Open Hassan-Core opened 1 month ago
Try using this instead:
aaa group server tacacs+ TACACS server-private SERVER_IP key YOUR_TACACS_KEY ! aaa authentication login default group TACACS local aaa authorization config-commands aaa authorization exec default group TACACS if-authenticated aaa authorization commands 1 default group TACACS if-authenticated aaa authorization commands 15 default group TACACS if-authenticated aaa accounting exec default start-stop group TACACS aaa accounting commands 0 default stop-only group TACACS aaa accounting commands 1 default stop-only group TACACS aaa accounting commands 15 default stop-only group TACACS
if you use MGMT interface for Tacacs authentication, add management vrf to the aaa group server
Describe the system Ubuntu version: Ubuntu 18.04.6 LTS (use next command: lsb_release -a ) PHP version: v3.3.9 (use next command: php -v ) TacacsGUI API version: 0.9.83 (use next command: php -r 'include "/opt/tacacsgui/web/api/constants.php"; echo APIVER . "\n";' ) Browser: [e.g. chrome, safari]
Describe the bug I have catalyst C3850 (IOS-XE) in network and I have added that on my TACGUI server but it not authenticating. Below is the output of the test aaa... command. Also, I am facing this issue on all the cisco catalyst switches.
test aaa group tacacs+ test legacy
Attempting authentication test to server-group tacacs+ using tacacs+
No authoritative response from any server.
Test is user is locally created on the server.
Server is pingable and below are configurations on the switch.
aaa authentication login tacgui group tacacs+ local aaa authentication enable default group tacacs+ enable aaa authorization exec default group tacacs+ local aaa authorization commands 0 default group tacacs+ local aaa authorization commands 15 default group tacacs+ local aaa authorization config-commands aaa accounting exec default start-stop group tacacs+ aaa accounting commands 0 default start-stop group tacacs+ aaa accounting commands 15 default start-stop group tacacs+
tacacs server
address ipv4
key 7
tacacs-server timeout 1
aaa new-model aaa session-id common
line vty 0 4 login authentication tacgui transport input ssh line vty 5 15 login authentication tacgui transport input ssh