000021927 - Authentications fail with error: 'TACACS failed with TAC password'

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000021927
Applies ToTACACS+
RSA ACE/Server
RSA ACE/Server 3.3.x (no longer supported as of 3-30-2002)
Cisco Router
IssueAuthentications fail.
ACE log error: "TACACS failed with TAC password"
CauseThe ACE/Server v 3.3 upgrade sets all client definitions to DES encryption. See the Readme shipped with your ACE/Server 3.3.
ResolutionChange the client definitions from DES to SDI encryption or replace the sdconf.rec files on the clients with a new sdconf.rec file from the server with DES enabled.  Some older clients may only be able to use SDI encryption. You may also need to establish a new node secret file (default name securid in VAR_ACE directory). For TACACS+, the node secret is on the ACE/Server.

1. Go to Start --> Programs --> ACE/Server --> Database Administration

2. Select Client --> Edit Client

3. Edit each Client and select the Encryption Type of SDI
WorkaroundUpgraded to v 3.3
Legacy Article ID4.0.1174650.2431486