Hi All,
I'm trying to integrate tacacs+ on linux with IAP cluster(6.4.2.6-4.1.1.11_52666). I have following problems, any help is appreciated.
1, tacacs+ requests are not sent to the server thru IAP's virtual ip. The master AP sends tacacs requests with its local ip, but for Radius, it is sent thru virtual ip!!!.
2, even with correct password, login fails. Are there any additional attributes that need to be returned back to IAP ?.
tacacs server logs.
Nov 23 11:57:48 tftpsrv tac_plus[5285]: connect from 172.16.6.59 [172.16.6.59]
Nov 23 11:57:48 tftpsrv tac_plus[5285]: login failure: read.only 172.16.6.59 (172.16.6.59) tty0
telnet error.
Login incorrect, reason code 7
tacacs user config. I tried with both commented options without any success.
user = read.only {
login = cleartext n3tw0rk
#member = deviceadmin
#service = shell { roles = read-only }
service = exec { priv-lvl = 15 }
}
group = deviceadmin {
default service = permit
service = exec { priv-lvl = 15 }
}
Thanks,
Eby