Calab
Novice
Aug 28, 2012, 9:59 PM
Post #1 of 1
(598 views)
|
|
Authenticating username/password with TACACS+
|
Can't Post
|
|
My perl script accesses several devices through an SSH connection. The connection is verified by a Cisco ACS server using TACACS+. After three failed attempts by a user to connect via SSH the users account is locked out.
I need to verify the users credentials against the TACACS server and warn the user if it fails, before my script starts accessing our devices.
I'm trying to use the Authen::TacacsPlus module, but every attempt to validate results in an "Authentication Failed" error message.
What I have verified:
- I can manually SSH to one of our devices and authenticate properly.
- The username/password combination is good. It's my own and I can connect to our devices.
- The key matches the one found on our devices.
- The server IP matches the one found on our devices.
- Our server, which us running the perl script, has been added to the Cisco ACS server.
Below is the code I'm testing with... username/password changed of course.
#!/usr/bin/perl
use Authen::TacacsPlus;
$command= $];
print "Perl version : $command\n";
my $user='username';
my $password='userpass';
my $tac = new Authen::TacacsPlus(Host=>'10.0.0.16', Key=>'us3r@@cc3ss');
my $result = $tac->authen( "$user", "$pass" );
print "Msg: " . Authen::TacacsPlus::errmsg() . "\n";
print "Result: $result\n";
$tac->close();
The result always looks like this:
Perl version : 5.008008
Msg: Authentication failed
Result: 0
|
MAIN
SEARCH
WHO'S 
LOG 