No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Replay signal of tacacs server without ftp patch leads tacacs authentication ftp failure

Publication Date:  2019-07-22 Views:  98 Downloads:  1

Issue Description

Hwtacacs authenticates tel、ssh、ftp service on S9300, tel and ssh can realize, but ftp system always warns failure.
Version: V100R003C00SPC200

Alarm Information

Jan  1 2008 00:40:43.790.7+02:00 HU1-RND-VIL_S2318 TAC/7/Event:HandleReqMsg: Ses
sion status is connect now.                                                    
Jan  1 2008 00:40:44+02:00 HU1-RND-VIL_S2318 %%01FTPS/3/LOGIN_FAIL(l)[60]:The us
er failed to log in. (UserName="ftp", IpAddress=, VpnInstanceName="")

Handling Process

1. Confirm with client, the user name and code is not problematic.
2. Open the debugging switch and check the interaction between switch and server:
terminal debugging                                          
terminal logging                                            
terminal monitor                                            
terminal trapping
debugging hwtacacs all
Signal shows as attachment
The signal state tacace sending to switch is: status:AUTHOR_STATUS_PASS_ADD, that means the authentication passed.the ftp patch field in signal is null FtpDirectory=, and it finds the problem.
3. Add the default ftp patch on the device, the problem solved.
Command: set default ftp-directory

Root Cause

1. User name and code failure
2. There is problem in signal interaction of tacacs server and our company switch.
3. Other peoblem.