Troubleshooting tips for the CISCO TACACS solution on the Bluecoat Director appliance?

<< Back to Knowledge Search



While I can use TACACS to authenticate to the Director console, through SSH, I cannot through the web user interface.

I cannot login to Director using a TACACS server from Cisco running version 4.2.



NOTE: To troubleshoot this issue, you'll need to login to the Command line interface ( CLI), via SSH. We recomend you use putty to login to Director.  Putty can be downloaded here.

 Troubleshooting steps:

1: Setup the var/log/messages file to send live updates to your putty SSH session.

  • director # config t
  • director #  shell
  • director #  tail -f /var/log/messages

2: Attempt to login , and trigger the symptom via the web UI, of being unable to login.

  • Here you can watch for any errors on the screen.

TIP: Between the client and Director, you are using the HTTP protocol, but between Director and the TACACS server you are using TCP and UDP.

3: Showing the Director, TACACS configuration:

  • Open another Putty session to the CLI.
  •  director > en 
  • director # config t
  • Show config
  • Press the space bar until you see the words TACACS.

TIP typing "TACACS-server ?" you will be shown  how you can change the TACACS configuration  on Director.

Solution: In one case we noticed  that the Cisco TACACS server was using RSA tokens for password protection.  RSA tokens  change the password every 60s seconds, and are incompatible with the authentication style of  Director . This resulted in us being able to login to the Command line interface via SSH,  but we were refused authentication via the web interface. Once we changed this to the Windows Domain Authentication the symptoms disapeared.

NOTE1: Terminal Access Controller Access-Control System (TACACS), is a remoted authentication protocol, based on TCP/UDP,  used to authentcate users to UNIX systems. For more information see this wiki link TACACS.

NOTE2:  For a complete set of steps to set up this solution with the CISCO TACACS server, see 000013371.

Additional Information
Bug Number
InQuira Doc IdKB4160

Article Feedback

Hide Properties
First Published      10/01/2014
Last Modified      10/01/2014
Last Published      10/01/2014
Article Audience
Product      Director-510
Topic      Application Delivery Network, Authentication, Configuration / WUI / CLI, Installation / Configuration
Article Number      000014157
Was this helpful?
Previous MonthNext Month