I have noticed - when I try to login with standart AD user (petr.isakov) with broken LDAP integration I still recieve standart no-fallback banner ("Unauthorized access is strictly prohibited!\n")
motd banner = "####################\nHi ${user}!\nRealm: ${realm}\nProfile: ${profile}\n####################"
welcome banner = "Unauthorized access is strictly prohibited!\n"
welcome banner fallback = "AD backend unavailable Please use emergency local user!\n"
Mar 27 07:18:40 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 New session
Mar 27 07:18:40 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 ---<start packet>---
Mar 27 07:18:40 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 key used: demo
Mar 27 07:18:40 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 version: 192, type: 1, seq no: 1, flags: unencrypted
Mar 27 07:18:40 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 session id: 57f384f1, data length: 35
Mar 27 07:18:40 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 packet body (len: 35): \001\001\001\001\v\004\f\000petr.isakovtty110.11.176.96
Mar 27 07:18:40 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 0000 01 01 01 01 0b 04 0c 00 70 65 74 72 2e 69 73 61 ........ petr.isa
Mar 27 07:18:40 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 0010 6b 6f 76 74 74 79 31 31 30 2e 31 31 2e 31 37 36 kovtty11 0.11.176
Mar 27 07:18:40 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 0020 2e 39 36 .96
Mar 27 07:18:40 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 AUTHEN/START, priv_lvl=1
Mar 27 07:18:40 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 action=login (1)
Mar 27 07:18:40 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 authen_type=ascii (1)
Mar 27 07:18:40 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 service=login (1)
Mar 27 07:18:40 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 user_len=11 port_len=4 rem_addr_len=12
Mar 27 07:18:40 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 data_len=0
Mar 27 07:18:40 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 user (len: 11): petr.isakov
Mar 27 07:18:40 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 port (len: 4): tty1
Mar 27 07:18:40 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 rem_addr (len: 12): 10.11.176.96
Mar 27 07:18:40 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 ---<end packet>---
Mar 27 07:18:40 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 authen: hdr->seq_no: 1
Mar 27 07:18:40 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 pcre2: '^.*$' <=> 'petr.isakov' = 1
Mar 27 07:18:40 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 pcre2: setting username to 'petr.isakov'
Mar 27 07:18:40 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 line 2: [rewrite]
Mar 27 07:18:40 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 looking for user petr.isakov realm ipcore
Mar 27 07:18:40 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 user lookup failed
Mar 27 07:18:40 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 Writing AUTHEN/GETPASS size=72
Mar 27 07:18:40 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 ---<start packet>---
Mar 27 07:18:40 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 key used: demo
Mar 27 07:18:40 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 version: 192, type: 1, seq no: 2, flags: unencrypted
Mar 27 07:18:40 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 session id: 57f384f1, data length: 60
Mar 27 07:18:40 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 packet body (len: 60): \005\001\0006\000\000Unauthorized access is strictly prohibited!\nPassword:
Mar 27 07:18:40 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 0000 05 01 00 36 00 00 55 6e 61 75 74 68 6f 72 69 7a ...6..Un authoriz
Mar 27 07:18:40 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 0010 65 64 20 61 63 63 65 73 73 20 69 73 20 73 74 72 ed acces s is str
Mar 27 07:18:40 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 0020 69 63 74 6c 79 20 70 72 6f 68 69 62 69 74 65 64 ictly pr ohibited
Mar 27 07:18:40 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 0030 21 0a 50 61 73 73 77 6f 72 64 3a 20 !.Passwo rd:
Mar 27 07:18:40 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 AUTHEN, status=5 (AUTHEN/GETPASS) flags=0x1
Mar 27 07:18:40 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 msg_len=54, data_len=0
Mar 27 07:18:40 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 msg (len: 54): Unauthorized access is strictly prohibited!\nPassword:
Mar 27 07:18:40 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 data (len: 0):
Mar 27 07:18:40 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 ---<end packet>---
Mar 27 07:18:44 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 ---<start packet>---
Mar 27 07:18:44 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 key used: demo
Mar 27 07:18:44 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 version: 192, type: 1, seq no: 3, flags: unencrypted
Mar 27 07:18:44 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 session id: 57f384f1, data length: 21
Mar 27 07:18:44 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 packet body [partially masked] (len: 21): \000\020\000\000\000****************
Mar 27 07:18:44 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 0000 00 10 00 00 00 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a .....*** ********
Mar 27 07:18:44 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 0010 2a 2a 2a 2a 2a *****
Mar 27 07:18:44 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 AUTHEN/CONT user_msg_len=16, user_data_len=0
Mar 27 07:18:44 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 ---<end packet>---
Mar 27 07:18:44 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 authen: hdr->seq_no: 3
Mar 27 07:18:44 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 pcre2: '^.*$' <=> 'petr.isakov' = 1
Mar 27 07:18:44 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 pcre2: setting username to 'petr.isakov'
Mar 27 07:18:44 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 line 2: [rewrite]
Mar 27 07:18:44 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 looking for user petr.isakov realm ipcore
Mar 27 07:18:44 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 user lookup failed
Mar 27 07:18:44 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 evaluating ACL __internal__username_acl__
Mar 27 07:18:44 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 regex: '[]<>/()|=[*"':$]+' <=> 'petr.isakov' = 0
Mar 27 07:18:44 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 line 516: [user] regex '[]<>/()|=[*"':$]+' => false
Mar 27 07:18:44 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 line 516: [permit]
Mar 27 07:18:44 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 ACL __internal__username_acl__: match
Mar 27 07:18:44 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 117/f184f357: 10.78.42.216 looking for user petr.isakov in MAVIS backend
Mar 27 07:20:58 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 197/4bb8c035: 10.78.42.216 New session
Mar 27 07:20:58 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 197/4bb8c035: 10.78.42.216 ---<start packet>---
Mar 27 07:20:58 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 197/4bb8c035: 10.78.42.216 key used: demo
Mar 27 07:20:58 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 197/4bb8c035: 10.78.42.216 version: 192, type: 1, seq no: 1, flags: unencrypted
Mar 27 07:20:58 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 197/4bb8c035: 10.78.42.216 session id: 35c0b84b, data length: 31
Mar 27 07:20:58 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 197/4bb8c035: 10.78.42.216 packet body (len: 31): \001\001\001\001\a\004\f\000res_admtty210.11.176.96
Mar 27 07:20:58 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 197/4bb8c035: 10.78.42.216 0000 01 01 01 01 07 04 0c 00 72 65 73 5f 61 64 6d 74 ........ res_admt
Mar 27 07:20:58 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 197/4bb8c035: 10.78.42.216 0010 74 79 32 31 30 2e 31 31 2e 31 37 36 2e 39 36 ty210.11 .176.96
Mar 27 07:20:58 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 197/4bb8c035: 10.78.42.216 AUTHEN/START, priv_lvl=1
Mar 27 07:20:58 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 197/4bb8c035: 10.78.42.216 action=login (1)
Mar 27 07:20:58 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 197/4bb8c035: 10.78.42.216 authen_type=ascii (1)
Mar 27 07:20:58 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 197/4bb8c035: 10.78.42.216 service=login (1)
Mar 27 07:20:58 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 197/4bb8c035: 10.78.42.216 user_len=7 port_len=4 rem_addr_len=12
Mar 27 07:20:58 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 197/4bb8c035: 10.78.42.216 data_len=0
Mar 27 07:20:58 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 197/4bb8c035: 10.78.42.216 user (len: 7): res_adm
Mar 27 07:20:58 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 197/4bb8c035: 10.78.42.216 port (len: 4): tty2
Mar 27 07:20:58 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 197/4bb8c035: 10.78.42.216 rem_addr (len: 12): 10.11.176.96
Mar 27 07:20:58 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 197/4bb8c035: 10.78.42.216 ---<end packet>---
Mar 27 07:20:58 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 197/4bb8c035: 10.78.42.216 authen: hdr->seq_no: 1
Mar 27 07:20:58 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 197/4bb8c035: 10.78.42.216 pcre2: '^.*$' <=> 'res_adm' = 1
Mar 27 07:20:58 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 197/4bb8c035: 10.78.42.216 pcre2: setting username to 'res_adm'
Mar 27 07:20:58 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 197/4bb8c035: 10.78.42.216 line 2: [rewrite]
Mar 27 07:20:58 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 197/4bb8c035: 10.78.42.216 looking for user res_adm realm ipcore
Mar 27 07:20:58 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 197/4bb8c035: 10.78.42.216 Not in emergency mode, ignoring user res_adm
Mar 27 07:20:58 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 197/4bb8c035: 10.78.42.216 user lookup failed
Mar 27 07:20:58 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 197/4bb8c035: 10.78.42.216 shell login for 'res_adm' (realm: ipcore) from 10.11.176.96 on tty2 denied by ACL
Mar 27 07:20:58 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 197/4bb8c035: 10.78.42.216 Writing AUTHEN/FAIL size=18
Mar 27 07:20:58 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 197/4bb8c035: 10.78.42.216 ---<start packet>---
Mar 27 07:20:58 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 197/4bb8c035: 10.78.42.216 key used: demo
Mar 27 07:20:58 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 197/4bb8c035: 10.78.42.216 version: 192, type: 1, seq no: 2, flags: unencrypted
Mar 27 07:20:58 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 197/4bb8c035: 10.78.42.216 session id: 35c0b84b, data length: 6
Mar 27 07:20:58 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 197/4bb8c035: 10.78.42.216 packet body (len: 6): \002\000\000\000\000\000
Mar 27 07:20:58 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 197/4bb8c035: 10.78.42.216 0000 02 00 00 00 00 00 ......
Mar 27 07:20:58 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 197/4bb8c035: 10.78.42.216 AUTHEN, status=2 (AUTHEN/FAIL) flags=0x0
Mar 27 07:20:58 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 197/4bb8c035: 10.78.42.216 msg_len=0, data_len=0
Mar 27 07:20:58 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 197/4bb8c035: 10.78.42.216 msg (len: 0):
Mar 27 07:20:58 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 197/4bb8c035: 10.78.42.216 data (len: 0):
Mar 27 07:20:58 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 197/4bb8c035: 10.78.42.216 ---<end packet>---
Mar 27 07:21:03 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 19c/4dc07a72: 10.78.42.216 New session
Mar 27 07:21:03 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 19c/4dc07a72: 10.78.42.216 ---<start packet>---
Mar 27 07:21:03 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 19c/4dc07a72: 10.78.42.216 key used: demo
Mar 27 07:21:03 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 19c/4dc07a72: 10.78.42.216 version: 192, type: 1, seq no: 1, flags: unencrypted
Mar 27 07:21:03 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 19c/4dc07a72: 10.78.42.216 session id: 727ac04d, data length: 31
Mar 27 07:21:03 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 19c/4dc07a72: 10.78.42.216 packet body (len: 31): \001\001\001\001\a\004\f\000res_admtty210.11.176.96
Mar 27 07:21:03 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 19c/4dc07a72: 10.78.42.216 0000 01 01 01 01 07 04 0c 00 72 65 73 5f 61 64 6d 74 ........ res_admt
Mar 27 07:21:03 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 19c/4dc07a72: 10.78.42.216 0010 74 79 32 31 30 2e 31 31 2e 31 37 36 2e 39 36 ty210.11 .176.96
Mar 27 07:21:03 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 19c/4dc07a72: 10.78.42.216 AUTHEN/START, priv_lvl=1
Mar 27 07:21:03 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 19c/4dc07a72: 10.78.42.216 action=login (1)
Mar 27 07:21:03 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 19c/4dc07a72: 10.78.42.216 authen_type=ascii (1)
Mar 27 07:21:03 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 19c/4dc07a72: 10.78.42.216 service=login (1)
Mar 27 07:21:03 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 19c/4dc07a72: 10.78.42.216 user_len=7 port_len=4 rem_addr_len=12
Mar 27 07:21:03 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 19c/4dc07a72: 10.78.42.216 data_len=0
Mar 27 07:21:03 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 19c/4dc07a72: 10.78.42.216 user (len: 7): res_adm
Mar 27 07:21:03 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 19c/4dc07a72: 10.78.42.216 port (len: 4): tty2
Mar 27 07:21:03 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 19c/4dc07a72: 10.78.42.216 rem_addr (len: 12): 10.11.176.96
Mar 27 07:21:03 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 19c/4dc07a72: 10.78.42.216 ---<end packet>---
Mar 27 07:21:03 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 19c/4dc07a72: 10.78.42.216 authen: hdr->seq_no: 1
Mar 27 07:21:03 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 19c/4dc07a72: 10.78.42.216 pcre2: '^.*$' <=> 'res_adm' = 1
Mar 27 07:21:03 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 19c/4dc07a72: 10.78.42.216 pcre2: setting username to 'res_adm'
Mar 27 07:21:03 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 19c/4dc07a72: 10.78.42.216 line 2: [rewrite]
Mar 27 07:21:03 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 19c/4dc07a72: 10.78.42.216 looking for user res_adm realm ipcore
Mar 27 07:21:03 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 19c/4dc07a72: 10.78.42.216 Not in emergency mode, ignoring user res_adm
Mar 27 07:21:03 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 19c/4dc07a72: 10.78.42.216 user lookup failed
Mar 27 07:21:03 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 19c/4dc07a72: 10.78.42.216 shell login for 'res_adm' (realm: ipcore) from 10.11.176.96 on tty2 denied by ACL
Mar 27 07:21:03 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 19c/4dc07a72: 10.78.42.216 Writing AUTHEN/FAIL size=18
Mar 27 07:21:03 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 19c/4dc07a72: 10.78.42.216 ---<start packet>---
Mar 27 07:21:03 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 19c/4dc07a72: 10.78.42.216 key used: demo
Mar 27 07:21:03 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 19c/4dc07a72: 10.78.42.216 version: 192, type: 1, seq no: 2, flags: unencrypted
Mar 27 07:21:03 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 19c/4dc07a72: 10.78.42.216 session id: 727ac04d, data length: 6
Mar 27 07:21:03 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 19c/4dc07a72: 10.78.42.216 packet body (len: 6): \002\000\000\000\000\000
Mar 27 07:21:03 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 19c/4dc07a72: 10.78.42.216 0000 02 00 00 00 00 00 ......
Mar 27 07:21:03 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 19c/4dc07a72: 10.78.42.216 AUTHEN, status=2 (AUTHEN/FAIL) flags=0x0
Mar 27 07:21:03 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 19c/4dc07a72: 10.78.42.216 msg_len=0, data_len=0
Mar 27 07:21:03 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 19c/4dc07a72: 10.78.42.216 msg (len: 0):
Mar 27 07:21:03 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 19c/4dc07a72: 10.78.42.216 data (len: 0):
Mar 27 07:21:03 t2ru-tacacs-vm-01 tac_plus-ng[1847968]: 19c/4dc07a72: 10.78.42.216 ---<end packet>---
Mar 27 07:27:20 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 New session
Mar 27 07:27:20 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 ---<start packet>---
Mar 27 07:27:20 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 key used: demo
Mar 27 07:27:20 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 version: 192, type: 1, seq no: 1, flags: unencrypted
Mar 27 07:27:20 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 session id: 98be1274, data length: 31
Mar 27 07:27:20 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 packet body (len: 31): \001\001\001\001\a\004\f\000res_admtty110.11.176.96
Mar 27 07:27:20 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 0000 01 01 01 01 07 04 0c 00 72 65 73 5f 61 64 6d 74 ........ res_admt
Mar 27 07:27:20 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 0010 74 79 31 31 30 2e 31 31 2e 31 37 36 2e 39 36 ty110.11 .176.96
Mar 27 07:27:20 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 AUTHEN/START, priv_lvl=1
Mar 27 07:27:20 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 action=login (1)
Mar 27 07:27:20 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 authen_type=ascii (1)
Mar 27 07:27:20 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 service=login (1)
Mar 27 07:27:20 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 user_len=7 port_len=4 rem_addr_len=12
Mar 27 07:27:20 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 data_len=0
Mar 27 07:27:20 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 user (len: 7): res_adm
Mar 27 07:27:20 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 port (len: 4): tty1
Mar 27 07:27:20 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 rem_addr (len: 12): 10.11.176.96
Mar 27 07:27:20 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 ---<end packet>---
Mar 27 07:27:20 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 authen: hdr->seq_no: 1
Mar 27 07:27:20 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 pcre2: '^.*$' <=> 'res_adm' = 1
Mar 27 07:27:20 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 pcre2: setting username to 'res_adm'
Mar 27 07:27:20 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 line 2: [rewrite]
Mar 27 07:27:20 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 looking for user res_adm realm ipcore
Mar 27 07:27:20 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 user lookup succeded
Mar 27 07:27:20 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 Writing AUTHEN/GETPASS size=72
Mar 27 07:27:20 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 ---<start packet>---
Mar 27 07:27:20 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 key used: demo
Mar 27 07:27:20 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 version: 192, type: 1, seq no: 2, flags: unencrypted
Mar 27 07:27:20 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 session id: 98be1274, data length: 60
Mar 27 07:27:20 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 packet body (len: 60): \005\001\0006\000\000Unauthorized access is strictly prohibited!\nPassword:
Mar 27 07:27:20 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 0000 05 01 00 36 00 00 55 6e 61 75 74 68 6f 72 69 7a ...6..Un authoriz
Mar 27 07:27:20 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 0010 65 64 20 61 63 63 65 73 73 20 69 73 20 73 74 72 ed acces s is str
Mar 27 07:27:20 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 0020 69 63 74 6c 79 20 70 72 6f 68 69 62 69 74 65 64 ictly pr ohibited
Mar 27 07:27:20 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 0030 21 0a 50 61 73 73 77 6f 72 64 3a 20 !.Passwo rd:
Mar 27 07:27:20 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 AUTHEN, status=5 (AUTHEN/GETPASS) flags=0x1
Mar 27 07:27:20 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 msg_len=54, data_len=0
Mar 27 07:27:20 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 msg (len: 54): Unauthorized access is strictly prohibited!\nPassword:
Mar 27 07:27:20 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 data (len: 0):
Mar 27 07:27:20 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 ---<end packet>---
Mar 27 07:27:22 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 ---<start packet>---
Mar 27 07:27:22 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 key used: demo
Mar 27 07:27:22 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 version: 192, type: 1, seq no: 3, flags: unencrypted
Mar 27 07:27:22 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 session id: 98be1274, data length: 12
Mar 27 07:27:22 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 packet body [partially masked] (len: 12): \000\a\000\000\000*******
Mar 27 07:27:22 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 0000 00 07 00 00 00 2a 2a 2a 2a 2a 2a 2a .....*** ****
Mar 27 07:27:22 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 AUTHEN/CONT user_msg_len=7, user_data_len=0
Mar 27 07:27:22 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 ---<end packet>---
Mar 27 07:27:22 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 authen: hdr->seq_no: 3
Mar 27 07:27:22 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 pcre2: '^.*$' <=> 'res_adm' = 1
Mar 27 07:27:22 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 pcre2: setting username to 'res_adm'
Mar 27 07:27:22 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 line 2: [rewrite]
Mar 27 07:27:22 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 looking for user res_adm realm ipcore
Mar 27 07:27:22 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 user lookup succeded
Mar 27 07:27:22 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 evaluating ACL ipcore_spans
Mar 27 07:27:22 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 line 851: [member] member 'ipcore_ALL' => true
Mar 27 07:27:22 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 line 851: [nas] host 'ipcore_ALL' => true
Mar 27 07:27:22 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 line 851: [&&] => true
Mar 27 07:27:22 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 line 851: [||] => true
Mar 27 07:27:22 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 line 851: [!] => false
Mar 27 07:27:22 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 ACL ipcore_spans: no match
Mar 27 07:27:22 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216
res...@10.11.176.96: ACL ipcore_spans: <unknown> (profile: n/a)
Mar 27 07:27:22 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 evaluating ACL ipcore_roles
Mar 27 07:27:22 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 line 860: [member] member 'ipcore_bb_adm' => true
Mar 27 07:27:22 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 line 861: [profile] 'mbh_bb_adm'
Mar 27 07:27:22 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 line 862: [permit]
Mar 27 07:27:22 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 ACL ipcore_roles: match
Mar 27 07:27:22 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216
res...@10.11.176.96: ACL ipcore_roles: permit (profile: mbh_bb_adm)
Mar 27 07:27:22 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 shell login for 'res_adm' (realm: ipcore) from 10.11.176.96 on tty1 succeeded (profile=mbh_bb_adm)
Mar 27 07:27:22 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 Writing AUTHEN/PASS size=105
Mar 27 07:27:22 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 ---<start packet>---
Mar 27 07:27:22 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 key used: demo
Mar 27 07:27:22 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 version: 192, type: 1, seq no: 4, flags: unencrypted
Mar 27 07:27:22 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 session id: 98be1274, data length: 93
Mar 27 07:27:22 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 packet body (len: 93): \001\000\000W\000\000####################\nHi res_adm!\nRealm: ipcore\nProfile: mbh_bb_adm\n####################
Mar 27 07:27:22 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 0000 01 00 00 57 00 00 23 23 23 23 23 23 23 23 23 23 ...W..## ########
Mar 27 07:27:22 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 0010 23 23 23 23 23 23 23 23 23 23 0a 48 69 20 72 65 ######## ##.Hi re
Mar 27 07:27:22 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 0020 73 5f 61 64 6d 21 0a 52 65 61 6c 6d 3a 20 69 70 s_adm!.R ealm: ip
Mar 27 07:27:22 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 0030 63 6f 72 65 0a 50 72 6f 66 69 6c 65 3a 20 6d 62 core.Pro file: mb
Mar 27 07:27:22 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 0040 68 5f 62 62 5f 61 64 6d 0a 23 23 23 23 23 23 23 h_bb_adm .#######
Mar 27 07:27:22 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 0050 23 23 23 23 23 23 23 23 23 23 23 23 23 ######## #####
Mar 27 07:27:22 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 AUTHEN, status=1 (AUTHEN/PASS) flags=0x0
Mar 27 07:27:22 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 msg_len=87, data_len=0
Mar 27 07:27:22 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 msg (len: 87): ####################\nHi res_adm!\nRealm: ipcore\nProfile: mbh_bb_adm\n####################
Mar 27 07:27:22 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 data (len: 0):
Mar 27 07:27:22 t2ru-tacacs-vm-01 tac_plus-ng[1848568]: b7/7412be98: 10.78.42.216 ---<end packet>---