TACAS not working - No TACACS packets in TCPDUMP
Hi, I have problem with user authentication over TACACS on BIG-IP 12.0 HF2 (Virtual edition). I configured TACACS, add host routes for TACACS server over MGMT interface, all according to config guide, but it is not workin. There is no packets in TCP dump. I tried TCPDUMP over all interfaces, also with command tcpdump -nni 0.0 port 49 but there is no any packet in trace. In log there are messages May 25 16:30:30 f5-04-1 warning httpd[14928]: pam_unix(httpd:auth): check pass; user unknown May 25 16:30:30 f5-04-1 notice httpd[14928]: pam_unix(httpd:auth): authentication failure; logname= uid=48 euid=48 tty= ruser= rhost=10.24.131.4 May 25 16:30:33 f5-04-1 err httpd[14928]: [error] [client 10.24.131.4] AUTHCACHE PAM: user 'xxx' - not authenticated: Authentication failure, referer: https://localhost:15443/tmui/login.jsp?msgcode=1& May 25 16:30:33 f5-04-1 info httpd(pam_audit)[14928]: User=xxx tty=(unknown) host=10.24.131.4 failed to login after 1 attempts (start="Wed May 25 16:30:30 2016" end="Wed May 25 16:30:33 2016"). May 25 16:30:33 f5-04-1 info httpd(pam_audit)[14928]: 01070417:6: AUDIT - user xxx - RAW: httpd(pam_audit): User=xxx tty=(unknown) host=10.24.131.4 failed to login after 1 attempts (start="Wed May 25 16:30:30 2016" end="Wed May 25 16:30:33 2016"). TACAS configuration: auth source { type tacacs } auth tacacs system-auth { encryption disabled protocol ip secret $M$DF$/p4kusJntSq1Ydp41sLeZCOA/SrorObenISS/2pX08k= servers { 192.168.134.206 10.51.10.68 } service ppp } Management routes configuration: sys management-route default { description configured-statically gateway 10.24.131.1 mtu 1500 network default } sys management-route TACACS-1 { gateway 10.24.131.1 network 192.168.134.206/32 } sys management-route TACACS-2 { gateway 10.24.131.1 network 10.51.10.68/32 } Any suggestions?
Easiest way to find user authentication method on multiple F5s? BigIQ? API calls?
Im working on a project that requires finding the method of authentication used for logging in on quite a few F5 - what would be the easiest way to find that out? Logging in to the F5s directly is an option (and what was suggested), but it is time consuming and a huge pain in the butt. More than 50 less than 100. Just looking for suggestions! Thanks.