Tacacs+ remote authentication, Monitoring tacacs – Dell PowerEdge FX2/FX2s User Manual

Page 168

Advertising
background image

Example of a Failed Authentication

To view the configuration, use the show config in LINE mode or the show running-config tacacs
+ command in EXEC Privilege mode.
If authentication fails using the primary method, Dell Networking OS employs the second method (or
third method, if necessary) automatically. For example, if the TACACS+ server is reachable, but the server
key is invalid, Dell Networking OS proceeds to the next authentication method. In the following example,
the TACACS+ is incorrect, but the user is still authenticated by the secondary method.

First bold line: Server key purposely changed to incorrect value.

Second bold line: User authenticated using the secondary method.

Dell(conf)#

Dell(conf)#do show run aaa

!

aaa authentication enable default tacacs+ enable

aaa authentication enable LOCAL enable tacacs+

aaa authentication login default tacacs+ local

aaa authentication login LOCAL local tacacs+

aaa authorization exec default tacacs+ none

aaa authorization commands 1 default tacacs+ none

aaa authorization commands 15 default tacacs+ none

aaa accounting exec default start-stop tacacs+

aaa accounting commands 1 default start-stop tacacs+

aaa accounting commands 15 default start-stop tacacs+

Dell(conf)#

Dell(conf)#do show run tacacs+

!

tacacs-server key 7 d05206c308f4d35b

tacacs-server host 10.10.10.10 timeout 1

Dell(conf)#tacacs-server key angeline

Dell(conf)#%RPM0-P:CP %SEC-5-LOGIN_SUCCESS: Login successful for user admin on

vty0 (10.11.9.209)

%RPM0-P:CP %SEC-3-AUTHENTICATION_ENABLE_SUCCESS: Enable password

authentication success on vty0 ( 10.11.9.209 )

%RPM0-P:CP %SEC-5-LOGOUT: Exec session is terminated for user admin on line

vty0 (10.11.9.209)

Dell(conf)#username angeline password angeline

Dell(conf)#%RPM0-P:CP %SEC-5-LOGIN_SUCCESS: Login successful for user angeline

on vty0 (10.11.9.209)

%RPM0-P:CP %SEC-3-AUTHENTICATION_ENABLE_SUCCESS: Enable password

authentication success on vty0 ( 10.11.9.209 )

Monitoring TACACS+

To view information on TACACS+ transactions, use the following command.

• View TACACS+ transactions to troubleshoot problems.

EXEC Privilege mode

debug tacacs+

TACACS+ Remote Authentication

When configuring a TACACS+ server host, you can set different communication parameters, such as the
key password.

168

Security

Advertising
Popular Brands
Popular manuals