Hi, I have a problem with TACACS on SW 5130 JG937A version 7.1.070, Release 3507, in clearpass I see authentication accepted, but in logs I see error, but I don't understand what is going on.
Log
1 01:04:56:366 2013 HPE TACACS/7/EVENT: PAM_TACACS: Processing TACACS authentication.
*Jan 1 01:04:56:366 2013 HPE TACACS/7/EVENT: PAM_TACACS: Session successfully created.
*Jan 1 01:04:56:367 2013 HPE TACACS/7/EVENT: PAM_TACACS: Getting available server, server-ip=2.2.2.2, server-port=49, VPN instance=--(public).
*Jan 1 01:04:56:368 2013 HPE TACACS/7/EVENT: PAM_TACACS: Connecting to server...
*Jan 1 01:04:56:371 2013 HPE TACACS/7/EVENT: PAM_TACACS: Reply SocketFd received EPOLLOUT event.
*Jan 1 01:04:56:372 2013 HPE TACACS/7/EVENT: PAM_TACACS: Connection succeeded, server-ip=2.2.2.2, port=49, VPN instance=--(public).
*Jan 1 01:04:56:372 2013 HPE TACACS/7/EVENT: PAM_TACACS: Encapsulating authentication request packet.
*Jan 1 01:04:56:373 2013 HPE TACACS/7/send_packet:
version: 0xc0 type: AUTHEN_REQUEST seq_no: 1 flag: ENCRYPTED_FLAG
session-id: 0x1ccf48be
length of payload: 52
action: LOGIN priv_lvl: 0 authen_type: ASCII service: LOGIN
user_len: 13 port_len: 0 rem_len: 10 data_len: 21
user: ihor.hanichev
port:
rem_addr: (IP of my laptop)
data: ******
*Jan 1 01:04:56:388 2013 HPE TACACS/7/EVENT: PAM_TACACS: Reply SocketFd received EPOLLIN event.
*Jan 1 01:04:56:392 2013 HPE TACACS/7/recv_packet:
version: 0xc0 type: AUTHEN_REPLY seq_no: 2 flag: ENCRYPTED_FLAG
session-id: 0x1ccf48be
length of payload: 16
status: STATUS_GETPASS flags: NOECHO
server_msg len: 10 data len: 0
server_msg: Password:
data:
*Jan 1 01:04:56:392 2013 HPE TACACS/7/EVENT: PAM_TACACS: Processing authentication reply packet.
*Jan 1 01:04:56:393 2013 HPE TACACS/7/EVENT: PAM_TACACS: Processing TACACS authentication.
*Jan 1 01:04:56:393 2013 HPE TACACS/7/EVENT: PAM_TACACS: Processing TACACS authentication.
*Jan 1 01:04:56:393 2013 HPE TACACS/7/EVENT: PAM_TACACS: Reply message successfully sent.
*Jan 1 01:04:56:394 2013 HPE TACACS/7/EVENT: PAM_TACACS: Encapsulating authentication continue request packet.
*Jan 1 01:04:56:395 2013 HPE TACACS/7/EVENT: PAM_TACACS: Sending authentication continue request packet.
*Jan 1 01:04:56:395 2013 HPE TACACS/7/send_packet:
version: 0xc0 type: AUTHEN_CONTINUE seq_no: 3 flag: ENCRYPTED_FLAG
session-id: 0x1ccf48be
length of payload: 26
user_msg len: ****** data_len: 0 flags: CONTINUE AUTHEN
user_msg: ******
data:
*Jan 1 01:04:56:427 2013 HPE TACACS/7/EVENT: PAM_TACACS: Reply SocketFd received EPOLLIN event.
*Jan 1 01:04:56:428 2013 HPE TACACS/7/recv_packet:
version: 0xc0 type: AUTHEN_REPLY seq_no: 4 flag: ENCRYPTED_FLAG
session-id: 0x1ccf48be
length of payload: 6
status: STATUS_PASS flags: ECHO
server_msg len: 0 data len: 0
server_msg:
data:
*Jan 1 01:04:56:428 2013 HPE TACACS/7/EVENT: PAM_TACACS: Processing authentication reply packet.
*Jan 1 01:04:56:429 2013 HPE TACACS/7/EVENT: PAM_TACACS: Processing TACACS authentication.
*Jan 1 01:04:56:429 2013 HPE TACACS/7/EVENT: PAM_TACACS: TACACS authentication succeeded.
*Jan 1 01:04:56:432 2013 HPE TACACS/7/EVENT: PAM_TACACS: Reply message successfully sent.
*Jan 1 01:04:56:463 2013 HPE TACACS/7/EVENT: PAM_TACACS: Processing TACACS authorization.
*Jan 1 01:04:56:463 2013 HPE TACACS/7/EVENT: PAM_TACACS: Session successfully created.
*Jan 1 01:04:56:464 2013 HPE TACACS/7/EVENT: PAM_TACACS: Getting available server, server-ip=2.2.2.2, server-port=49, VPN instance=--(public).
*Jan 1 01:04:56:465 2013 HPE TACACS/7/EVENT: PAM_TACACS: Connecting to server...
*Jan 1 01:04:56:467 2013 HPE TACACS/7/EVENT: PAM_TACACS: Reply SocketFd received EPOLLOUT event.
*Jan 1 01:04:56:467 2013 HPE TACACS/7/EVENT: PAM_TACACS: Connection succeeded, server-ip=2.2.2.2, port=49, VPN instance=--(public).
*Jan 1 01:04:56:468 2013 HPE TACACS/7/EVENT: PAM_TACACS: Encapsulating authorization request packet.
*Jan 1 01:04:56:468 2013 HPE TACACS/7/send_packet:
version: 0xc0 type: AUTHOR_REQUEST seq_no: 1 flag: ENCRYPTED_FLAG
session-id: 0xd2673fcc
length of payload: 50
authen_method: TACACSPLUS priv_lvl: 0 authen_type: ASCII authen_service: LOGIN
user_len: 13 port_len: 0 rem_len: 10 arg_cnt: 2
arg0_len: 13 arg1_len: 4
user: ihor.hanichev
port:
rem_addr: (IP of my laptop)
arg0: service=shell arg1: cmd*
*Jan 1 01:04:56:478 2013 HPE TACACS/7/EVENT: PAM_TACACS: Reply SocketFd received EPOLLIN event.
*Jan 1 01:04:56:479 2013 HPE TACACS/7/recv_packet:
version: 0xc0 type: AUTHOR_REPLY seq_no: 2 flag: ENCRYPTED_FLAG
session-id: 0xd2673fcc
length of payload: 34
Status: STATUS_FAIL arg_cnt: 0 server_msg len: 28 data len: 0
server_msg: Tacacs authorization failed
Config
hwtacacs scheme softtek
primary authentication 2.2.2.2 key cipher ***************************************
primary authorization 2.2.2.2 key cipher ********************************************
secondary authentication 1.1.1.1 key cipher *******************************************
secondary authorization 1.1.1.1 key cipher **********************************************
user-name-format without-domain
nas-ip (IP of SW)
#
radius scheme softtek
primary authentication 2.2.2.2 key cipher ********************************************* weight 80
primary accounting 2.2.2.2 key cipher ************************************************ weight 80
secondary authentication 1.1.1.1 key cipher ************************************************ weight 80
secondary accounting 1.1.1.1 key cipher *************************************************** weight 80
user-name-format without-domain
nas-ip (IP of SW)
#
radius scheme system
user-name-format without-domain
#
domain local
authentication login local
authorization command local
#
domain softtek
authentication lan-access radius-scheme softtek
authorization lan-access radius-scheme softtek
accounting lan-access radius-scheme softtek
authentication default hwtacacs-scheme softtek
authorization default hwtacacs-scheme softtek
accounting default hwtacacs-scheme softtek none
#
domain system
#
domain default enable softtek
#