Here is my tac_plus conf in linux box:<br><br>accounting file = /var/log/tacacs_acct<br>key = mykey<br><br>user = $enab15$ {<br> login = des "DKxtKRZ/XeEgM"<br>}<br><br>group = admin {<br> default service = permit<br>
service = exec {<br> priv-lvl = 15<br> }<br>}<br><br>group = limited {<br> default service = deny<br> service = exec {<br> priv-lvl = 1<br> }<br> cmd = show {<br> permit ip<br> permit interface<br>
}<br>}<br><br>user = testuser{<br> member = admin<br> login = PAM<br>}<br><br><br><div class="gmail_quote">On Thu, Feb 18, 2010 at 5:45 PM, john heasley <span dir="ltr"><<a href="mailto:heas@shrubbery.net">heas@shrubbery.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Thu, Feb 18, 2010 at 02:02:46PM -0600, Hailu Meng:<br>
<div><div></div><div class="h5">> Thu Feb 18 13:42:22 2010 [27117]: Writing AUTHEN/SUCCEED size=18<br>
> Thu Feb 18 13:42:22 2010 [27117]: PACKET: key=mykey<br>
> Thu Feb 18 13:42:22 2010 [27117]: version 192 (0xc0), type 1, seq no 6,<br>
> flags 0x1<br>
> Thu Feb 18 13:42:22 2010 [27117]: session_id 3918696952 (0xe99291f8), Data<br>
> length 6 (0x6)<br>
> Thu Feb 18 13:42:22 2010 [27117]: End header<br>
> Thu Feb 18 13:42:22 2010 [27117]: type=AUTHEN status=1 (AUTHEN/SUCCEED)<br>
> flags=0x0<br>
> Thu Feb 18 13:42:22 2010 [27117]: msg_len=0, data_len=0<br>
> Thu Feb 18 13:42:22 2010 [27117]: msg:<br>
> Thu Feb 18 13:42:22 2010 [27117]: data:<br>
> Thu Feb 18 13:42:22 2010 [27117]: End packet<br>
> Thu Feb 18 13:42:22 2010 [27117]: <a href="http://10.1.2.1" target="_blank">10.1.2.1</a>: disconnect<br>
> *<------ This above is the same as successful one, from here, I got another<br>
> "Password" Prompt asking for password*. *Even I input my correct password<br>
> for the 2nd time, it just doesn't allow me in*.* I also tried wrong password<br>
> for the first time password input on purpose, I did get rejected message<br>
> like "login query for 'testuser' tty1 from 10.1.2.1 rejected"*<br>
<br>
> Thu Feb 18 13:42:28 2010 [27116]: session request from 10.1.2.1 sock=2<br>
> Thu Feb 18 13:42:28 2010 [27135]: connect from 10.1.2.1 [10.1.2.1]<br>
> Thu Feb 18 13:42:28 2010 [27135]: Waiting for packet<br>
> Thu Feb 18 13:42:28 2010 [27135]: Read AUTHEN/START size=35<br>
> Thu Feb 18 13:42:28 2010 [27135]: validation request from 10.1.2.1<br>
> Thu Feb 18 13:42:28 2010 [27135]: PACKET: key=mykey<br>
> Thu Feb 18 13:42:28 2010 [27135]: version 192 (0xc0), type 1, seq no 1,<br>
> flags 0x1<br>
> Thu Feb 18 13:42:28 2010 [27135]: session_id 3154815253 (0xbc0aa915), Data<br>
> length 23 (0x17)<br>
<br>
</div></div>its starting a new auth connection.<br>
<br>
whats the tacacs conf on the device?<br>
</blockquote></div><br>