Got it

Tacacs error on S9300

Created: Mar 5, 2021 09:12:27Latest reply: Mar 8, 2021 01:53:03 243 6 0 0 0
  Rewarded HiCoins: 0 (problem resolved)

Hello I got tacas error appear when user try to login as below :

Mar  5 2021 16:01:37.500.1+07:00 JB1_S93_LSW TACACS/7/Event:Tac bind socket failure.

Mar  5 2021 16:01:37.500.2+07:00 JB1_S93_LSW TACACS/7/Event:Socket id: 1, bind result: -49

Mar  5 2021 16:01:37.500.3+07:00 JB1_S93_LSW TACACS/7/Event:TAC get session fail.

Mar  5 2021 16:01:37.500.4+07:00 JB1_S93_LSW TACACS/7/Event:Send authen packet fail, TCP error, find next server.

Mar  5 2021 16:01:37.500.5+07:00 JB1_S93_LSW TACACS/7/Event:No useful authentication server. (GroupIndex=0)

Mar  5 2021 16:01:37.500.6+07:00 JB1_S93_LSW TACACS/7/Event:Can not find a valid server when send authen packet fail.

Mar  5 2021 16:01:37.550.1+07:00 JB1_S93_LSW TACACS/7/Event:Tac bind socket failure.

Mar  5 2021 16:01:37.550.2+07:00 JB1_S93_LSW TACACS/7/Event:Socket id: 1, bind result: -49

Mar  5 2021 16:01:37.550.3+07:00 JB1_S93_LSW TACACS/7/Event:TAC get session fail.

Mar  5 2021 16:01:37.550.4+07:00 JB1_S93_LSW TACACS/7/Event:Send author packet fail for TCP error.

Mar  5 2021 16:01:37.550.5+07:00 JB1_S93_LSW TACACS/7/Event:No useful authorization server. (GroupIndex=0)

Mar  5 2021 16:01:37.600.1+07:00 JB1_S93_LSW TACACS/7/Event:Tac bind socket failure.

Mar  5 2021 16:01:37.600.2+07:00 JB1_S93_LSW TACACS/7/Event:Socket id: 1, bind result: -49

Mar  5 2021 16:01:37.600.3+07:00 JB1_S93_LSW TACACS/7/Event:TAC get session fail.

Mar  5 2021 16:01:37.600.4+07:00 JB1_S93_LSW TACACS/7/Event:Send acct packet fail, TCP error.

Mar  5 2021 16:01:37.600.5+07:00 JB1_S93_LSW TACACS/7/Event:No useful accounting server. (GroupIndex=0)

Mar  5 2021 16:01:37.600.6+07:00 JB1_S93_LSW TACACS/7/Event:Can not find a valid server when send acct packet fail.

Mar  5 2021 16:01:37.600.7+07:00 JB1_S93_LSW TACACS/7/Event:SessinID is different when delete node. (NodeSessionID=0x3ebbf790, SessionID=0xffffffff)


+++ Here is my tacas configuration on S9300+++++

hwtacacs-server template hwtacacs

 hwtacacs-server source-ip xxx.xxx.xxx.xxx

 hwtacacs-server authentication xxx.xxx.xxx.xxx

 hwtacacs-server authorization xxx.xxx.xxx.xxx

 hwtacacs-server accounting xxx.xxx.xxx.xxx

 hwtacacs-server shared-key cipher xxxxx

 hwtacacs-server timer response-timeout 3

qui

aaa

authentication-scheme huawei_tacas

  authentication-mode hwtacacs local

qui

authorization-scheme huawei_tacas 

 authorization-mode hwtacacs local

  authorization-cmd 15 hwtacacs local

 qui

accounting-scheme huawei_tacas

  accounting-mode hwtacacs

  accounting realtime 3

  accounting start-fail online

qui

recording-scheme huawei_tacas

  recording-mode hwtacacs hwtacacs

 qui

 cmd  recording-scheme huawei_tacas

 

domain default_admin                     

  authentication-scheme huawei_tacas

  accounting-scheme huawei_tacas

  authorization-scheme huawei_tacas

  hwtacacs-server hwtacacs

  qui

  qui

  

 

domain default_admin  admin 


Note : above configuration working normal on all my switch ecept my s9300 error as above .


Any advice will be very appreciate.

  • x
  • convention:

Featured Answers
chenhui
Admin Created Mar 8, 2021 01:53:03

Hello,
Can you please check the TCP connection between the S9300 switch source ip address and the HWTACACS server?
If yes, then, you are suggested to check the authentication server configuration, if the S9300 is allowed to connect to the server.
From the debug information, the TCP connection between switch and server establishes failed.
View more
  • x
  • convention:

All Answers
DDSN
DDSN Admin Created Mar 5, 2021 09:14:12

Hi sovandara,
Please wait patiently. Our engineers are looking for answers to your questions.
View more
  • x
  • convention:

DDSN
DDSN Admin Created Mar 5, 2021 09:31:07

  • x
  • convention:

sovandara
sovandara Created Mar 5, 2021 09:41:52 (0) (0)
Dear DDSN,

Look like i can not access above link due to permission restrict.  
DDSN
DDSN Reply sovandara  Created Mar 5, 2021 09:57:29 (0) (0)
Try this: https://support.huawei.com/hedex/hdx.do?docid=EDOC1000091884&id=EN-US_TOPIC_0204651069&lang=en  
sovandara
sovandara Reply DDSN  Created Mar 5, 2021 10:06:58 (0) (0)
Hi DDSN,

Above link you shared are talking about HWTACACS Server Does Not Respond. It different issue from this issue what i am facing.  
chenhui
chenhui Admin Created Mar 8, 2021 01:53:03

Hello,
Can you please check the TCP connection between the S9300 switch source ip address and the HWTACACS server?
If yes, then, you are suggested to check the authentication server configuration, if the S9300 is allowed to connect to the server.
From the debug information, the TCP connection between switch and server establishes failed.
View more
  • x
  • convention:

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."

My Followers

Login and enjoy all the member benefits

Login

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.