Versions Compared

Old Version 2

changes.mady.by.user Anton Vinokurov

Saved on

compared with

New Version 3

changes.mady.by.user Anton Vinokurov

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Все попытки подключения по TACACS+ фиксируются в лог-файле /home/wnam/logs/wnamtacplus.log

Дополнительно на каждую сессию подключения создается запись в базе данных (таблица tsessions), которую можно просмотреть через веб-интерфейс, раздел "Диагностика - TACACS+ подключения":

...

00:23:02.759 DEBUG [c.n.wnam.services.TacacsPlusService:112] - TACACS+ connection from NAS_IP=172.16.130.38, access server='all-lab-switches' location='R20 LAB SW'
00:23:02.760 DEBUG [c.n.wnam.services.TacacsPlusService:413] - findOrCreateTSession: sessionId a88efdba, username vpupkin, rem_addr 172.16.130.5, port tty1, howRecent Thu Aug 25 23:23:02 MSK 2022
00:23:02.762 DEBUG [c.n.wnam.services.TacacsPlusService:233] - handle AUTHEN Packet LOGIN ASCII vpupkin
00:23:02.762 TRACE [c.netams.wnam.documents.aaa.TSession:129] - log [1] authentication ASCII - request password
00:23:04.010 DEBUG [c.n.wnam.services.TacacsPlusService:413] - findOrCreateTSession: sessionId a88efdba, username null, rem_addr null, port null, howRecent Thu Aug 25 23:23:04 MSK 2022
00:23:04.014 DEBUG [c.n.wnam.services.TacacsPlusService:233] - handle AUTHEN Packet LOGIN ASCII vpupkin ***
00:23:04.014 DEBUG [c.n.wnam.manager.aaa.TProfileManager:66] - getAuthentication tsess=TSession [username=vpupkin, rem_address=172.16.130.5, nas_addr=172.16.130.38, accessServerName=R20 LAB SW, siteName=null, tacacsSessionId=a88efdba], user=vpupkin, pass=fhfghfg
00:23:04.020 TRACE [c.n.wnam.manager.aaa.TProfileManager:146] - getAuthentication prio=30 method=ACTIVE_DIRECTORY, pcandidate=Доменные администраторы
00:23:04.023 TRACE [c.netams.wnam.documents.aaa.TSession:129] - log [2] domain - lab.wnam.ru
00:23:04.037 DEBUG [c.n.wnam.manager.aaa.TProfileManager:262] - requestActiveDirectoryMembership 'vpupkin' cached groups: [Wi-Fi Test Users]
00:23:04.038 TRACE [c.n.wnam.manager.aaa.TProfileManager:146] - getAuthentication prio=40 method=ACTIVE_DIRECTORY, pcandidate=Доменные остальные
00:23:04.041 TRACE [c.netams.wnam.documents.aaa.TSession:129] - log [3] domain - lab.wnam.ru
00:23:04.054 DEBUG [c.n.wnam.manager.aaa.TProfileManager:262] - requestActiveDirectoryMembership 'vpupkin' cached groups: [Wi-Fi Test Users]
00:23:04.054 TRACE [c.netams.wnam.documents.aaa.TSession:129] - log [4] group membership check - skipped, any group match
00:23:04.054 TRACE [c.n.wnam.manager.aaa.TProfileManager:153] - getAuthentication pcandidates left: 1
00:23:04.054 TRACE [c.n.wnam.manager.aaa.TProfileManager:160] - getAuthentication profile 'Доменные остальные'
00:23:04.054 TRACE [c.netams.wnam.documents.aaa.TSession:129] - log [5] profile matching - Доменные остальные
00:23:04.054 TRACE [c.netams.wnam.documents.aaa.TSession:129] - log [6] local user - vpupkin not found, requesting active directory over LDAP
00:23:04.070 ERROR [c.n.wnam.manager.aaa.TProfileManager:242] - Failed to authenticate vpupkin@lab.wnam.ru through win
00:23:04.071 TRACE [c.netams.wnam.documents.aaa.TSession:129] - log [7] password check in AD - failed
00:23:04.071 TRACE [c.netams.wnam.documents.aaa.TSession:129] - log [8] authentication ASCII - failure
00:23:04.071 TRACE [c.netams.wnam.documents.aaa.TSession:129] - log [9] authentication - failure

...