TACACS+ related Error Messages
Table below describes the error codes related to TACACS+ server on your Ivanti Policy Secure appliance.
|
Error Code |
Error Message |
Description |
Corrective Action |
|---|---|---|---|
|
TAC31628 |
Limit of <max count> TACACS+ concurrent users reached. |
TACACS+ concurrent user connections have reached the configured system limit. |
Check the configuration file for the user limit. |
|
TAC31629 |
TACACS+ request received from unknown TACACS+ client <switch IP>. |
The incoming TACACS+ connection is dropped since it is received from an unknown host. |
Check if the client IP address is configured in TACACS+ clients page. |
|
TAC31628 |
Invalid TACACS+ packet from <switch IP>, discarding. Incorrect shared secret |
The incoming TACACS+ connection is dropped due to shared-secret mismatch. |
Check if the shared secret configured for the client is same when compared with the client request. |
|
TAC31612 |
TACACS+ Shell authorization rejected for <user> on switch-<switch ip>. Reason- No session found |
Exec authorization failure due to no session found. |
Check if session is created in ‘Active users’ page. |
|
TAC31612 |
TACACS+ authorization rejected for command-<cmd> from <user> on switch-<switch ip>. Reason- No session found |
Command authorization failure due to no session found. |
Check if session is created in ‘active users’ page. |
|
TAC31612 |
TACACS+ authorization rejected for command-<cmd> from <user> on switch-<switch ip>. Reason- No Shell policy found for the assigned roles |
Command authorization failure due to no shell policy assigned to roles. |
Check if shell policy is configured and is correctly mapped to device group and roles. |
|
TAC31612 |
TACACS+ authorization rejected for command-<cmd> from <user> on switch-<switch ip>. Reason- Matched with the rule – [command = <command> Arguments = <argument> action = deny] in shell policy-<policy name> |
Command authorization failure due to action 'deny' set in command set. |
Check the action configured in matched command set in shell policy page. |
|
TAC31612 |
TACACS+ authorization rejected for command-<cmd> from <user> on switch-<switch ip>. Reason- No match found. Default action is 'deny' in shell policy-<policy name> |
Command authorization failure due to action 'deny' set in default action. |
Check if none of the configured command set matched with the request. If yes, the check the default action configured. |
|
AUT23458 |
Login failed using auth server System Local (Local Authentication). Reason: Failed |
Login failure due to authentication failure. |
Check if the role mapping is based on username or group name. If using groupname, ensure all groups are listed when you click on groups under role mapping. |
|
AUT23458 |
Login failed. Reason: No Roles |
Login failure due to no role available. |
Check if the user is configured with an appropriate role and role mapping rules. |
|
AUT31627 |
Received a TACACS+ Accounting stop request. Terminated Session |
Session deletion due to accounting stop received. |
Check if accounting stop request is sent by client. |
|
ADM20664 |
Session timed out for <user>/<realm> due to inactivity (last access at <time>). Idle session identified during routine system scan. |
Session deletion due to session timeout. |
Login again as previous session is expired. |