All Topics » Pulse Policy Secure



Tacacs authentication failed with QFabric


pvalera24
Contributor (11)
Jan 7, 2014 10:04am

Hi folks,

 

I've configured a Juniper box (Qfabric) to let tacacs users login in, but it's not working yet.

 

Juniper's Configuration:

 

tacplus-server {     192.168.1.115 {         secret "xxxxx"; ## SECRET-DATA         source-address 192.168.212.14;     } } tacplus-options {     service-name junos-exec; }  user remote-super-users {     full-name "User template for remote super-users";     class super-user; } 

 

 

Cisco ACS Configuration:

 

User myuser belogs to mygroup and inside this group has been configured:

 

  • Check junos-exec
  • Check Custom attributes

 

local-user-name = remote-super-users allow-commands =* deny-commands =* 

 

Junos log is below:

 

Jan 06 19:01:42 qfabric DG0 sshd[14737]: pam_tacplus: sfc_login_get_caps failed

Jan 06 19:01:42 qfabric DG0 sshd[14737]: pam_tacplus: sfc_login_get_caps failed

Jan 06 19:01:42 qfabric DG0 sshd[14737]: pam_tacplus: sfc_login_get_caps failed

Jan 06 19:01:43 qfabric DG0 sshd[14737]: pam_tacplus: authentication failed

Jan 06 19:01:43 qfabric DG0 sshd[14737]: pam_mysql: user myuser not found in SFC database

Jan 06 19:01:43 qfabric DG0 sshd[14737]: pam_tacplus: authentication failed

Jan 06 19:01:43 qfabric DG0 sshd[14737]: pam_mysql: user myuser not found in SFC database

Jan 06 19:01:43 qfabric DG0 sshd[14737]: pam_tacplus: authentication failed

Jan 06 19:01:43 qfabric DG0 sshd[14737]: pam_mysql: user myuser not found in SFC database

Jan 06 19:01:43 qfabric DG0 sshd[14737]: pam_mysql: authentication failed

Jan 06 19:01:43 qfabric DG0 sshd[14737]: Failed password for myuser from 172.19.1.5 port 2957 ssh2

Jan 06 19:01:43 qfabric DG0 sshd[14737]: pam_mysql: authentication failed

Jan 06 19:01:43 qfabric DG0 sshd[14737]: Failed password for myuser from 172.19.1.5 port 2957 ssh2

Jan 06 19:01:43 qfabric DG0 sshd[14737]: pam_mysql: authentication failed

Jan 06 19:01:43 qfabric DG0 sshd[14737]: Failed password for myuser from 172.19.1.5 port 2957 ssh2

 

Please, is there any comments or advices?

What does "sfc_login_get_caps failed" mean?

 

Thanks in advance,

Peter




kalagesan
Contributor (11)
Jan 7, 2014 9:44pm

Hi Peter,

 

Please post your query  in  the belwo Ethernet Switching forum, its the appropriate forum to dicsuss the Junos Q Fabric issues

 

http://forums.juniper.net/t5/Ethernet-Switching/bd-p/switch

 

Regards,

Kannan

 

    pvalera24
    Contributor (11)
    Jan 8, 2014 11:28am

    Yes no problem. Sorry about it.

    Peter