Authorization Fail

The Oracle® Enterprise Session Border Controller initiates the authorization with an authorization REQUEST packet.

+-----------------------------------+
|           Common Header           |
|                                   |
|         type contains 0x2         |
+--------+--------+--------+--------+
|authen_ |priv_lvl|authen_ |authen_ |
|method  |        |type    |service |
|  0x05  |  0x00  |  0x01  |  0x01  |
|--------+--------+--------+--------+
|user_len|port_len|rem_addr|arg_cnt |
|        |        |_len    |        |
|    N   |    N   |    N   |    2   |
+--------+--------+--------+--------+
|arg1_len|arg2_len|      user ...   |
|        |        |                 |
|    N   |    N   |    login name   |
+--------+--------+-----------------+
|                port               |
|               tty10               |
+-----------------------------------+
|              rem_addr             |
|         localhost address         |
+-----------------------------------+
|                arg1               |
|                AVP                |
|           service=shell           |
+-----------------------------------+
|                arg2               |
|                AVP                |
|   cmd=configure terminal scurity  |
+-----------------------------------+

The authen_method field specifies the method used to authenticate the administrative subject — 0x05 for TAC_PLUS_AUTHEN_METHOD_LOCAL (authentication by the client).
The priv_lvl field specifies the privilege level requested by the user — 0x00 for TAC_PLUS_PRIV_LVL_MIN.
The authen_type field specifies the authentication methodology — 0x01 for TAC_PLUS_AUTHEN_TYPE_ASCII (simple login).
The authen_ service field specifies the requesting service — 0x01 for TAC_PLUS_AUTHEN_SVC_LOGIN (login service).
The user_len field contains the length, in octets, of the user field.
The port_len field contains the length, in octets, of the port field.
The rem_addr_len field contains the length, in octets, of the rem-addr field.
The arg_cnt field contains the number of arguments in the message body.
The arg1_len field contains the length, in octets, of the service AVP.
The arg2_len field contains the length, in octets, of the service AVP.
The user field contains the login name of an admin user.
The port field contains the name of the Oracle® Enterprise Session Border Controller port on which authentication is taking place. Following Cisco Systems convention, this field contains the string tty10 .
The rem_addr field specifies the location of the user to be authenticated. This field contains the localhost address.
The arg1 field contains the mandatory service AVP.
The arg2 field contains the mandatory cmd AVP.

The TACACS+ daemon returns an authorization RESPONSE reporting the status, and terminating the authorization session.

+-----------------------------------+
|           Common Header           |
|                                   |
|         type contains 0x2         |
+--------+--------+--------+--------+
| status |arg_cnt |  server_msg_len |
|  0x10  |   0    |        0        |
|--------+--------+--------+--------+
|     data_len    |
|        0        |
+-----------------+

The status field specifies the authorization status — 0x10 for TAC_PLUS_AUTHOR_STATUS_FAIL (authorization rejected).
The arg_cnt field contains a value of 0 — the authorization RESPONSE returns no arguments.
The server_msg_len and data_len fields both contain a value of 0 , as required by the TACACS+ protocol.