search

tacacsgui / tacacsgui

TACACSGUI is a system of centralised network devices authentication
https://tacacsgui.com/
GNU General Public License v3.0
173 stars 38 forks source link

Cisco Catalyst Authentication Issue #142

Open Hassan-Core opened 1 month ago

Hassan-Core commented 1 month ago

Describe the system Ubuntu version: Ubuntu 18.04.6 LTS (use next command: lsb_release -a ) PHP version: v3.3.9 (use next command: php -v ) TacacsGUI API version: 0.9.83 (use next command: php -r 'include "/opt/tacacsgui/web/api/constants.php"; echo APIVER . "\n";' ) Browser: [e.g. chrome, safari]

Describe the bug I have catalyst C3850 (IOS-XE) in network and I have added that on my TACGUI server but it not authenticating. Below is the output of the test aaa... command. Also, I am facing this issue on all the cisco catalyst switches.

test aaa group tacacs+ test legacy Attempting authentication test to server-group tacacs+ using tacacs+ No authoritative response from any server.

Test is user is locally created on the server.

Server is pingable and below are configurations on the switch.

aaa authentication login tacgui group tacacs+ local aaa authentication enable default group tacacs+ enable aaa authorization exec default group tacacs+ local aaa authorization commands 0 default group tacacs+ local aaa authorization commands 15 default group tacacs+ local aaa authorization config-commands aaa accounting exec default start-stop group tacacs+ aaa accounting commands 0 default start-stop group tacacs+ aaa accounting commands 15 default start-stop group tacacs+

tacacs server address ipv4 key 7 tacacs-server timeout 1

aaa new-model aaa session-id common

line vty 0 4 login authentication tacgui transport input ssh line vty 5 15 login authentication tacgui transport input ssh

alex-cccip commented 1 week ago

Try using this instead:

aaa group server tacacs+ TACACS server-private SERVER_IP key YOUR_TACACS_KEY ! aaa authentication login default group TACACS local aaa authorization config-commands aaa authorization exec default group TACACS if-authenticated aaa authorization commands 1 default group TACACS if-authenticated aaa authorization commands 15 default group TACACS if-authenticated aaa accounting exec default start-stop group TACACS aaa accounting commands 0 default stop-only group TACACS aaa accounting commands 1 default stop-only group TACACS aaa accounting commands 15 default stop-only group TACACS

if you use MGMT interface for Tacacs authentication, add management vrf to the aaa group server