Bitswap

eem quick note (authorisation failed)

Posted by Andy on April 23, 2009

How ofthen did y0u see such error ? Me too often 

%HA_EM-6-LOG: NAT : DEBUG(cli_lib) : : OUT : % Authorisation failed.

This post created to resolve this issue. 

 

The following example shows how to set a username to be associated with a Tcl session. If you are using authentication, authorization, and accounting (AAA) security and implement authorization on a command basis, you should use the event manager session cli username command to set a username to be associated with a Tcl session. The username is used when a Tcl policy executes a CLI command. TACACS+ verifies each CLI command using the username associated with the Tcl session that is running the policy. Commands from Tcl policies are not usually verified because the router must be in privileged EXEC mode to register the policy. In the example, the username is yourname, and this is the username that is used whenever a CLI command session is initiated from within an EEM policy.

configure terminal

 event manager session cli username yourname

 end
and voila !

 

Apr 23 13:18:10.210: Track: 101 Up change delayed for 20 secs

Apr 23 13:18:10.210: fh_fd_syslog_event_match: num_matches = 0

Apr 23 13:18:10.210: fh_fd_data_syslog: num_matches = 0

Apr 23 13:18:30.206: Track: 101 Up change delay expired

Apr 23 13:18:30.206: Track: 101 Change #5 rtr 101, state Down->Up

Apr 23 13:18:30.206: fh_track_object_changed: Track notification 101 state up

Apr 23 13:18:30.206: fh_fd_track_event_match: track ED pubinfo enqueue rc = 0

Apr 23 13:18:30.206: fh_fd_syslog_event_match: num_matches = 0

Apr 23 13:18:30.206: fh_fd_data_syslog: num_matches = 0

Apr 23 13:18:30.206: fh_fd_syslog_event_match: num_matches = 0

Apr 23 13:18:30.206: fh_fd_data_syslog: num_matches = 0

Apr 23 13:18:30.214: %HA_EM-6-LOG: NAT : DEBUG(cli_lib) : : CTL : cli_open called.

Apr 23 13:18:30.314: %HA_EM-6-LOG: NAT : DEBUG(cli_lib) : : OUT :

Apr 23 13:18:30.314: %HA_EM-6-LOG: NAT : DEBUG(cli_lib) : : OUT : rtr-1-nightagency line 2

Apr 23 13:18:30.314: %HA_EM-6-LOG: NAT : DEBUG(cli_lib) : : OUT :

Apr 23 13:18:30.314: %HA_EM-6-LOG: NAT : DEBUG(cli_lib) : : OUT : rtr-1-nightagency>

Apr 23 13:18:30.314: %HA_EM-6-LOG: NAT : DEBUG(cli_lib) : : IN  : rtr-1-nightagency>enable

Apr 23 13:18:30.314: cli_history_entry_add: free_hist_list size=0, hist_list size=7

Apr 23 13:18:30.314: check_eem_cli_policy_handler: command_string=enable

Apr 23 13:18:30.318: check_eem_cli_policy_handler: num_matches = 0, response_code = 1

Apr 23 13:18:30.326: %HA_EM-6-LOG: NAT : DEBUG(cli_lib) : : OUT :

Apr 23 13:18:30.326: %HA_EM-6-LOG: NAT : DEBUG(cli_lib) : : OUT : rtr-1-nightagency#

Apr 23 13:18:30.326: %HA_EM-6-LOG: NAT : DEBUG(cli_lib) : : IN  : rtr-1-nightagency#clear ip nat translation forced

Apr 23 13:18:30.330: cli_history_entry_add: free_hist_list size=0, hist_list size=7

Apr 23 13:18:30.330: check_eem_cli_policy_handler: command_string=clear ip nat translation forced

Apr 23 13:18:30.330: check_eem_cli_policy_handler: num_matches = 0, response_code = 1

Apr 23 13:18:30.474: %HA_EM-6-LOG: NAT : DEBUG(cli_lib) : : OUT :

Apr 23 13:18:30.474: %HA_EM-6-LOG: NAT : DEBUG(cli_lib) : : OUT : rtr-1-nightagency#

Apr 23 13:18:30.474: %HA_EM-6-LOG: NAT : DEBUG(cli_lib) : : IN  : rtr-1-nightagency#exit

Apr 23 13:18:30.474: %HA_EM-6-LOG: NAT : DEBUG(cli_lib) : : CTL : cli_close called.cron_tick: num_matches 0

Advertisements

One Response to “eem quick note (authorisation failed)”

  1. Leo Gal said

    solved my problem, thank you
    LG

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: