Open iyyapa opened 6 months ago
@iyyapa As I mentioned in the previous issue, it's hard for us to debug this problem without some information
Coming to the logs attached above: I can see that all the authorization queries were accepted
authorization query for 'gcom' ssh from 192.168.0.233 accepted
the next log line which points to connection close
192.168.0.233 ssh: fd 5 eof (connection closed)
comes from https://github.com/mkouhei/tacacs-plus/blob/master/packet.c#L462. This denotes that the server tried to read from the TCP connection object but found that the connection had been closed by the remote end (the peer, in this case the extreme switch). This is expected behaviour from the server
Have you reached out to CISCO TAC for ISE and have them run debugs on the AAA side ? Why do we suspect a problem with the code ?
Please find the below topology..
The user wants to login with tacacs server, First two times user enters wrong credentials for that the server rejects the request and this expected.
Next user enters with correct credentials and could see that during authorization the connection got closed.
We could see this issue when we enter first wrong credentials and then correct credentials. I have attached the debug logs collected from tacacs server. 240212_083536_tacplus_debug_240213.pdf