TACACS+ with ISE issues

  • 5 July 2019
  • 1 reply

I've setup the appropriate device profiles with priv 15 feature in ISE. ISE logs are showing me I'm authenticating correctly. I can login via the console using TACACS+, but all attempts at SSH fail. And by that I mean ISE shows me I've authenticated correctly, but the SSH session still tells me bad password.

1 reply

Userlevel 3
I can't think of any cases where console login via tacacs would work, but ssh would not, unless you have configured /etc/ssh/sshd_config to further limit logins in some manner (there are quite a few possibilities there).

Look at the troubleshooting section of the tacacs guide on our docs site, and specifically, turn on debug=1 in /etc/tacplus_servers, verify the getent commands work, then try the ssh, and see what debug messages are printed from the login attempt.