Cisco Systems 6000 Web Username and Password Issues

Catalyst6000 Family Network Analysis Module Installation and Configuration Note

78-10406-05

Troubleshooting the NAM

Error Message ...httpd:tac_authen_pap_read:invalid reply content, incorrect key?

...PAM-tacplus[616]:auth failed:Authentication error, please contact

administrator.

Possible Cause The TACACS+ secret key configured in the NAM does not match the key in the

TACA CS+ ser ver .

Recommended Action Choose Admin > User > TACACS+, and enter the correct secret key.

Error Message ...httpd:tac_connect:connection to 172.20.122.183 failed:Connection

timed out

...httpd:tac_connect:all possible TACACS+ servers failed

...PAM-tacplus[613]:connection failed srv 0:Connection timed out

...PAM-tacplus[613]:no more servers to connect

Possible Cause The wrong TACACS+ server IP address is configured on the NAM.

Recommended Action Choose Admin > User > TACACS+, and enter the correct TACACS+ server

address.

Symptom The TACACS+ user can log in successfully but receives the “Not authorized...” error messages

when accessing NAM Traffic Analyzer application.

Possible Cause The user does not have the necessary access rights.

Recommended Action Log in to the TACACS+ server and grant access rights to the affected users. (See

the TACACS+ documentation for information on login configuration.)

Web Username and Password Issues

The following web username and password issues apply:

•You cannot use the CLI username (root or guest) and password to log into the NAM Traffic Analyzer

application because they are administered separately. You also cannot use your NAM Traffic

Analyzer application username and password to log into the NAM CLI.

You can create web users with a local database or using TACACS+. You can create a web user with

the same username and password as used on the CLI. However, you must still make password

changes in both places.

•You can use TACACS+ either in addition to a local database or instead of a local database. (The local

database is always checked first.) To use only TACACS+, you can eliminate the local database users

by either of these methods:

–

Use the NAM CLI rmwebusers command to remove only local users, not TACACS+ users, as

they are administered separately on the TACACS+ server.

–

From the Admin tab, click Users, then delete all local database users individually.

Caution Do not delete all local database web users until you have verified that you can log into the NAM

Traffic Analyzer application as a TACACS+ user.