Troubleshooting tips for the CISCO TACACS solution on the Bluecoat Director appliance?
While I can use TACACS to authenticate to the Director console, through SSH, I cannot through the web user interface.
I cannot login to Director using a TACACS server from Cisco running version 4.2.
NOTE: To troubleshoot this issue, you'll need to login to the Command line interface ( CLI), via SSH. We recomend you use putty to login to Director. Putty can be downloaded here.
1: Setup the var/log/messages file to send live updates to your putty SSH session.
2: Attempt to login , and trigger the symptom via the web UI, of being unable to login.
TIP: Between the client and Director, you are using the HTTP protocol, but between Director and the TACACS server you are using TCP and UDP.
3: Showing the Director, TACACS configuration:
TIP typing "TACACS-server ?" you will be shown how you can change the TACACS configuration on Director.
Solution: In one case we noticed that the Cisco TACACS server was using RSA tokens for password protection. RSA tokens change the password every 60s seconds, and are incompatible with the authentication style of Director . This resulted in us being able to login to the Command line interface via SSH, but we were refused authentication via the web interface. Once we changed this to the Windows Domain Authentication the symptoms disapeared.
NOTE1: Terminal Access Controller Access-Control System (TACACS), is a remoted authentication protocol, based on TCP/UDP, used to authentcate users to UNIX systems. For more information see this wiki link TACACS.
NOTE2: For a complete set of steps to set up this solution with the CISCO TACACS server, see FAQ2879.
Rate this Page
Please take a moment to complete this form to help us better serve you.