I'm trying to log in to a 2930F switch running WC.10.16.10 fiimware using a DUO proxy server and cppm 6.8.6
What I've done is
1). Create a cppm TACACS service ( TACACS Service .png)
2). Create an enforcement policy that sends back a priv level (priv level.png)
3). configure switch
tacacs-server host 144.32.230.6 key "myKey"
tacacs-server host 144.32.128.85 key "myKey"
tacacs-server timeout 30
aaa authentication login privilege-mode
aaa authentication telnet login tacacs
aaa authentication telnet enable tacacs
so I can ssh to it via RADIUS (normal way) and telnet to it via TACACS
4). Create a DUO service that does the PAP based user auth
So from my test CLI I can do
telnet <ip address>
enter username/password stuff
I can see duo authenticating the password successfully and then the "final" accept that goes back to the switch fails (duo sequence).
Looking at the Alert (session alerts) I've tried changing the priv level to 0 and 1 but doesn't seem to make any difference to the error message I get back.
So which part of the confgi is wrong ? The basic sequence is correct, j