A large company uses an AAA server to manage network device access.
The engineers can use their domain credentials to access all other servers.
Currently, the network engineers cannot access the AAA server using domain credentials, but they can access it using a local account.
Which of the following should the engineers update?
A.
Host-based firewall settings B.
TACAS+ server time C.
Server IP address D.
DNS SRV record.
B.
A large company uses an AAA server to manage network device access.
The engineers can use their domain credentials to access all other servers.
Currently, the network engineers cannot access the AAA server using domain credentials, but they can access it using a local account.
Which of the following should the engineers update?
A.
Host-based firewall settings
B.
TACAS+ server time
C.
Server IP address
D.
DNS SRV record.
B.
The engineers in the scenario can access all other servers using their domain credentials, but they cannot access the AAA server using the same credentials. This indicates that there may be a problem with the authentication or authorization settings for the AAA server.
Option A, host-based firewall settings, may prevent network traffic from reaching the AAA server or block access to specific ports. However, if the engineers can access the AAA server using a local account, it is unlikely that the firewall is blocking traffic.
Option B, TACACS+ server time, is not relevant to the scenario since it does not affect the authentication or authorization of users.
Option C, server IP address, is also not relevant since the engineers are able to access the AAA server using a local account, indicating that the server is functioning properly.
Option D, DNS SRV record, is responsible for mapping domain names to IP addresses. However, this is not relevant to the scenario since the engineers are already able to access other servers using their domain credentials.
Therefore, the correct answer is B, TACACS+ server time. TACACS+ is a protocol used by AAA servers to authenticate and authorize network users. The TACACS+ server's clock must be synchronized with other devices on the network, including the domain controller. If the TACACS+ server's clock is not synchronized, it may reject requests from users who have valid domain credentials. Updating the TACACS+ server's time settings should enable the engineers to access the AAA server using their domain credentials.