000017972 - TACACS+ accounting sends valid response

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000017972
Applies ToRSA ACE/Server 3.3.x (no longer supported as of 3-30-2002)
RSA ACE/Server TACACS+
Cisco specification for account states:

3.2. The accounting REPLY packet body

The response to an accounting message is used to indicate that the
accounting function on the daemon has completed and securely
committed the record. This provides the client the best possible
guarantee that the data is indeed logged.

1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8

+----------------+----------------+----------------+----------------+
| server_msg len | data len |
+----------------+----------------+----------------+----------------+
| status | server_msg ...
+----------------+----------------+----------------+----------------+
| data ...
+----------------+

status

This is the return status. Values are:
TAC_PLUS_ACCT_STATUS_SUCCESS := 0x01
TAC_PLUS_ACCT_STATUS_ERROR := 0x02
TAC_PLUS_ACCT_STATUS_FOLLOW := 0x21

server_msg

This is an ASCII string that may be presented to the user. The deci-
sion to present this message is client-specific.

data

This is an ASCII string that may be presented on an administrative
display, console or log. The decision to present this message is
client-specific.

When the status equals TAC_PLUS_ACCT_STATUS_FOLLOW, then the actions
to be taken and the contents of the data field are identical to the
TAC_PLUS_AUTHEN_STATUS_FOLLOW status for Authentication.
The daemon MUST terminate the session after sending a REPLY.

The TAC_PLUS_ACCT_FLAG_START flag indicates that this is a start
accounting message. Start messages should only be sent once when a
task is started. The TAC_PLUS_ACCT_FLAG_STOP indicates that this is a
stop record and that the task has terminated. The
TAC_PLUS_ACCT_FLAG_WATCHDOG flag means that this is an update record.
Update records are sent at the client's discretion when the task is
still running.

The START and STOP flags are mutually exclusive. When the WATCHDOG
flag is set along with the START flag, it indicates that the update
record is a duplicate of the original START record. If the START flag
is not set, then this indicates a minimal record indicating only that
task is still running. The STOP flag MUST NOT be set in conjunction
with the WATCHDOG flag.
IssueTACACS+ accounting sends valid response
Cisco router debug shows:5d00h: TAC+: (3293499215): received acct response status = UNKNOWN
ResolutionA replacement version of _sdtacplusd has been written by RSA Security for ACE/Server 3.3.1 referenced as ID 1007947
Legacy Article ID4.0.1651940.2506136

Attachments

    Outcomes