<div dir="ltr">Hi guys!<div><br></div><div>I finally made it works! I did it with the config I mentioned before.</div><div><br></div><div>Searching a bit more I found this page </div><div><br></div><div><a href="http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-5/config_guide/b_cg75/b_cg75_chapter_0101001.html">http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-5/config_guide/b_cg75/b_cg75_chapter_0101001.html</a></div><div><br></div><div>In which I could fing this:</div><div><br></div><table class="" style="font-size:12px;font-family:Arial,Helvetica,sans-serif;margin-top:0.5em;margin-bottom:1.25em;line-height:14.3999996185303px;color:rgb(0,0,0)"><tbody><tr><td class="" style="font-size:1em;font-family:Arial,Helvetica,sans-serif;margin-top:0em;margin-bottom:0em;line-height:1.2em;vertical-align:top"><b>Note </b></td><td class="" style="font-size:1em;font-family:Arial,Helvetica,sans-serif;margin-top:0em;margin-bottom:0em;line-height:1.2em;vertical-align:top"><p style="font-size:1em;margin-top:0.5em;margin-bottom:0.5em;line-height:1.2em"><a name="ID1007__ID1027"></a>For basic management authentication via TACACS+ to succeed, it is required to configure authentication and authorization servers on the WLC. Accounting configuration is optional.</p></td></tr></tbody></table><div>So my error was that in the WLC, security, TACACS+, I had configured only Authentication without setting up the Authorization tacacs section.</div><div><br></div><div>Now it is working!</div><div><br></div><div>Thanks for your time and collaboration.</div><div><br></div><div>Best regards. </div></div><div class="gmail_extra"><br><div class="gmail_quote">2014-10-20 11:05 GMT-03:00 Alan Alejandro Villaverde <span dir="ltr"><<a href="mailto:alan.villaverde@gmail.com" target="_blank">alan.villaverde@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi Daniel,<div><br></div><div>Could you please teach me where I have to add this line?</div><div>I added this line into the group access list section. I dont know if it is ok, but the tacacs don´t show me any error.</div><div><br></div><div>NOTE: the tacacs production server is running F4.0.4.25</div><div><br></div><div>group = todo_super_user {</div><div>service = exec {</div><div>priv-lvl = 15</div><span class=""><div>}</div><div>service = ciscowlc {</div><div>role1 = ALL</div><div>}</div></span><div>acl = todo</div><div>}</div><div><br></div><div>Here the log: ( logging -d 16)</div><div><br></div><div>login query for 'avillaverde' unknown-port from 10.85.206.34 accepted</div><div><br></div><div>The authentication is valid, but the wireless controller is still prompting to me user and password again.</div><div><br></div><div><br></div><div>Do you have a WLC running <span style="font-family:arial,sans-serif;font-size:13px">7.3.101.0 and authenticating with tacacs? Maybe I am missing some configuration items.</span></div><div><span style="font-family:arial,sans-serif;font-size:13px"><br></span></div><div><span style="font-family:arial,sans-serif;font-size:13px">I will appreciate so much your help.</span></div><div><span style="font-family:arial,sans-serif;font-size:13px"><br></span></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">2014-10-17 13:08 GMT-03:00 Daniel Schmidt <span dir="ltr"><<a href="mailto:daniel.schmidt@wyo.gov" target="_blank">daniel.schmidt@wyo.gov</a>></span>:<div><div class="h5"><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">The WLC uses roles. <div><br></div><div><div> service = ciscowlc {</div><div> role1 = ALL</div><div> }</div></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div>On Tue, Oct 14, 2014 at 6:26 AM, Alan Alejandro Villaverde <span dir="ltr"><<a href="mailto:alan.villaverde@gmail.com" target="_blank">alan.villaverde@gmail.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div>Hi Guys,<br>
<br>
Thanks for your collaboration. I finally set up tacacs+-F4.0.4.26 on<br>
OpenSuse 12.1.<br>
<br>
Just another question, Have anyone of you set up a Cisco Wireless Lan<br>
Controller to authenticate through this tacacs? The running version<br>
7.3.101.0 is WLC.<br>
<br>
This doesn´t work for us. When I debugged tacacs, all seems to be fine,<br>
there is not any error. The authentication pass fine, but the web interface<br>
prompt me to authenticate again.<br>
<br>
I think I am missing something in the tacacs configuration for this kind of<br>
device.<br>
<br>
Do you have any idea?<br>
<br>
2014-10-10 11:37 GMT-03:00 Alan McKinnon <<a href="mailto:alan.mckinnon@gmail.com" target="_blank">alan.mckinnon@gmail.com</a>>:<br>
<div><div><br>
> On 10/10/2014 14:04, Alan Alejandro Villaverde wrote:<br>
> > Hi guys,<br>
> ><br>
> ><br>
> > I wondered which is the latest stable version you are running. In our<br>
> case<br>
> > we are running tacacs+-F4.0.4.25.<br>
> ><br>
> > Do you know if it is time to make an upgrade? What do you think? Is there<br>
> > any new stable version?<br>
> ><br>
> > BR<br>
> ><br>
><br>
><br>
> 4.0.4.27a is latest. However, it's a minor change from 4.0.4.25 and<br>
> fully detailed in the Changelogs. Review those - you will know if you<br>
> need them. If not, there's no need to upgrade.<br>
><br>
> 5.0.0a1 is not usable, don't try it. It's a first effort at heasley's<br>
> long-intended reorganize of the code base.<br>
><br>
> --<br>
> Alan McKinnon<br>
> <a href="mailto:alan.mckinnon@gmail.com" target="_blank">alan.mckinnon@gmail.com</a><br>
><br>
> _______________________________________________<br>
> tac_plus mailing list<br>
> <a href="mailto:tac_plus@shrubbery.net" target="_blank">tac_plus@shrubbery.net</a><br>
> <a href="http://www.shrubbery.net/mailman/listinfo/tac_plus" target="_blank">http://www.shrubbery.net/mailman/listinfo/tac_plus</a><br>
><br>
<br>
<br>
<br>
</div></div></div></div><div><div><div><div>--<br>
Alan Alejandro Villaverde.<br>
<br>
,JL.<br>
j@, Zv<br>
uJ.u@qJ<br>
:LBO:v1<br>
:r1@ MB<br>
G1 rB8Ur ,<br>
r@Ei O .7 @.<br>
:N,:BBO05v,:, :7 u Or<br>
vM@r:E: rqr,: .v X Or<br>
7@r v@U ,@::: 5 .L M:<br>
YO:2@OS. . .7: N iP<br>
Y@riBr ,:i::: :q ,q.<br>
qk :ii YO.<br>
iv7r77r iGF :7v7<br>
:u0u. 7Lj ;5k1r7BN<br>
7P552552v: LUM1, 7FUi:..v@B<br>
ik7JMJ. ..,v@rk.<br>
_..._ Y8. vL: .5@v E.<br>
.' '. ui,N: .G.O@: @<br>
/ _ _ \ .P: J7LEBO Bi<br>
| (o)_(o) | .1 i@B7 .MU<br>
\( ) / 2 :M@u .uMi<br>
//'._.'\ \ :k :U@BOi:vSM2B<br>
// . \ \ 7E@B@B@O8PrMk ;B<br>
|| . \ \ @: @r<br>
|\ : / | EM. ;@<br>
\ `) ' (` /_ .B7 0L<br>
_)``".____,.'"` (_ ..,:i;7vjuFXZEOMMBBL:::.rB@B@B@<br>
) )'--'( ( .,::ir77vvJjuu2UF5SS00GZOMBB@B@B@B@B@B@<br>
'---` `---` ::iirr77rrr77vLLLjuu25FXPNZGMOOO@B@B@B@B@@@B@B@B@B<br>
:i:i::,:,i,:,:.:.:.:.:.:.:.,.,.,............. ...<br></div></div>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
</div></div>URL: <<a href="http://www.shrubbery.net/pipermail/tac_plus/attachments/20141014/a79e8d9f/attachment.html" target="_blank">http://www.shrubbery.net/pipermail/tac_plus/attachments/20141014/a79e8d9f/attachment.html</a>><span><br>
<div><div>_______________________________________________<br>
tac_plus mailing list<br>
<a href="mailto:tac_plus@shrubbery.net" target="_blank">tac_plus@shrubbery.net</a><br>
<a href="http://www.shrubbery.net/mailman/listinfo/tac_plus" target="_blank">http://www.shrubbery.net/mailman/listinfo/tac_plus</a><br>
</div></div></span></blockquote></div><br></div>
<pre>E-Mail to and from me, in connection with the transaction
of public business, is subject to the Wyoming Public Records
Act and may be disclosed to third parties.
</pre></blockquote></div></div></div><div><div class="h5"><br><br clear="all"><div><br></div>-- <br><div dir="ltr">Alan Alejandro Villaverde. <br><pre><font size="3"><span style="white-space:pre-wrap"> ,JL.
j@, Zv
uJ.u@qJ
:LBO:v1
:r1@ MB
G1 rB8Ur ,
r@Ei O .7 @.
:N,:BBO05v,:, :7 u Or
vM@r:E: rqr,: .v X Or
7@r v@U ,@::: 5 .L M:
YO:2@OS. . .7: N iP
Y@riBr ,:i::: :q ,q.
qk :ii YO.
iv7r77r iGF :7v7
:u0u. 7Lj ;5k1r7BN
7P552552v: LUM1, 7FUi:..v@B
ik7JMJ. ..,v@rk.
_..._ Y8. vL: .5@v E.
.' '. ui,N: .G.O@: @
/ _ _ \ .P: J7LEBO Bi
| (o)_(o) | .1 i@B7 .MU
\( ) / 2 :M@u .uMi
//'._.'\ \ :k :U@BOi:vSM2B
// . \ \ 7E@B@B@O8PrMk ;B
|| . \ \ @: @r
|\ : / | EM. ;@
\ `) ' (` /_ .B7 0L
_)``".____,.'"` (_ ..,:i;7vjuFXZEOMMBBL:::.rB@B@B@
) )'--'( ( .,::ir77vvJjuu2UF5SS00GZOMBB@B@B@B@B@B@
'---` `---` ::iirr77rrr77vLLLjuu25FXPNZGMOOO@B@B@B@B@@@B@B@B@B
:i:i::,:,i,:,:.:.:.:.:.:.:.,.,.,............. ...</span></font><font face="Times New Roman" size="3"><span style="white-space:pre-wrap"><br></span></font></pre></div>
</div></div></div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr">Alan Alejandro Villaverde. <br><pre><font size="3"><span style="white-space:pre-wrap"> ,JL.
j@, Zv
uJ.u@qJ
:LBO:v1
:r1@ MB
G1 rB8Ur ,
r@Ei O .7 @.
:N,:BBO05v,:, :7 u Or
vM@r:E: rqr,: .v X Or
7@r v@U ,@::: 5 .L M:
YO:2@OS. . .7: N iP
Y@riBr ,:i::: :q ,q.
qk :ii YO.
iv7r77r iGF :7v7
:u0u. 7Lj ;5k1r7BN
7P552552v: LUM1, 7FUi:..v@B
ik7JMJ. ..,v@rk.
_..._ Y8. vL: .5@v E.
.' '. ui,N: .G.O@: @
/ _ _ \ .P: J7LEBO Bi
| (o)_(o) | .1 i@B7 .MU
\( ) / 2 :M@u .uMi
//'._.'\ \ :k :U@BOi:vSM2B
// . \ \ 7E@B@B@O8PrMk ;B
|| . \ \ @: @r
|\ : / | EM. ;@
\ `) ' (` /_ .B7 0L
_)``".____,.'"` (_ ..,:i;7vjuFXZEOMMBBL:::.rB@B@B@
) )'--'( ( .,::ir77vvJjuu2UF5SS00GZOMBB@B@B@B@B@B@
'---` `---` ::iirr77rrr77vLLLjuu25FXPNZGMOOO@B@B@B@B@@@B@B@B@B
:i:i::,:,i,:,:.:.:.:.:.:.:.,.,.,............. ...</span></font><font face="Times New Roman" size="3"><span style="white-space:pre-wrap"><br></span></font></pre></div>
</div>