reply in time or auth module is too busy using aruba

Is the controller already pointed to that CPPM server to do radius authentication?  Is the CPPM working for other services on that controller?  Is there a firewall between the controller and CPPM (TACACS uses port TCP 49).?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 22
Registered: ‎09-16-2013

Re: Auth server did not reply in time or auth module is too busy using aruba

yes controller already pointed to CPPM server properly. CPPM work very well in other controller that we manage. Raduis authentication test from controller to CPPM radius is good. Yes there is a firewall between the controller and the CCPM server. But our firewall team says that they didn't block in the firewall side for the Tacacs traffic.

Guru Elite
Posts: 21,491
Registered: ‎03-29-2007

Re: Auth server did not reply in time or auth module is too busy using aruba

Okay.  Then the firewall team should be able to see the TACACS request coming through or being blocked.  Please work with them to see if they see it coming through or not.  If it is not coming through, we need to do a packet capture on the controller's port to see what is being sent.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 22
Registered: ‎09-16-2013

Re: Auth server did not reply in time or auth module is too busy using aruba

ok thanks I will work in the firewall team for that. I will make update on this post once the firewall team will done checking their part.

Super Contributor II
Posts: 358
Registered: ‎02-22-2011

Re: Auth server did not reply in time or auth module is too busy using aruba

is the tacacs key correct on the controller / clearpass device list?

Search Airheads
Showing results for 
Search instead for 
Did you mean: