[tac_plus] Aruba controllers

heasley heas at shrubbery.net
Tue Dec 13 02:53:40 UTC 2016 

Fri, Dec 09, 2016 at 11:29:20AM -0800, Cal Man:
> Thanks! I added that to tac_plus.conf and was able to restart the service,
> but unfortunately the controllers still cannot authenticate. If anybody has
> gotten aruba controllers to work with tac_plus, I'd appreciate if you could
> share the relevant portions of the tac_plus.conf.

Have you tried tacacs or aaa debugging on the aruba?  I know nothing about
the arubas, but cisco ios debug is often helpful.

> On Fri, Dec 9, 2016 at 11:10 AM, heasley <heas at shrubbery.net> wrote:
> 
> > Thu, Dec 08, 2016 at 09:22:03AM -0800, Cal Man:
> > > Hello-
> > > I'm having some trouble getting Aruba controllers to authenticate to
> > > tac_plus. Aruba TAC tells me the config is right on their side, but the
> > > tac_plus server shows a login failure in the logs. Accounting works,
> > > though. Full AAA is working fine for our Arista, Juniper, and Brocade
> > gear.
> > >
> > > My research has indicated that I need to add "protocol = common" to the
> > > config, but anywhere I add it, the service will not restart. Here's the
> > > relevant portion of the config that I do have.
> > >
> > > group = admin {
> > >   default service = permit
> > >   login = PAM
> > >   acl = default
> > >   pap = cleartext "aruba"
> > >   service = aruba {
> > >     Aruba-Admin-Role = root
> > > #  protocol = common !this is where I suspect it's supposed to go
> >
> > its normally like:
> > service = aruba protocol = common {
> > }
> >
> > but this does not work for service aruba.  if you mean to send a AVP that
> > is named "protocol":
> >
> > service = aruba {
> >         "protocol" = common
> > }
> >
> > >   }
> > >   service = AMP {
> > >     role = "AMP Administrator"
> > >   }
> > >   service = exec {
> > >     priv-lvl = 15
> > >   }
> > > user = me {
> > >   member = admin
> > >   login = PAM
> > >   }
> > > }
> > >
> > > I would appreciate any help.
> > >
> > > Thanks,
> > > Cal
> > > -------------- next part --------------
> > > An HTML attachment was scrubbed...
> > > URL: <http://www.shrubbery.net/pipermail/tac_plus/
> > attachments/20161208/66ad63b3/attachment.html>
> > > _______________________________________________
> > > tac_plus mailing list
> > > tac_plus at shrubbery.net
> > > http://www.shrubbery.net/mailman/listinfo/tac_plus
> >
> 
> 
> 
> -- 
> *Cal Man*
> 
> 
> M:604-724-6595
> L:604-673-2737

More information about the tac_plus mailing list