<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:12.0pt">Hi,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt">I have 4 Cisco Wireless controllers I’d like to use with the Shrubbery Networks TACACs interface but I’m having some issues. Could you help?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt">I seem to have it setup correctly but when the TACACs server returns a “Good-Authorized” message. The WLC doesn’t seem to understand and it drops the reply. So I can’t login.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt">This is what I’ve been seeing. Can anyone help?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt">Thanks!<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt">Shane Erwin<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><u><span style="font-size:12.0pt;color:#00B050">TACACS Server<o:p></o:p></span></u></b></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:#00B050">Mon Jun 20 18:08:48 2016 [10897]: Reading config<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:#00B050">Mon Jun 20 18:08:48 2016 [10897]: Version F4.0.4.26 Initialized 1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:#00B050">Mon Jun 20 18:08:48 2016 [10897]: tac_plus server F4.0.4.26 starting<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:#00B050">Mon Jun 20 18:08:48 2016 [10897]: session.peerip is 10.226.21.133<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:#00B050">Mon Jun 20 18:08:48 2016 [10897]: login query for 'serwin' unknown-port from 10.226.21.133 accepted<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:#00B050"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><u><span style="font-size:12.0pt">The Wireless controller log shows the following<o:p></o:p></span></u></b></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#333333;background:#F1F4F7">The WLC logs reads with the following.</span><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#333333"><br>
<span style="background:#F1F4F7">*emWeb: Jun 20 23:00:58.451: #EMWEB-3-LOGIN_FAILED: ews_auth.c:2138 Login failed for the user:serwin. Service-Type is not present or it doesn't allow READ/WRITE permission..<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#333333;background:#F1F4F7"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><u><span style="font-size:12.0pt;color:red">Wireless Controller debug of AAA<o:p></o:p></span></u></b></p>
<p class="MsoNormal"><span style="color:#C00000">(Cisco Controller) ><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C00000">*tplusTransportThread: Jun 21 20:27:44.562: User has the following mgmtRole 0<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C00000">*tplusTransportThread: Jun 21 20:28:27.594: Conecting to tacacs server 10.23.232.106 on port=49<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C00000"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#C00000">*tplusTransportThread: Jun 21 20:28:27.632: Received tplus auth response: type=1 seq_no=2 session_id=6bab0428 length=16 encrypted=0<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C00000"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#C00000">*tplusTransportThread: Jun 21 20:28:27.632: TPLUS_AUTHEN_STATUS_GETPASS<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C00000"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#C00000">*tplusTransportThread: Jun 21 20:28:27.632: auth_cont get_pass reply: pkt_length=27<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C00000"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#C00000">*tplusTransportThread: Jun 21 20:28:27.632: processTplusAuthResponse: Continue auth transaction<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C00000">*tplusTransportThread: Jun 21 20:28:28.183: Received tplus auth response: type=1 seq_no=4 session_id=6bab0428 length=6 encrypted=0<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C00000"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#C00000">*tplusTransportThread: Jun 21 20:28:28.183: Created tacacs author request payload(rc=0)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C00000"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#C00000">*tplusTransportThread: Jun 21 20:28:28.183: TPLUS_AUTHEN_STATUS_PASS: username=[serwin]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C00000"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#C00000">*tplusTransportThread: Jun 21 20:28:28.183: Conecting to tacacs server 10.23.232.106 on port=49<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C00000"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#C00000">*tplusTransportThread: Jun 21 20:28:28.216: author response body: status=1 arg_cnt=0 msg_len=0 data_len=0<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C00000"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#C00000">*tplusTransportThread: Jun 21 20:28:28.217:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C00000"> User has the following mgmtRole 0<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C00000"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#C00000">(Cisco Controller) >*tplusTransportThread: Jun 21 20:28:47.774: Conecting to tacacs server 10.23.232.106 on port=49<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C00000"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#C00000">*tplusTransportThread: Jun 21 20:28:47.811: Received tplus auth response: type=1 seq_no=2 session_id=67fc0acd length=16 encrypted=0<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C00000"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#C00000">*tplusTransportThread: Jun 21 20:28:47.811: TPLUS_AUTHEN_STATUS_GETPASS<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C00000"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#C00000">*tplusTransportThread: Jun 21 20:28:47.811: auth_cont get_pass reply: pkt_length=27<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C00000"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#C00000">*tplusTransportThread: Jun 21 20:28:47.811: processTplusAuthResponse: Continue auth transaction<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C00000">*tplusTransportThread: Jun 21 20:28:48.350: Received tplus auth response: type=1 seq_no=4 session_id=67fc0acd length=6 encrypted=0<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C00000"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#C00000">*tplusTransportThread: Jun 21 20:28:48.351: Created tacacs author request payload(rc=0)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C00000"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#C00000">*tplusTransportThread: Jun 21 20:28:48.351: TPLUS_AUTHEN_STATUS_PASS: username=[serwin]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C00000"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#C00000">*tplusTransportThread: Jun 21 20:28:48.351: Conecting to tacacs server 10.23.232.106 on port=49<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#C00000"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#C00000">*tplusTransportThread: Jun 21 20:28:48.385: author response body: status=1 arg_cnt=0 msg_len=0 data_len=0<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt"><o:p> </o:p></span></p>
</div>
NOTICE: This e-mail message and all attachments transmitted with it may contain legally privileged and confidential information intended solely for the use of the addressee. If the reader of this message is not the intended recipient, you are hereby notified
that any reading, dissemination, distribution, copying, or other use of this message or its attachments is strictly prohibited. If you have received this message in error, please notify the sender immediately by electronic mail and delete this message and
all copies and backups thereof. Thank you. Greenway Health.
</body>
</html>