The best way to troubleshoot the problem would be to enable debugging on the Tacacs server, The following commands assume you have a Unix Tacacs server and you will need root access. The first file you need to edit is the $BASEDIR/config/CSU.cfg file. You will need to change the following lines NUMBER config_system_logging_level = 0x80; ( sets the debug to local 0 facility ) NUMBER config_logging_configuration = 0x0fffffff; ( sets the debugging verbose level )
You will then need to modify the /etc/syslog.conf file by adding the following line local0.debug /var/log/csuslog The file csuslog must be created in the /var/log directory, in fact you can direct the output to any file in any directory as long as you put the full path in the syslog.conf file. You will then need to stop and start CiscoSecure and also restart the syslog daemon Then log into the routers and go back and view the log file ( csuslog in this case ) The most likely issue that you will have is that the secret keys are incorrect. Hope this helps Doug -----Original Message----- From: R. Benjamin Kessler [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 20, 2001 2:04 PM To: [EMAIL PROTECTED] Subject: RE: Cisco TACACS+ Problem [7:26783] Verify that the router can reach the TACACS server (ping) and verify that the TACACS server and router are configured with matching parameters. Note: you may have to restart the TACACS server process when you add a router. I'm assuming that you copy/pasted the same set of config lines in all of the routers; you might want to verify that all of the lines made it into the config properly. If you created your script on a 12.1 router it may have problems getting entered into a 12.0 router, for example. Hope this helps. > I have configured a number of routers to authenticate to the TACACS+ > server we have on site. some routers get the login prompt and some dont > and at time others do. > > Has anyone got any ideas to this. > > *** Thomas Jreige > *** Communications Engineer > *** CSC Network Services, Wollongong Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=26908&t=26783 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
