Authentication Failure with TACACS

I am attempting to set up TACACS for authentication for my network devices on RHEL 8. I now get the following errors in /var/log/secure whenever I try and log in:

tac_plus: pam_unix(tac_plus:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=exadmin
krb5_child: Pre-authentication failed: Cannot read password
tac_plus: pam_sss(tac_plus:auth): authentication success; logname= uid=0 euid=0 tty= ruser= rhost= user=exadmin
tac_plus: pam_sss(tac_plus:account):Access denied for user exadmin: 6 (Permission Denied)
tac_plus: login failure: user=exadmin device=switches IP ip=switches IP port=tty1 client=Machine I am sshing from

tac_plus.conf
Define where to log accounting data, this is the default.

accounting file = /var/log/tac_plus.acct

This is the key that clients have to use to access Tacacs+

key = "**********"

Use /etc/passwd file to do authentication

default authentication = file /etc/passwd

user= exadmin {

login = PAM
pap = PAM
member = admin
service = ppp protocol = ip {
shell:roles = sysadmin
shell:roles="network-admin" }
}

group = admin {

default service = permit

service = exec {

default attribute = permit

priv-lvl = 15

}

}

user = DEFAULT {
login = PAM
service = ppp protocol = ip {}
}

Here is my tac_plus pam

auth include system-auth

account required pam_nologin.so
account include system-auth

session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
session required pam_loginuid.so
session optional pam_keyinit.so force revoke
session include system-auth
session optional pam_motd.so motd=/run/motd.dynamic
session optional pam_motd.so noupdate
session required pam_limits.so
session required pam_env.so user_readenv=1 envfile=/etc/default/locale
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open

password include password-auth