Aug 28, 2012, 9:59 PM
Post #1 of 1
My perl script accesses several devices through an SSH connection. The connection is verified by a Cisco ACS server using TACACS+. After three failed attempts by a user to connect via SSH the users account is locked out.
Authenticating username/password with TACACS+
I need to verify the users credentials against the TACACS server and warn the user if it fails, before my script starts accessing our devices.
I'm trying to use the Authen::TacacsPlus module, but every attempt to validate results in an "Authentication Failed" error message.
What I have verified:
- I can manually SSH to one of our devices and authenticate properly.
- The username/password combination is good. It's my own and I can connect to our devices.
- The key matches the one found on our devices.
- The server IP matches the one found on our devices.
- Our server, which us running the perl script, has been added to the Cisco ACS server.
Below is the code I'm testing with... username/password changed of course.
print "Perl version : $command\n";
my $tac = new Authen::TacacsPlus(Host=>'10.0.0.16', Key=>'us3r@@cc3ss');
my $result = $tac->authen( "$user", "$pass" );
print "Msg: " . Authen::TacacsPlus::errmsg() . "\n";
print "Result: $result\n";
The result always looks like this:
Perl version : 5.008008
Msg: Authentication failed