Security

last person joined: 9 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

CPPM stating all users are entering incorrect passwords when using Tacacs but passwords are corrrect

  • 1.  CPPM stating all users are entering incorrect passwords when using Tacacs but passwords are corrrect

    Posted Apr 23, 2020 07:29 AM

    Hi

     

    We are using CPPM 6.6.7.96909.  We have just had a issue where everyone who tried to log onto devices which are authenticated using tacacs they were rejected with the following error message:

     

     Authentication Request Messages 

    Error Category:
    Authentication failure
    Error Code:
    Password mismatch
     Alerts for this Request :
    Tacacs serverIncorrect password for user='#*******' @ ARG(********).
    Failed to authenticate user=#*****

    The passwords that were entered were correct.  A few users and I were able to log onto other devices that don't use tacacs (server) with the same credentials.  We resolved the issue by clearing the cache on the auth source but I can't find what the original cause of the issue is.

     

    Has anyone encountered this issue before?  Do you know what caused it? And is there a permanent fix for it?

     

    Thanks,

    Sean



  • 2.  RE: CPPM stating all users are entering incorrect passwords when using Tacacs but passwords are corrrect

    Posted Apr 23, 2020 09:13 AM

    Can you provide logs from Access Tracker for the failed cases?

    Usually analyzing in details the Input tab, you can find the case why it happened. Please provide some more information from Access Tracker and maybe we can check.



  • 3.  RE: CPPM stating all users are entering incorrect passwords when using Tacacs but passwords are corrrect

    Posted Apr 23, 2020 09:28 AM
      |   view attached

    Hi,

     

    Is this what you're looking for? (See attached)

    Attachment(s)

    txt
    CPPM.txt   609 B 1 version


  • 4.  RE: CPPM stating all users are entering incorrect passwords when using Tacacs but passwords are corrrect

    Posted Apr 23, 2020 09:53 AM

    Actually i wanted a Print Screen from the Access Tracker page, and pressing on a Failed Use case for Tacacs+ on the input tab.

     

    Example:

    shpat_0-1587649777480.png

     

    So a print screen of the information on the Input tab would be good to have so i can give it a check.

     



  • 5.  RE: CPPM stating all users are entering incorrect passwords when using Tacacs but passwords are corrrect

    Posted Apr 23, 2020 10:03 AM

    Ah OK,

     

    Please see attached.  I have taken screen shots on all tabs.  See attached.

     

    It doesn't give you much information



  • 6.  RE: CPPM stating all users are entering incorrect passwords when using Tacacs but passwords are corrrect

    Posted Apr 23, 2020 10:19 AM

    You have an @ Argument.

     

    I suppose you are trying to authenticate using AD.  

    Can you go the TACACS service and under the Authentication Tab, you have an option "Strip Username Rules". 

    Try to do the following: 

    shpat_0-1587651462147.png

     

    And, when trying to login on the Network Device, try just:
    username [Without the @domain]

    password

     

     



  • 7.  RE: CPPM stating all users are entering incorrect passwords when using Tacacs but passwords are corrrect

    Posted May 04, 2020 06:02 AM

    Hi

     

    Did you have the issue solved?



  • 8.  RE: CPPM stating all users are entering incorrect passwords when using Tacacs but passwords are corrrect

    Posted May 04, 2020 06:05 AM

    Hi,

     

    Yes.  We think it's a bug with the version (6.6.7.96909).  Rebooting the server solved the issue.