[tac_plus] Re: Default PAM authentication possible?
David Croft
david at infotrek.co.uk
Mon Jul 9 21:56:35 UTC 2007
On 09/07/07, john heasley <heas at shrubbery.net> wrote:
> did it prompt for a password or did it just fail immediately after the
> username prompt?
When I ssh to the server, it prompts for a password. No TACACS+
request is sent to tac_plus until I have entered the password. Here's
the full debugging output when I do so:
Mon Jul 9 22:39:58 2007 [18535]: session.peerip is 213.12.21.71
Mon Jul 9 22:39:58 2007 [18535]: session request from 213.12.21.71 sock=2
Mon Jul 9 22:39:58 2007 [18581]: connect from 213.12.21.71 [213.12.21.71]
Mon Jul 9 22:39:58 2007 [18581]: Waiting for packet
Mon Jul 9 22:39:58 2007 [18581]: cfg_get_hvalue: name=213.12.21.71 attr=key
Mon Jul 9 22:39:58 2007 [18581]: cfg_get_hvalue: no host named 213.12.21.71
Mon Jul 9 22:39:58 2007 [18581]: cfg_get_phvalue: returns NULL
Mon Jul 9 22:39:58 2007 [18581]: Read AUTHEN/START size=41
Mon Jul 9 22:39:58 2007 [18581]: validation request from 213.12.21.71
Mon Jul 9 22:39:58 2007 [18581]: PACKET: key=<MY TACACS+ KEY>
Mon Jul 9 22:39:58 2007 [18581]: version 192 (0xc0), type 1, seq no
1, encryption 1
Mon Jul 9 22:39:58 2007 [18581]: session_id 1857822279 (0x6ebc1e47),
Data length 29 (0x1d)
Mon Jul 9 22:39:58 2007 [18581]: End header
Mon Jul 9 22:39:58 2007 [18581]: type=AUTHEN/START, priv_lvl = 1
Mon Jul 9 22:39:58 2007 [18581]: action=login
Mon Jul 9 22:39:58 2007 [18581]: authen_type=ascii
Mon Jul 9 22:39:58 2007 [18581]: service=login
Mon Jul 9 22:39:58 2007 [18581]: user_len=5 port_len=4 (0x4),
rem_addr_len=12 (0xc)
Mon Jul 9 22:39:58 2007 [18581]: data_len=0
Mon Jul 9 22:39:58 2007 [18581]: User:
Mon Jul 9 22:39:58 2007 [18581]: david
Mon Jul 9 22:39:58 2007 [18581]: port:
Mon Jul 9 22:39:58 2007 [18581]: tty2
Mon Jul 9 22:39:58 2007 [18581]: rem_addr:
Mon Jul 9 22:39:58 2007 [18581]: 213.12.21.52
Mon Jul 9 22:39:58 2007 [18581]: data:
Mon Jul 9 22:39:58 2007 [18581]: End packet
Mon Jul 9 22:39:58 2007 [18581]: Authen Start request
Mon Jul 9 22:39:58 2007 [18581]: cfg_get_value: name=david isuser=1
attr=login rec=1
Mon Jul 9 22:39:58 2007 [18581]: cfg_get_value: no user/group named david
Mon Jul 9 22:39:58 2007 [18581]: cfg_get_pvalue: returns NULL
Mon Jul 9 22:39:58 2007 [18581]: choose_authen chose default_fn
Mon Jul 9 22:39:58 2007 [18581]: Calling authentication function
Mon Jul 9 22:39:58 2007 [18581]: cfg_get_value: name=david isuser=1
attr=nopassword rec=1
Mon Jul 9 22:39:58 2007 [18581]: cfg_get_value: no user/group named david
Mon Jul 9 22:39:58 2007 [18581]: cfg_get_intvalue: returns 0
Mon Jul 9 22:39:58 2007 [18581]: cfg_get_value: name=david isuser=1
attr=login rec=1
Mon Jul 9 22:39:58 2007 [18581]: cfg_get_value: no user/group named david
Mon Jul 9 22:39:58 2007 [18581]: cfg_get_pvalue: returns NULL
Mon Jul 9 22:39:58 2007 [18581]: Writing AUTHEN/GETPASS size=28
Mon Jul 9 22:39:58 2007 [18581]: PACKET: key=<MY TACACS+ KEY>
Mon Jul 9 22:39:58 2007 [18581]: version 192 (0xc0), type 1, seq no
2, encryption 1
Mon Jul 9 22:39:58 2007 [18581]: session_id 1857822279 (0x6ebc1e47),
Data length 16 (0x10)
Mon Jul 9 22:39:58 2007 [18581]: End header
Mon Jul 9 22:39:58 2007 [18581]: type=AUTHEN status=5
(AUTHEN/GETPASS) flags=0x1
Mon Jul 9 22:39:58 2007 [18581]: msg_len=10, data_len=0
Mon Jul 9 22:39:58 2007 [18581]: msg:
Mon Jul 9 22:39:58 2007 [18581]: Password:
Mon Jul 9 22:39:58 2007 [18581]: data:
Mon Jul 9 22:39:58 2007 [18581]: End packet
Mon Jul 9 22:39:58 2007 [18581]: cfg_get_hvalue: name=213.12.21.71 attr=key
Mon Jul 9 22:39:58 2007 [18581]: cfg_get_hvalue: no host named 213.12.21.71
Mon Jul 9 22:39:58 2007 [18581]: cfg_get_phvalue: returns NULL
Mon Jul 9 22:39:58 2007 [18581]: Waiting for packet
Mon Jul 9 22:39:59 2007 [18581]: cfg_get_hvalue: name=213.12.21.71 attr=key
Mon Jul 9 22:39:59 2007 [18581]: cfg_get_hvalue: no host named 213.12.21.71
Mon Jul 9 22:39:59 2007 [18581]: cfg_get_phvalue: returns NULL
Mon Jul 9 22:39:59 2007 [18581]: Read AUTHEN/CONT size=25
Mon Jul 9 22:39:59 2007 [18581]: PACKET: key=<MY TACACS+ KEY>
Mon Jul 9 22:39:59 2007 [18581]: version 192 (0xc0), type 1, seq no
3, encryption 1
Mon Jul 9 22:39:59 2007 [18581]: session_id 1857822279 (0x6ebc1e47),
Data length 13 (0xd)
Mon Jul 9 22:39:59 2007 [18581]: End header
Mon Jul 9 22:39:59 2007 [18581]: type=AUTHEN/CONT
Mon Jul 9 22:39:59 2007 [18581]: user_msg_len 8 (0x8), user_data_len 0 (0x0)
Mon Jul 9 22:39:59 2007 [18581]: flags=0x0
Mon Jul 9 22:39:59 2007 [18581]: User msg:
Mon Jul 9 22:39:59 2007 [18581]: <MY PASSWORD>
Mon Jul 9 22:39:59 2007 [18581]: User data:
Mon Jul 9 22:39:59 2007 [18581]: End packet
Mon Jul 9 22:39:59 2007 [18581]: cfg_get_value: name=david isuser=1
attr=login rec=1
Mon Jul 9 22:39:59 2007 [18581]: cfg_get_value: no user/group named david
Mon Jul 9 22:39:59 2007 [18581]: cfg_get_pvalue: returns NULL
Mon Jul 9 22:39:59 2007 [18581]: cfg_get_value: name=david isuser=1
attr=global rec=1
Mon Jul 9 22:39:59 2007 [18581]: cfg_get_value: no user/group named david
Mon Jul 9 22:39:59 2007 [18581]: cfg_get_pvalue: returns NULL
Mon Jul 9 22:39:59 2007 [18581]: Authenticating ACLs for user
'DEFAULT' instead of 'david'
Mon Jul 9 22:39:59 2007 [18581]: cfg_get_value: name=DEFAULT isuser=1
attr=acl rec=1
Mon Jul 9 22:39:59 2007 [18581]: cfg_get_pvalue: returns all
Mon Jul 9 22:39:59 2007 [18581]: cfg_acl_check(all, 213.12.21.71)
Mon Jul 9 22:39:59 2007 [18581]: ip 213.12.21.71 matched permit regex
.* of acl filter all
Mon Jul 9 22:39:59 2007 [18581]: login query for 'david' tty2 from
213.12.21.71 rejected
Mon Jul 9 22:39:59 2007 [18581]: login failure: david 213.12.21.71
(213.12.21.71) tty2
Mon Jul 9 22:39:59 2007 [18581]: Writing AUTHEN/FAIL size=18
Mon Jul 9 22:39:59 2007 [18581]: PACKET: key=<MY TACACS+ KEY>
Mon Jul 9 22:39:59 2007 [18581]: version 192 (0xc0), type 1, seq no
4, encryption 1
Mon Jul 9 22:39:59 2007 [18581]: session_id 1857822279 (0x6ebc1e47),
Data length 6 (0x6)
Mon Jul 9 22:39:59 2007 [18581]: End header
Mon Jul 9 22:39:59 2007 [18581]: type=AUTHEN status=2 (AUTHEN/FAIL) flags=0x0
Mon Jul 9 22:39:59 2007 [18581]: msg_len=0, data_len=0
Mon Jul 9 22:39:59 2007 [18581]: msg:
Mon Jul 9 22:39:59 2007 [18581]: data:
Mon Jul 9 22:39:59 2007 [18581]: End packet
Mon Jul 9 22:39:59 2007 [18581]: cfg_get_hvalue: name=213.12.21.71 attr=key
Mon Jul 9 22:39:59 2007 [18581]: cfg_get_hvalue: no host named 213.12.21.71
Mon Jul 9 22:39:59 2007 [18581]: cfg_get_phvalue: returns NULL
And here's the same from the cisco side (debug tacacs events)
.Jul 9 22:39:58.890 BST: TAC+: periodic timer started
.Jul 9 22:39:58.890 BST: TAC+: 213.12.21.52 req=47BD85D8 Qd
id=1857822279 ver=192 handle=0x0 expire=5 AUTHEN/START/LOGIN/ASCII
queued
.Jul 9 22:39:58.990 BST: TAC+: 213.12.21.52 id=1857822279 wrote 41 of 41 bytes
.Jul 9 22:39:58.990 BST: TAC+: 213.12.21.52 req=47BD85D8 Qd
id=1857822279 ver=192 handle=0x0 expire=4 AUTHEN/START/LOGIN/ASCII
sent
.Jul 9 22:39:58.990 BST: TAC+: Server 213.12.21.52 awaiting 1 replies
.Jul 9 22:39:58.990 BST: TAC+: 213.12.21.52 read END-OF-FILE
.Jul 9 22:39:58.990 BST: TAC+: Closing TCP/IP 0x47BD7C10 connection
to 213.12.21.52/49
.Jul 9 22:39:58.990 BST: TAC+: Opening TCP/IP to 213.12.21.52/49 timeout=5
.Jul 9 22:39:58.990 BST: TAC+: Opened TCP/IP handle 0x47BFFDE8 to
213.12.21.52/49 using source 213.12.21.71
.Jul 9 22:39:58.990 BST: TAC+: 213.12.21.52 partly processed START
req 47BD85D8 requeued after unexpected handle 0x47BD7C10 closure.
.Jul 9 22:39:59.090 BST: TAC+: 213.12.21.52 id=1857822279 wrote 41 of 41 bytes
.Jul 9 22:39:59.090 BST: TAC+: 213.12.21.52 req=47BD85D8 Tx
id=1857822279 ver=192 handle=0x0 expire=4 AUTHEN/START/LOGIN/ASCII
sent
.Jul 9 22:39:59.090 BST: TAC+: Server 213.12.21.52 awaiting 1 replies
.Jul 9 22:39:59.190 BST: TAC+: Server 213.12.21.52 awaiting 1 replies
.Jul 9 22:39:59.190 BST: TAC+: 213.12.21.52 read=12 wanted=12 alloc=55 got=12
.Jul 9 22:39:59.190 BST: TAC+: 213.12.21.52 read=28 wanted=28 alloc=55 got=16
.Jul 9 22:39:59.190 BST: TAC+: 213.12.21.52 received 28 byte reply
for 47BD85D8 id=1857822279
.Jul 9 22:39:59.190 BST: TAC+: req=47BD85D8 Tx id=1857822279 ver=192
handle=0x0 expire=4 AUTHEN/START/LOGIN/ASCII processed
.Jul 9 22:39:59.190 BST: TAC+: periodic timer stopped (queue empty)
.Jul 9 22:39:59.190 BST: TAC+: periodic timer started
.Jul 9 22:39:59.190 BST: TAC+: 213.12.21.52 req=47C00340 Qd
id=1857822279 ver=192 handle=0x0 expire=5 AUTHEN/CONT queued
.Jul 9 22:39:59.290 BST: TAC+: 213.12.21.52 id=1857822279 wrote 25 of 25 bytes
.Jul 9 22:39:59.290 BST: TAC+: 213.12.21.52 req=47C00340 Qd
id=1857822279 ver=192 handle=0x0 expire=4 AUTHEN/CONT sent
.Jul 9 22:39:59.290 BST: TAC+: Server 213.12.21.52 awaiting 1 replies
.Jul 9 22:39:59.390 BST: TAC+: Server 213.12.21.52 awaiting 1 replies
.Jul 9 22:39:59.390 BST: TAC+: 213.12.21.52 read=12 wanted=12 alloc=55 got=12
.Jul 9 22:39:59.390 BST: TAC+: 213.12.21.52 read=18 wanted=18 alloc=55 got=6
.Jul 9 22:39:59.390 BST: TAC+: 213.12.21.52 received 18 byte reply
for 47C00340 id=1857822279
.Jul 9 22:39:59.390 BST: TAC+: req=47C00340 Tx id=1857822279 ver=192
handle=0x0 expire=4 AUTHEN/CONT processed
.Jul 9 22:39:59.390 BST: TAC+: periodic timer stopped (queue empty)
.Jul 9 22:39:59.390 BST: TAC+: periodic timer started
.Jul 9 22:39:59.390 BST: TAC+: 213.12.21.52 req=47C00338 Qd
id=1857822279 ver=193 handle=0x0 expire=5 AUTHEN/CONT queued
.Jul 9 22:39:59.490 BST: TAC+: 213.12.21.52 id=1857822279 wrote 24 of 24 bytes
.Jul 9 22:39:59.490 BST: TAC+: 213.12.21.52 req=47C00338 Qd
id=1857822279 ver=193 handle=0x0 expire=4 AUTHEN/CONT sent
.Jul 9 22:39:59.490 BST: TAC+: req=47C00338 Tx id=1857822279 ver=193
handle=0x0 expire=4 AUTHEN/CONT processed
.Jul 9 22:39:59.490 BST: TAC+: periodic timer stopped (queue empty)
For comparison, here's what happens when I use the exec command
"login" - it is now in three parts -
Prior to entering username:
Mon Jul 9 22:49:05 2007 [18535]: session.peerip is 213.12.21.71
Mon Jul 9 22:49:05 2007 [18535]: session request from 213.12.21.71 sock=2
Mon Jul 9 22:49:05 2007 [18628]: connect from 213.12.21.71 [213.12.21.71]
Mon Jul 9 22:49:05 2007 [18628]: Waiting for packet
Mon Jul 9 22:49:05 2007 [18628]: cfg_get_hvalue: name=213.12.21.71 attr=key
Mon Jul 9 22:49:05 2007 [18628]: cfg_get_hvalue: no host named 213.12.21.71
Mon Jul 9 22:49:05 2007 [18628]: cfg_get_phvalue: returns NULL
Mon Jul 9 22:49:05 2007 [18628]: Read AUTHEN/START size=36
Mon Jul 9 22:49:05 2007 [18628]: validation request from 213.12.21.71
Mon Jul 9 22:49:05 2007 [18628]: PACKET: key=<MY TACACS+ KEY>
Mon Jul 9 22:49:05 2007 [18628]: version 192 (0xc0), type 1, seq no
1, encryption 1
Mon Jul 9 22:49:05 2007 [18628]: session_id 279968395 (0x10affa8b),
Data length 24 (0x18)
Mon Jul 9 22:49:05 2007 [18628]: End header
Mon Jul 9 22:49:05 2007 [18628]: type=AUTHEN/START, priv_lvl = 1
Mon Jul 9 22:49:05 2007 [18628]: action=login
Mon Jul 9 22:49:05 2007 [18628]: authen_type=ascii
Mon Jul 9 22:49:05 2007 [18628]: service=login
Mon Jul 9 22:49:05 2007 [18628]: user_len=0 port_len=4 (0x4),
rem_addr_len=12 (0xc)
Mon Jul 9 22:49:05 2007 [18628]: data_len=0
Mon Jul 9 22:49:05 2007 [18628]: User:
Mon Jul 9 22:49:05 2007 [18628]: port:
Mon Jul 9 22:49:05 2007 [18628]: tty1
Mon Jul 9 22:49:05 2007 [18628]: rem_addr:
Mon Jul 9 22:49:05 2007 [18628]: 213.12.21.53
Mon Jul 9 22:49:05 2007 [18628]: data:
Mon Jul 9 22:49:05 2007 [18628]: End packet
Mon Jul 9 22:49:05 2007 [18628]: Authen Start request
Mon Jul 9 22:49:05 2007 [18628]: choose_authen returns 1
Mon Jul 9 22:49:05 2007 [18628]: cfg_get_hvalue: name=213.12.21.71 attr=prompt
Mon Jul 9 22:49:05 2007 [18628]: cfg_get_hvalue: no host named 213.12.21.71
Mon Jul 9 22:49:05 2007 [18628]: cfg_get_phvalue: returns NULL
Mon Jul 9 22:49:05 2007 [18628]: Writing AUTHEN/GETUSER size=55
Mon Jul 9 22:49:05 2007 [18628]: PACKET: key=<MY TACACS+ KEY>
Mon Jul 9 22:49:05 2007 [18628]: version 192 (0xc0), type 1, seq no
2, encryption 1
Mon Jul 9 22:49:05 2007 [18628]: session_id 279968395 (0x10affa8b),
Data length 43 (0x2b)
Mon Jul 9 22:49:05 2007 [18628]: End header
Mon Jul 9 22:49:05 2007 [18628]: type=AUTHEN status=4
(AUTHEN/GETUSER) flags=0x0
Mon Jul 9 22:49:05 2007 [18628]: msg_len=37, data_len=0
Mon Jul 9 22:49:05 2007 [18628]: msg:
Mon Jul 9 22:49:05 2007 [18628]: 0xa User Access Verification 0xa
0xa Username:
Mon Jul 9 22:49:05 2007 [18628]: data:
Mon Jul 9 22:49:05 2007 [18628]: End packet
Mon Jul 9 22:49:05 2007 [18628]: cfg_get_hvalue: name=213.12.21.71 attr=key
Mon Jul 9 22:49:05 2007 [18628]: cfg_get_hvalue: no host named 213.12.21.71
Mon Jul 9 22:49:05 2007 [18628]: cfg_get_phvalue: returns NULL
Mon Jul 9 22:49:05 2007 [18628]: Waiting for packet
[enter username]
Mon Jul 9 22:49:10 2007 [18628]: cfg_get_hvalue: name=213.12.21.71 attr=key
Mon Jul 9 22:49:10 2007 [18628]: cfg_get_hvalue: no host named 213.12.21.71
Mon Jul 9 22:49:10 2007 [18628]: cfg_get_phvalue: returns NULL
Mon Jul 9 22:49:10 2007 [18628]: Read AUTHEN/CONT size=28
Mon Jul 9 22:49:10 2007 [18628]: PACKET: key=<MY TACACS+ KEY>
Mon Jul 9 22:49:10 2007 [18628]: version 192 (0xc0), type 1, seq no
3, encryption 1
Mon Jul 9 22:49:10 2007 [18628]: session_id 279968395 (0x10affa8b),
Data length 16 (0x10)
Mon Jul 9 22:49:10 2007 [18628]: End header
Mon Jul 9 22:49:10 2007 [18628]: type=AUTHEN/CONT
Mon Jul 9 22:49:10 2007 [18628]: user_msg_len 11 (0xb), user_data_len 0 (0x0)
Mon Jul 9 22:49:10 2007 [18628]: flags=0x0
Mon Jul 9 22:49:10 2007 [18628]: User msg:
Mon Jul 9 22:49:10 2007 [18628]: david.croft
Mon Jul 9 22:49:10 2007 [18628]: User data:
Mon Jul 9 22:49:10 2007 [18628]: End packet
Mon Jul 9 22:49:10 2007 [18628]: cfg_get_value: name=david.croft
isuser=1 attr=login rec=1
Mon Jul 9 22:49:10 2007 [18628]: cfg_get_value: no user/group named david.croft
Mon Jul 9 22:49:10 2007 [18628]: cfg_get_pvalue: returns NULL
Mon Jul 9 22:49:10 2007 [18628]: choose_authen chose default_fn
Mon Jul 9 22:49:10 2007 [18628]: Calling authentication function
Mon Jul 9 22:49:10 2007 [18628]: cfg_get_value: name=david.croft
isuser=1 attr=nopassword rec=1
Mon Jul 9 22:49:10 2007 [18628]: cfg_get_value: no user/group named david.croft
Mon Jul 9 22:49:10 2007 [18628]: cfg_get_intvalue: returns 0
Mon Jul 9 22:49:10 2007 [18628]: cfg_get_value: name=david.croft
isuser=1 attr=login rec=1
Mon Jul 9 22:49:10 2007 [18628]: cfg_get_value: no user/group named david.croft
Mon Jul 9 22:49:10 2007 [18628]: cfg_get_pvalue: returns NULL
Mon Jul 9 22:49:10 2007 [18628]: Writing AUTHEN/GETPASS size=28
Mon Jul 9 22:49:10 2007 [18628]: PACKET: key=<MY TACACS+ KEY>
Mon Jul 9 22:49:10 2007 [18628]: version 192 (0xc0), type 1, seq no
4, encryption 1
Mon Jul 9 22:49:10 2007 [18628]: session_id 279968395 (0x10affa8b),
Data length 16 (0x10)
Mon Jul 9 22:49:10 2007 [18628]: End header
Mon Jul 9 22:49:10 2007 [18628]: type=AUTHEN status=5
(AUTHEN/GETPASS) flags=0x1
Mon Jul 9 22:49:10 2007 [18628]: msg_len=10, data_len=0
Mon Jul 9 22:49:10 2007 [18628]: msg:
Mon Jul 9 22:49:10 2007 [18628]: Password:
Mon Jul 9 22:49:10 2007 [18628]: data:
Mon Jul 9 22:49:10 2007 [18628]: End packet
Mon Jul 9 22:49:10 2007 [18628]: cfg_get_hvalue: name=213.12.21.71 attr=key
Mon Jul 9 22:49:10 2007 [18628]: cfg_get_hvalue: no host named 213.12.21.71
Mon Jul 9 22:49:10 2007 [18628]: cfg_get_phvalue: returns NULL
Mon Jul 9 22:49:10 2007 [18628]: Waiting for packet
[enter password]
Mon Jul 9 22:49:14 2007 [18628]: cfg_get_hvalue: name=213.12.21.71 attr=key
Mon Jul 9 22:49:14 2007 [18628]: cfg_get_hvalue: no host named 213.12.21.71
Mon Jul 9 22:49:14 2007 [18628]: cfg_get_phvalue: returns NULL
Mon Jul 9 22:49:14 2007 [18628]: Read AUTHEN/CONT size=25
Mon Jul 9 22:49:14 2007 [18628]: PACKET: key=<MY TACACS+ KEY>
Mon Jul 9 22:49:14 2007 [18628]: version 192 (0xc0), type 1, seq no
5, encryption 1
Mon Jul 9 22:49:14 2007 [18628]: session_id 279968395 (0x10affa8b),
Data length 13 (0xd)
Mon Jul 9 22:49:14 2007 [18628]: End header
Mon Jul 9 22:49:14 2007 [18628]: type=AUTHEN/CONT
Mon Jul 9 22:49:14 2007 [18628]: user_msg_len 8 (0x8), user_data_len 0 (0x0)
Mon Jul 9 22:49:14 2007 [18628]: flags=0x0
Mon Jul 9 22:49:14 2007 [18628]: User msg:
Mon Jul 9 22:49:14 2007 [18628]: <MY PASSWORD>
Mon Jul 9 22:49:14 2007 [18628]: User data:
Mon Jul 9 22:49:14 2007 [18628]: End packet
Mon Jul 9 22:49:14 2007 [18628]: cfg_get_value: name=david.croft
isuser=1 attr=login rec=1
Mon Jul 9 22:49:14 2007 [18628]: cfg_get_value: no user/group named david.croft
Mon Jul 9 22:49:14 2007 [18628]: cfg_get_pvalue: returns NULL
Mon Jul 9 22:49:14 2007 [18628]: cfg_get_value: name=david.croft
isuser=1 attr=global rec=1
Mon Jul 9 22:49:14 2007 [18628]: cfg_get_value: no user/group named david.croft
Mon Jul 9 22:49:14 2007 [18628]: cfg_get_pvalue: returns NULL
Mon Jul 9 22:49:14 2007 [18628]: Authenticating ACLs for user
'DEFAULT' instead of 'david.croft'
Mon Jul 9 22:49:14 2007 [18628]: cfg_get_value: name=DEFAULT isuser=1
attr=acl rec=1
Mon Jul 9 22:49:14 2007 [18628]: cfg_get_pvalue: returns all
Mon Jul 9 22:49:14 2007 [18628]: cfg_acl_check(all, 213.12.21.71)
Mon Jul 9 22:49:14 2007 [18628]: ip 213.12.21.71 matched permit regex
.* of acl filter all
Mon Jul 9 22:49:14 2007 [18628]: login query for 'david.croft' tty1
from 213.12.21.71 rejected
Mon Jul 9 22:49:14 2007 [18628]: login failure: david.croft
213.12.21.71 (213.12.21.71) tty1
Mon Jul 9 22:49:14 2007 [18628]: Writing AUTHEN/FAIL size=18
Mon Jul 9 22:49:14 2007 [18628]: PACKET: key=<MY TACACS+ KEY>
Mon Jul 9 22:49:14 2007 [18628]: version 192 (0xc0), type 1, seq no
6, encryption 1
Mon Jul 9 22:49:14 2007 [18628]: session_id 279968395 (0x10affa8b),
Data length 6 (0x6)
Mon Jul 9 22:49:14 2007 [18628]: End header
Mon Jul 9 22:49:14 2007 [18628]: type=AUTHEN status=2 (AUTHEN/FAIL) flags=0x0
Mon Jul 9 22:49:14 2007 [18628]: msg_len=0, data_len=0
Mon Jul 9 22:49:14 2007 [18628]: msg:
Mon Jul 9 22:49:14 2007 [18628]: data:
Mon Jul 9 22:49:14 2007 [18628]: End packet
Mon Jul 9 22:49:14 2007 [18628]: cfg_get_hvalue: name=213.12.21.71 attr=key
Mon Jul 9 22:49:14 2007 [18628]: cfg_get_hvalue: no host named 213.12.21.71
Mon Jul 9 22:49:14 2007 [18628]: cfg_get_phvalue: returns NULL
In both cases, nothing appears to hit PAM (nothing in /var/log/auth.log)
Regards,
David
More information about the tac_plus
mailing list