<div dir="ltr"><div>The Cisco WLC is totally different, it uses roles. So, under your user, you would do:<br><br> service = ciscowlc {<br> role1 = MONITOR<br> }<br><br></div>MONITOR and ALL are two roles I remember. There's more, you can go look them up, they pretty much follow the tabs. <br></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jun 22, 2016 at 9:39 PM, Erwin, Shane <span dir="ltr"><<a href="mailto:Shane.Erwin@greenwayhealth.com" target="_blank">Shane.Erwin@greenwayhealth.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
<br>
I have 4 Cisco Wireless controllers I'd like to use with the Shrubbery Networks TACACs interface but I'm having some issues. Could you help?<br>
<br>
I seem to have it setup correctly but when the TACACs server returns a "Good-Authorized" message. The WLC doesn't seem to understand and it drops the reply. So I can't login.<br>
<br>
This is what I've been seeing. Can anyone help?<br>
<br>
Thanks!<br>
Shane Erwin<br>
<br>
TACACS Server<br>
Mon Jun 20 18:08:48 2016 [10897]: Reading config<br>
Mon Jun 20 18:08:48 2016 [10897]: Version F4.0.4.26 Initialized 1<br>
Mon Jun 20 18:08:48 2016 [10897]: tac_plus server F4.0.4.26 starting<br>
Mon Jun 20 18:08:48 2016 [10897]: session.peerip is 10.226.21.133<br>
Mon Jun 20 18:08:48 2016 [10897]: login query for 'serwin' unknown-port from 10.226.21.133 accepted<br>
<br>
<br>
<br>
The Wireless controller log shows the following<br>
The WLC logs reads with the following.<br>
*emWeb: Jun 20 23:00:58.451: #EMWEB-3-LOGIN_FAILED: ews_auth.c:2138 Login failed for the user:serwin. Service-Type is not present or it doesn't allow READ/WRITE permission..<br>
<br>
<br>
Wireless Controller debug of AAA<br>
(Cisco Controller) ><br>
*tplusTransportThread: Jun 21 20:27:44.562: User has the following mgmtRole 0<br>
*tplusTransportThread: Jun 21 20:28:27.594: Conecting to tacacs server 10.23.232.106 on port=49<br>
<br>
*tplusTransportThread: Jun 21 20:28:27.632: Received tplus auth response: type=1 seq_no=2 session_id=6bab0428 length=16 encrypted=0<br>
<br>
*tplusTransportThread: Jun 21 20:28:27.632: TPLUS_AUTHEN_STATUS_GETPASS<br>
<br>
*tplusTransportThread: Jun 21 20:28:27.632: auth_cont get_pass reply: pkt_length=27<br>
<br>
*tplusTransportThread: Jun 21 20:28:27.632: processTplusAuthResponse: Continue auth transaction<br>
*tplusTransportThread: Jun 21 20:28:28.183: Received tplus auth response: type=1 seq_no=4 session_id=6bab0428 length=6 encrypted=0<br>
<br>
*tplusTransportThread: Jun 21 20:28:28.183: Created tacacs author request payload(rc=0)<br>
<br>
*tplusTransportThread: Jun 21 20:28:28.183: TPLUS_AUTHEN_STATUS_PASS: username=[serwin]<br>
<br>
*tplusTransportThread: Jun 21 20:28:28.183: Conecting to tacacs server 10.23.232.106 on port=49<br>
<br>
*tplusTransportThread: Jun 21 20:28:28.216: author response body: status=1 arg_cnt=0 msg_len=0 data_len=0<br>
<br>
*tplusTransportThread: Jun 21 20:28:28.217:<br>
User has the following mgmtRole 0<br>
<br>
(Cisco Controller) >*tplusTransportThread: Jun 21 20:28:47.774: Conecting to tacacs server 10.23.232.106 on port=49<br>
<br>
*tplusTransportThread: Jun 21 20:28:47.811: Received tplus auth response: type=1 seq_no=2 session_id=67fc0acd length=16 encrypted=0<br>
<br>
*tplusTransportThread: Jun 21 20:28:47.811: TPLUS_AUTHEN_STATUS_GETPASS<br>
<br>
*tplusTransportThread: Jun 21 20:28:47.811: auth_cont get_pass reply: pkt_length=27<br>
<br>
*tplusTransportThread: Jun 21 20:28:47.811: processTplusAuthResponse: Continue auth transaction<br>
*tplusTransportThread: Jun 21 20:28:48.350: Received tplus auth response: type=1 seq_no=4 session_id=67fc0acd length=6 encrypted=0<br>
<br>
*tplusTransportThread: Jun 21 20:28:48.351: Created tacacs author request payload(rc=0)<br>
<br>
*tplusTransportThread: Jun 21 20:28:48.351: TPLUS_AUTHEN_STATUS_PASS: username=[serwin]<br>
<br>
*tplusTransportThread: Jun 21 20:28:48.351: Conecting to tacacs server 10.23.232.106 on port=49<br>
<br>
*tplusTransportThread: Jun 21 20:28:48.385: author response body: status=1 arg_cnt=0 msg_len=0 data_len=0<br>
<br>
<br>
NOTICE: This e-mail message and all attachments transmitted with it may contain legally privileged and confidential information intended solely for the use of the addressee. If the reader of this message is not the intended recipient, you are hereby notified that any reading, dissemination, distribution, copying, or other use of this message or its attachments is strictly prohibited. If you have received this message in error, please notify the sender immediately by electronic mail and delete this message and all copies and backups thereof. Thank you. Greenway Health.<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a href="http://www.shrubbery.net/pipermail/tac_plus/attachments/20160623/ae4ace61/attachment.html" rel="noreferrer" target="_blank">http://www.shrubbery.net/pipermail/tac_plus/attachments/20160623/ae4ace61/attachment.html</a>><br>
_______________________________________________<br>
tac_plus mailing list<br>
<a href="mailto:tac_plus@shrubbery.net">tac_plus@shrubbery.net</a><br>
<a href="http://www.shrubbery.net/mailman/listinfo/tac_plus" rel="noreferrer" target="_blank">http://www.shrubbery.net/mailman/listinfo/tac_plus</a><br>
</blockquote></div><br></div>
<br>
<br>E-Mail to and from me, in connection with the transaction <br>of public business, is subject to the Wyoming Public Records <br>Act and may be disclosed to third parties.<br>