<span class="Apple-style-span" style="border-collapse: collapse; ">it looks like the nexus seems to require either pap or mschap <br><br></span><div><span class="Apple-style-span" style="border-collapse: collapse; ">mschap is a no go since based on config.c cleartext is the only supported config and i'm not looking forward to having my password lying around that way.. </span></div>
<div><span class="Apple-style-span" style="border-collapse: collapse;"><br></span></div><div><span class="Apple-style-span" style="border-collapse: collapse; ">i got it working by adding </span></div><div><span class="Apple-style-span" style="border-collapse: collapse; ">pap = des <Filtered Crypt Password></span></div>
<div><div><span class="Apple-style-span" style="border-collapse: collapse;"><br></span></div><div><span class="Apple-style-span" style="border-collapse: collapse; ">is there anyway to get either or the two option above working with PAM / LDAP</span></div>
<div><span class="Apple-style-span" style="border-collapse: collapse;"><br></span></div><div><span class="Apple-style-span" style="border-collapse: collapse; "><br>below is the entire config used to get tacacs enabled<br>
<br>feature tacacs+<br>tacacs+ enable<br><br>tacacs-server key 7 "*********"<br>tacacs-server host 10.88.4.52 key 7 "*********" timeout 5 <br>tacacs-server host 10.88.4.52 test username test password test <br>
aaa group server tacacs+ conaaa <br> server 10.88.4.52 <br> use-vrf default #needed since i am not using the mgmt port on the switch<br>aaa authentication login default group conaaa local <br>
aaa authentication login console group conaaa local <br>aaa accounting default group conaaa local <br>no aaa authentication login error-enable <br>no aaa authentication login mschap enable <br>no radius-server directed-request <br>
tacacs-server directed-request </span>
</div></div>