Not able to login to router using ssh when TACACS server is down
When TACACS server is not reachable router is not allowing the local password to login using ssh. Router's SSH debug says authentication is successful but ssh client gets % Authorization failed meassage and disconnects.
kindly see below debug output and config
SSH server end:
Sep 1 13:25:10.161: SSH1: starting SSH control process
Sep 1 13:25:10.165: SSH1: sent protocol version id SSH-1.5-Cisco-1.25
Sep 1 13:25:10.241: SSH1: protocol version id is - SSH-1.5-Cisco-1.25
Sep 1 13:25:10.241: SSH1: SSH_SMSG_PUBLIC_KEY msg
Sep 1 13:25:10.397: SSH1: SSH_CMSG_SESSION_KEY msg - length 112, type 0x03
Sep 1 13:25:10.397: SSH: RSA decrypt started
Sep 1 13:25:10.925: SSH: RSA decrypt finished
Sep 1 13:25:10.925: SSH: RSA decrypt started
Sep 1 13:25:11.165: SSH: RSA decrypt finished
Sep 1 13:25:11.197: SSH1: sending encryption confirmation
Sep 1 13:25:11.197: SSH1: keys exchanged and encryption on
Sep 1 13:25:11.269: SSH1: SSH_CMSG_USER message received
Sep 1 13:25:11.269: SSH1: authentication request for userid rao
Sep 1 13:25:16.297: SSH1: SSH_SMSG_FAILURE message sent
Sep 1 13:25:17.313: SSH1: SSH_CMSG_AUTH_PASSWORD message received
Sep 1 13:25:17.317: SSH1: authentication successful for rao
Sep 1 13:25:17.413: SSH1: requesting TTY
Sep 1 13:25:17.413: SSH1: setting TTY - requested: length 25, width 80; set: le
ngth 25, width 80
Sep 1 13:25:17.525: SSH1: SSH_CMSG_EXEC_SHELL message received
Sep 1 13:25:17.525: SSH1: starting shell for vty
Sep 1 13:25:25.033: SSH1: Session terminated normally
SSH Client end Log:
% Authorization failed.
[Connection to 10.255.15.2 closed by foreign host]
COnfig:
aaa authentication login default group tacacs+ line local
aaa authentication login NO_AUTH line
aaa authorization config-commands
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa authorization configuration default group tacacs+
aaa accounting exec default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
ip domain-name cbi.co.in
crypto key generate rsa
ip ssh time-out 60
ip ssh authentication-retries 3
line vty 0 4
password xxxx
transport input telnet ssh
Kindly reply your views
I believe that the key to understanding your problem is to recognize the subtle difference between authentication and authorization. The authentication process appears that it does succeed but the authorization process has failed according to your error message:
% Authorization failed.
I see that most of your authorization commands include the parameter if-authenticated. But this command does not:
aaa authorization config-commands
I would suggest that you add the if-authenticated parameter to this command and see if it does not fix your problem.
HTH
Rick
Similar Messages
-
Not able to login to BIP using OBIEE Admin credentials
hi,
I am not able to login into BI Publisher(http://<Server name>:7001/xmlpserver/) with my OBIEE Admin credentails. It throws an error "Unauthorized Access: please contact the administrator".
I have checked in console that this Admin User has been assigned to Administrators and BIAdministrators group.
Also I have a BISystemUser which is assigned to Administrators group.
Don't know why it is not working as similar User and group setting onto a different server works.
Regards,
BhavikAny suggestions would be helpful.
-
Not able to login to FWSM via SSH client
When i am trying to login to FWSM via SSH client and it is throwing an error that "SSH server rejected your password Try again"
Hello,
Not sure how you want me to help. The error says it all! The password is wrong.
Do you have any other username/password that you could use to connect and change yours as it looks you forgot it. Otherwise try to access it via console and change it.
Regards.
Jcarvaja
Senior Network Security and Core Specialist
CCIE #42930, 2-CCNP, JNCIS-SEC
For inmediate assistance hire us at http://inetworks.cr/our-rates/ -
Could not able to login into Oracle
Hi ,
I am using Oracle 9i as Database .
I am not able to login into Database please help .
when i tried with system and admin it displays : Invalid username/password ; logon denied
when i tried with scott/tiger : It displays account is locked.
Please help how can i resolve .Thank you.
i opened a cmd prompt and ran your command
It displayed all these , sorry i dont know what to eliminate so posting the full .
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\sai>set
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\sai\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GECE-8403C670A1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\sai
JSERV=D:\oracle\ora90/Apache/Jserv/conf
LOGONSERVER=\\GECE-8403C670A1
NUMBER_OF_PROCESSORS=2
OLAP_HOME=D:\oracle\ora90\olap
OS=Windows_NT
Path=D:\oracle\ora90\bin;D:\oracle\ora90\Apache\Perl\5.00503\bin\mswin32-x86;C:\
Program Files\Oracle\jre\1.1.8\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\Sys
tem32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\sai\LOCALS~1\Temp
TMP=C:\DOCUME~1\sai\LOCALS~1\Temp
USERDOMAIN=GECE-8403C670A1
USERNAME=sai
USERPROFILE=C:\Documents and Settings\sai
windir=C:\WINDOWS
WV_GATEWAY_CFG=D:\oracle\ora90\Apache\modplsql\cfg\wdbsvr.app
C:\Documents and Settings\sai>sqlplus
SQL*Plus: Release 9.0.1.0.1 - Production on Sat Jan 2 22:56:31 2010
(c) Copyright 2001 Oracle Corporation. All rights reserved.
Enter user-name: / as sysdba
Connected to:
Oracle9i Enterprise Edition Release 9.0.1.1.1 - Production
With the Partitioning option
JServer Release 9.0.1.1.1 - Production
SQL> select * from v$version
2 ;
BANNER
Oracle9i Enterprise Edition Release 9.0.1.1.1 - Production
PL/SQL Release 9.0.1.1.1 - Production
CORE 9.0.1.1.1 Production
TNS for 32-bit Windows: Version 9.0.1.1.0 - Production
NLSRTL Version 9.0.1.1.1 - Production -
Not able to login after configuring SSH.Please reply
i have configured AAA on Cisco aeronet 1400 series wireless bridge (AIR-BR1410A-A-K9).After configuring i am not able to login to the device via telnet and via putty.Soon after enabling SSH i am not able to login even through SSH.The below are the commands i have configured on the device.I used to configure the same commands on my Cisco Switches also.
Layer -2
ip domain-name NETS
crypto key generate rsa general-keys modulus 1024
ip ssh version 2
aaa new-model
aaa authentication login Login-LAN group tacacs+ line
aaa authentication enable default group tacacs+ enable
aaa accounting exec EXEC-LAN-L2 start-stop group tacacs+
aaa accounting commands 1 Level-1-LAN-L2 start-stop group tacacs+
aaa accounting commands 15 Level-15-LAN-L2 start-stop group tacacs+
tacacs-server host 10.254.0.140 key !n01#zh3r3@|2
line vty 0 4
accounting commands 1 Level-1-LAN-L2
accounting commands 15 Level-15-LAN-L2
accounting exec EXEC-LAN-L2
login authentication Login-LAN
transport input sshHi,
Check out the connectivity between cisco aeronet and TACAS server and what is the failed logs says in tacas server.
If possible try to change the configuration to aaa authentication login Login-LAN(default) group tacacs+ line and then try what exactly happens.
Hope that helps
Regards
Ganesh.H -
Not able to login using ORACLE USER in Linux
I am not able to login using OS user ORACLE in linux,
I am getting following error when trying to login
/etc/X!!/gdm/PreSession/Default : Registering your session with wtmp and utmp
/etc/X!!/gdm/PreSession/Default :running : /usr/bin/X11/sessreg -a -w /var/log/log/wtmp -u /var/run/utmp -x "/var/gdm/:0.Xservers" -h "" -1" : 0" "oracle"
/etc/profile: line 17 : syntax error near unexpected token 'then'
/etc/profile: line 17 ' if[ $USER = "oracle" ]; then'
Failed to execute message bus daemon : No such file or directory
EOF in dbus-launch reading address from bus daemon
I tried to edit /etc/profile file but not sucessfull. Please help me out . This installtion is on VM ware
Edited by: user12356407 on Dec 16, 2009 3:21 AMuser8896383 wrote:
I am not successful to login using Oracle User .
I tried to edit /etc/profile file on Line 17 , but of no use.
could you please be more precise about what exactly i should look in or edit in that file.
Thanks for your immediate response.My car doesn't start
I tried to fix it
It still doesn't start.
Can you be more precise in telling how to fix it. -
I am new to Adobe Cloud, received the invitation from Adobe, create my account and I am able to login to the web. When Attempted to download Photoshop desktop, I was asked for Name and Password, the name was populated but I have to enter the password. I am using the password I entered at registration but it does not work and the Installer does not run.
I have a MacBook Pro with OS version 10.9.3.
Thanks,
CarlosI figured out, the Installer need the username and password for the computer OS.
-
iCloud not allow login.
It shows the password error but I am able to login to site using same Apple ID.
I just update my software to Mountain Lion 10.8.2
I tried a lot...
1) I changed passwords few time. (through using forgot password options)
2) Cleaned-up memmory and cash using ccleaner.
3) Restarted the system couple of time, Try to login from preferance>iCloud> ...Or here:
http://support.apple.com/kb/DL1611 -
User is not able to Login from external supplier, using the WSS (ICH)
Hi Gurus,
The user is not able to login to the server externally from url.
dev_icm is giving below warnings:
[Thr 11052] IcmWatchDogThread: watchdog started
[Thr 11309] ** WARNING => HttpPlugInInit: Parameter icm/HTTPS/trust_client_with_issuer or icm/HTTPS/trust_client_with_subject not set => do
not trust any intermediary*
X.509 cert data will be removed from header [http_plg_mt. 720]
[Thr 11309] =================================================
[Thr 11309] = SSL Initialization on IBM RS/6000 with AIX
[Thr 11309] = (700_REL,May 3 2008,mt,ascii-uc,SAP_UC/size_t/void* = 16/64/64)
[Thr 11309] profile param "ssl/ssl_lib" = "/usr/sap/SCA/SYS/exe/run/libsapcrypto.o"
resulting Filename = "/usr/sap/SCA/SYS/exe/run/libsapcrypto.o"
[Thr 11309] = found SAPCRYPTOLIB 5.5.5C pl16 (Jun 10 2004) MT-safe
[Thr 11309] = current UserID: "scaadm", env-var USER="scaadm"
[Thr 11309] = using SECUDIR=/usr/sap/SCA/DVEBMGS41/sec
[Thr 11309] = secudessl_Create_SSL_CTX(): PSE "/usr/sap/SCA/DVEBMGS41/sec/SAPSSLA.pse" not found,
[Thr 11309] = using PSE "/usr/sap/SCA/DVEBMGS41/sec/SAPSSLC.pse" as fallback
[Thr 11309] = Success -- SapCryptoLib SSL ready!
[Thr 11309] =================================================
HTTPS (SSL) settings are as below, i think which means that no ssl certifiacts are required.
icm/HTTPS/verify_client = 0
Kindly help urgently.
regards,
MJthis is SCM system.
SSL CA's are set.
what should be value of the parameters?
icm/HTTPS/trust_ client_with_ issuer or
icm/HTTPS/trust_ client_with_ subject
http and https ssl conections are correctly set.
I think the SAPSSLA. pse" not found, is not the problem as the parameter icm/HTTPS/verify_ client = 0 is set, it means that no ssl certifiacts are required.
problem is coming when the system is being accessed from externally using other secure domain name.
the system is being accessed ok from web urs which is internal, but not external.
for example in strust tcode the domain name is *abc.com, which is running fine when accessing the system internally.
but when the user is accessing this sytem from other secure login from *xyz.com, which is also the same companys domain, then the user not able to login, its showing errir. -
i was charged no my credit card for the app store registeration and i am not able to login, i tried to use the forget password options but it isnt going through
Apple id : [email protected]If the old ID is yours, and if your current ID was created by editing the details of this old ID (rather than being an entirely new ID), go to https://appleid.apple.com, click Manage my Apple ID and sign in with your current iCloud ID. Click edit next to the primary email account, change it back to your old email address and save the change. Then edit the name of the account to change it back to your old email address. You can now use your current password to turn off Find My iDevice, even though it prompts you for the password for your old account ID. Then save any photo stream photos that you wish to keep to your camera roll. When finished go to Settings>iCloud, tap Delete Account and choose Delete from My iDevice when prompted (your iCloud data will still be in iCloud). Next, go back to https://appleid.apple.com and change your primary email address and iCloud ID name back to the way it was. Now you can go to Settings>iCloud and sign in with your current iCloud ID and password.
-
I am not able to login to i cloud using my apple id
I am not able to login to i cloud using my apple id.
That's too bad. Try entering the correct login credentials.
-
am not able to login to my iphone 5s using my apple id. i can find the phone listed under my devices in my i cloud login page
You need at least 50 MB of free space in order to back up to iCloud. Rather than backing up, have you tried importing the photos to your computer and deleting them from the camera roll as explained here: http://support.apple.com/kb/HT4083?
-
R12 upgrade issue:Not able to login using forms:Please help****urgent
We have recently upgraded our instance from 11.5.9 to 12.0.4 in Windows 2003 server.
We are unable to login to forms after upgrade, however we are able access self service responsibilities without any issues.
We are getting APP-FND-01496 when we access any forms responsibility. We have tried all possible metalink notes with no luck.
Any help to resolve this issue will be appreciated.Duplicate thread ...
R12 upgrade issue:Not able to login to forms**please help
Re: R12 upgrade issue:Not able to login to forms**please help -
Not able to login to portal links
Hi,
I am not able to login to any link from index.html page except system information page.
When I try to access any other link and enter user name and password, only page is getting refreshed and it is not logging in.
Error from default trace:
#1.5 #00188B34FD33006C0000002800007AC8000461B1DE2BD2F2#1233316471589#com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl#sap.com/tcwddispwda#com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl#J2EE_ADMIN#2018##mysapbw_BW7_23635150#J2EE_ADMIN#c13b1ba1eec411dd9cbb00188b34fd33#SAPEngine_Application_Thread[impl:3]_2##0#0#Error#1#/System/Server/WebRequests#Plain###application [webdynpro/dispatcher] Processing HTTP request to servlet [dispatcher] finished with error.
The error is: java.lang.NoSuchMethodError: com.sap.security.core.wd.umeuifactory.wdp.IExternalUmeUiFactoryCompInterface.hasSimplePermission(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)Z
Exception id: [00188B34FD33006C0000002600007AC8000461B1DE2BCF03]#
#1.5 #00188B34FD33005F000004A300007AC8000461B1E07DB217#1233316510512#com.sap.engine.services.security.authentication.logonapplication#sap.com/com.sap.security.core.admin#com.sap.engine.services.security.authentication.logonapplication.doLogon#J2EE_GUEST#0##n/a##d88d4300eec411dd9ac900188b34fd33#SAPEngine_Application_Thread[impl:3]_6##0#0#Error##Java###doLogon failed
[EXCEPTION]
#1#com.sap.security.core.logon.imp.UMELoginException
at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.logon(SAPJ2EEAuthenticator.java:949)
at com.sap.security.core.logonadmin.ServletAccessToLogic.logon(ServletAccessToLogic.java:208)
at com.sap.security.core.sapmimp.logon.SAPMLogonLogic.doLogon(SAPMLogonLogic.java:914)
at com.sap.security.core.sapmimp.logon.SAPMLogonLogic.uidPasswordLogon(SAPMLogonLogic.java:578)
at com.sap.security.core.sapmimp.logon.SAPMLogonLogic.executeRequest(SAPMLogonLogic.java:158)
at com.sap.security.core.sapmimp.logon.SAPMLogonServlet.doPost(SAPMLogonServlet.java:60)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
Please help me in resolving this issue.
Regards,
Nallasivam.DProcessing HTTP request to servlet dispatcher finished with error.
Check std_dispatcher.out for errors.
com.sap.security.core.logon.imp.UMELoginException
Check your UME setting using configtool
Regards
Juan -
Not able to login in CMS Logic editor
Hi,
I'm using older version of sap xMII 11.0. I'm not able to login CMS Logic editor using my user name and password but able to login to the other xMII pages. Do we need to modify any system properties?
regards
BalaI think you should talk to your colleague who messed up the server environment: Changing Lighthammer Home in BLS (xMII 11.5)
Once it is solved I assume you'll be able to login as well.
Maybe you are looking for
-
How do I block all in coming calls that do not show on my caller Id. Phone says "no caller id" This particular call is from a place selling septic tank cleaner. They leave an automated voice mail. They are calling me over and over. I am on the nation
-
Touch firmware wish list: release
Release an update< Release it before it is obsolete< Release it to the public, at least a beta version< See a release roadmap< Message Edited by dannns on 07-30-2005 0:48 AM
-
Change transfer of set-up group
Hi, I note a large number of queues to APO inbound in error with messages like -Setup activity has at least one mode that does not cover -Sequence-dependent setup activity does not have a mode -Different setup keys for activities with locked activity
-
Hi again friends, when I open a form, it appears the following errors: FRM-18108: Failed to load the following objects. Source Module:oprin.olb Source Object: CGSO$NUMBER_MD_MR (..... several source objects....) Source Module:OPA00005.olb Source Obje
-
Hi! I have 1 credit card and 2 more apple id. Is it possible to use this credit card information for all my apple id?