We use TACACS+ running on a Linux box to force a request for authorization from users going to the Internet. The reason for this was to provide logs that tracked individual activity, in case we had to identify who did what. It has worked quite well, except that people are irritated by the occasional need to re-enter their passwords when visiting a website (administration likes that, though, since it serves to remind people they are being watched).
Suddenly, we’re getting an initial failure when attempting to reach a page. You get the challenge from the TACACS+ server, enter your password, and the dnserror Windows page pops up in the browser. Hit refresh, and the proper page shows up (without the need to re-enter the password).
This *appears* to have begun around the time we made a few DNS changes to account for removing an old DNS server and adding a new one. At the same time, we also replaced a Cisco 1605-R (10 mbit) with a Cisco 2600 series router (10/100, and it’s negotiating 100). Oh, and I just realized we swapped out a Netgear hub for an SMC 10/100 8-port switch which connects the “outer perimeter” network (e.g., the 2600 fa0/1 interface to the PIX inner interface.
The TACACS+ server, and the boxes which are having trouble now, are hanging off the fa0/0 interface of the 2600.
Any idears?
Thanks, in advance!
