NimbostratusHi Team,
I have a cluster env. and I have configured F5 to use ACS for authentication However it is working on one node only and not working on the other node
What I miss in this ?
Thanks
NimbostratusI am getting the following error msg
err httpd[16421]: tac_authen_pap_read: error reading PAP authen header, read -1 of 12: Connection reset by peer
NimbostratusSorry to revive this old thread. I am having a very similar issue and was wondering if you found the answer?
MVPvery similar as the same error or just not working on either of the BIG-IPs?
are both BIG-IPs in your TACACS server client list?
Nimbostratusanyone find a resolution to this?
MVPi doubt someone i going to solve this without some more information shared.
so quattroginger do you have exactly the same issue? configured both tacacs+ servers in big-ip for admin authentication? which IP adresses did you use on the tacacs+ server side?
AltocumulusI just experienced this trying to implement this on an r5600 platform tenant with Clearpass as the TACACS+ service.
We got that same error message, "tac_authen_pap_read: error reading PAP authen header, read -1 of 12: Connection reset by peer".
After a bit of digging in Clearpass (Access Tracker), it turned out the wrong Service took precedence and an unintended enforcement policy was applied (with unmatching TACACS secrets).
That service that took precedence, was attached to an enforcement profile with a device group list , that contained two /24 networks.
One of those networks were spanning the management IPs of the new r5600 tenants.
The immidiate solution in our case was to reorder the services in Clearpass under Configuration, Services, so that the Service used in the enforcement policy with the narrower scope (two IP addresses) had a higher priority than the offending one.