From acruhl at gmail.com Thu Jun 9 14:53:11 2016 From: acruhl at gmail.com (Andy Ruhl) Date: Thu, 9 Jun 2016 07:53:11 -0700 Subject: [tac_plus] Standing by for IPv6 test code Message-ID: I'm still wanting to test on IPv6 if a patch becomes available. I did some short searches and didn't come up with anything, if something is available kindly point me to it. Thanks. Andy From Shane.Erwin at greenwayhealth.com Thu Jun 23 03:39:18 2016 From: Shane.Erwin at greenwayhealth.com (Erwin, Shane) Date: Thu, 23 Jun 2016 03:39:18 +0000 Subject: [tac_plus] Trouble with AAA working on Cisco Wireless Controllers Message-ID: Hi, I have 4 Cisco Wireless controllers I'd like to use with the Shrubbery Networks TACACs interface but I'm having some issues. Could you help? I seem to have it setup correctly but when the TACACs server returns a "Good-Authorized" message. The WLC doesn't seem to understand and it drops the reply. So I can't login. This is what I've been seeing. Can anyone help? Thanks! Shane Erwin TACACS Server Mon Jun 20 18:08:48 2016 [10897]: Reading config Mon Jun 20 18:08:48 2016 [10897]: Version F4.0.4.26 Initialized 1 Mon Jun 20 18:08:48 2016 [10897]: tac_plus server F4.0.4.26 starting Mon Jun 20 18:08:48 2016 [10897]: session.peerip is 10.226.21.133 Mon Jun 20 18:08:48 2016 [10897]: login query for 'serwin' unknown-port from 10.226.21.133 accepted The Wireless controller log shows the following The WLC logs reads with the following. *emWeb: Jun 20 23:00:58.451: #EMWEB-3-LOGIN_FAILED: ews_auth.c:2138 Login failed for the user:serwin. Service-Type is not present or it doesn't allow READ/WRITE permission.. Wireless Controller debug of AAA (Cisco Controller) > *tplusTransportThread: Jun 21 20:27:44.562: User has the following mgmtRole 0 *tplusTransportThread: Jun 21 20:28:27.594: Conecting to tacacs server 10.23.232.106 on port=49 *tplusTransportThread: Jun 21 20:28:27.632: Received tplus auth response: type=1 seq_no=2 session_id=6bab0428 length=16 encrypted=0 *tplusTransportThread: Jun 21 20:28:27.632: TPLUS_AUTHEN_STATUS_GETPASS *tplusTransportThread: Jun 21 20:28:27.632: auth_cont get_pass reply: pkt_length=27 *tplusTransportThread: Jun 21 20:28:27.632: processTplusAuthResponse: Continue auth transaction *tplusTransportThread: Jun 21 20:28:28.183: Received tplus auth response: type=1 seq_no=4 session_id=6bab0428 length=6 encrypted=0 *tplusTransportThread: Jun 21 20:28:28.183: Created tacacs author request payload(rc=0) *tplusTransportThread: Jun 21 20:28:28.183: TPLUS_AUTHEN_STATUS_PASS: username=[serwin] *tplusTransportThread: Jun 21 20:28:28.183: Conecting to tacacs server 10.23.232.106 on port=49 *tplusTransportThread: Jun 21 20:28:28.216: author response body: status=1 arg_cnt=0 msg_len=0 data_len=0 *tplusTransportThread: Jun 21 20:28:28.217: User has the following mgmtRole 0 (Cisco Controller) >*tplusTransportThread: Jun 21 20:28:47.774: Conecting to tacacs server 10.23.232.106 on port=49 *tplusTransportThread: Jun 21 20:28:47.811: Received tplus auth response: type=1 seq_no=2 session_id=67fc0acd length=16 encrypted=0 *tplusTransportThread: Jun 21 20:28:47.811: TPLUS_AUTHEN_STATUS_GETPASS *tplusTransportThread: Jun 21 20:28:47.811: auth_cont get_pass reply: pkt_length=27 *tplusTransportThread: Jun 21 20:28:47.811: processTplusAuthResponse: Continue auth transaction *tplusTransportThread: Jun 21 20:28:48.350: Received tplus auth response: type=1 seq_no=4 session_id=67fc0acd length=6 encrypted=0 *tplusTransportThread: Jun 21 20:28:48.351: Created tacacs author request payload(rc=0) *tplusTransportThread: Jun 21 20:28:48.351: TPLUS_AUTHEN_STATUS_PASS: username=[serwin] *tplusTransportThread: Jun 21 20:28:48.351: Conecting to tacacs server 10.23.232.106 on port=49 *tplusTransportThread: Jun 21 20:28:48.385: author response body: status=1 arg_cnt=0 msg_len=0 data_len=0 NOTICE: This e-mail message and all attachments transmitted with it may contain legally privileged and confidential information intended solely for the use of the addressee. If the reader of this message is not the intended recipient, you are hereby notified that any reading, dissemination, distribution, copying, or other use of this message or its attachments is strictly prohibited. If you have received this message in error, please notify the sender immediately by electronic mail and delete this message and all copies and backups thereof. Thank you. Greenway Health. -------------- next part -------------- An HTML attachment was scrubbed... URL: From daniel.schmidt at wyo.gov Thu Jun 23 20:55:16 2016 From: daniel.schmidt at wyo.gov (Daniel Schmidt) Date: Thu, 23 Jun 2016 14:55:16 -0600 Subject: [tac_plus] Trouble with AAA working on Cisco Wireless Controllers In-Reply-To: References: Message-ID: The Cisco WLC is totally different, it uses roles. So, under your user, you would do: service = ciscowlc { role1 = MONITOR } MONITOR and ALL are two roles I remember. There's more, you can go look them up, they pretty much follow the tabs. On Wed, Jun 22, 2016 at 9:39 PM, Erwin, Shane < Shane.Erwin at greenwayhealth.com> wrote: > Hi, > > I have 4 Cisco Wireless controllers I'd like to use with the Shrubbery > Networks TACACs interface but I'm having some issues. Could you help? > > I seem to have it setup correctly but when the TACACs server returns a > "Good-Authorized" message. The WLC doesn't seem to understand and it drops > the reply. So I can't login. > > This is what I've been seeing. Can anyone help? > > Thanks! > Shane Erwin > > TACACS Server > Mon Jun 20 18:08:48 2016 [10897]: Reading config > Mon Jun 20 18:08:48 2016 [10897]: Version F4.0.4.26 Initialized 1 > Mon Jun 20 18:08:48 2016 [10897]: tac_plus server F4.0.4.26 starting > Mon Jun 20 18:08:48 2016 [10897]: session.peerip is 10.226.21.133 > Mon Jun 20 18:08:48 2016 [10897]: login query for 'serwin' unknown-port > from 10.226.21.133 accepted > > > > The Wireless controller log shows the following > The WLC logs reads with the following. > *emWeb: Jun 20 23:00:58.451: #EMWEB-3-LOGIN_FAILED: ews_auth.c:2138 Login > failed for the user:serwin. Service-Type is not present or it doesn't allow > READ/WRITE permission.. > > > Wireless Controller debug of AAA > (Cisco Controller) > > *tplusTransportThread: Jun 21 20:27:44.562: User has the following > mgmtRole 0 > *tplusTransportThread: Jun 21 20:28:27.594: Conecting to tacacs server > 10.23.232.106 on port=49 > > *tplusTransportThread: Jun 21 20:28:27.632: Received tplus auth response: > type=1 seq_no=2 session_id=6bab0428 length=16 encrypted=0 > > *tplusTransportThread: Jun 21 20:28:27.632: TPLUS_AUTHEN_STATUS_GETPASS > > *tplusTransportThread: Jun 21 20:28:27.632: auth_cont get_pass reply: > pkt_length=27 > > *tplusTransportThread: Jun 21 20:28:27.632: processTplusAuthResponse: > Continue auth transaction > *tplusTransportThread: Jun 21 20:28:28.183: Received tplus auth response: > type=1 seq_no=4 session_id=6bab0428 length=6 encrypted=0 > > *tplusTransportThread: Jun 21 20:28:28.183: Created tacacs author request > payload(rc=0) > > *tplusTransportThread: Jun 21 20:28:28.183: TPLUS_AUTHEN_STATUS_PASS: > username=[serwin] > > *tplusTransportThread: Jun 21 20:28:28.183: Conecting to tacacs server > 10.23.232.106 on port=49 > > *tplusTransportThread: Jun 21 20:28:28.216: author response body: status=1 > arg_cnt=0 msg_len=0 data_len=0 > > *tplusTransportThread: Jun 21 20:28:28.217: > User has the following > mgmtRole 0 > > (Cisco Controller) >*tplusTransportThread: Jun 21 20:28:47.774: Conecting > to tacacs server 10.23.232.106 on port=49 > > *tplusTransportThread: Jun 21 20:28:47.811: Received tplus auth response: > type=1 seq_no=2 session_id=67fc0acd length=16 encrypted=0 > > *tplusTransportThread: Jun 21 20:28:47.811: TPLUS_AUTHEN_STATUS_GETPASS > > *tplusTransportThread: Jun 21 20:28:47.811: auth_cont get_pass reply: > pkt_length=27 > > *tplusTransportThread: Jun 21 20:28:47.811: processTplusAuthResponse: > Continue auth transaction > *tplusTransportThread: Jun 21 20:28:48.350: Received tplus auth response: > type=1 seq_no=4 session_id=67fc0acd length=6 encrypted=0 > > *tplusTransportThread: Jun 21 20:28:48.351: Created tacacs author request > payload(rc=0) > > *tplusTransportThread: Jun 21 20:28:48.351: TPLUS_AUTHEN_STATUS_PASS: > username=[serwin] > > *tplusTransportThread: Jun 21 20:28:48.351: Conecting to tacacs server > 10.23.232.106 on port=49 > > *tplusTransportThread: Jun 21 20:28:48.385: author response body: status=1 > arg_cnt=0 msg_len=0 data_len=0 > > > NOTICE: This e-mail message and all attachments transmitted with it may > contain legally privileged and confidential information intended solely for > the use of the addressee. If the reader of this message is not the intended > recipient, you are hereby notified that any reading, dissemination, > distribution, copying, or other use of this message or its attachments is > strictly prohibited. If you have received this message in error, please > notify the sender immediately by electronic mail and delete this message > and all copies and backups thereof. Thank you. Greenway Health. > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://www.shrubbery.net/pipermail/tac_plus/attachments/20160623/ae4ace61/attachment.html > > > _______________________________________________ > tac_plus mailing list > tac_plus at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/tac_plus > -- E-Mail to and from me, in connection with the transaction of public business, is subject to the Wyoming Public Records Act and may be disclosed to third parties. -------------- next part -------------- An HTML attachment was scrubbed... URL: From Shane.Erwin at greenwayhealth.com Thu Jun 23 21:37:27 2016 From: Shane.Erwin at greenwayhealth.com (Erwin, Shane) Date: Thu, 23 Jun 2016 21:37:27 +0000 Subject: [tac_plus] Trouble with AAA working on Cisco Wireless Controllers In-Reply-To: References: Message-ID: IT I S A L I V E ! ! ! ! user = Wnelson { login = PAM member = default service = ciscowlc { role1 = ALL } } user = Bspringstein { login = PAM member = default service = ciscowlc { role1 = ALL } } Thank you so much. I can spell Linux but not much experience beyond how to VI a file. Now I understand what y?all have been saying. Again, Thanks!! From: Daniel Schmidt [mailto:daniel.schmidt at wyo.gov] Sent: Thursday, June 23, 2016 4:55 PM To: Erwin, Shane Cc: tac_plus at shrubbery.net Subject: Re: [tac_plus] Trouble with AAA working on Cisco Wireless Controllers The Cisco WLC is totally different, it uses roles. So, under your user, you would do: service = ciscowlc { role1 = MONITOR } MONITOR and ALL are two roles I remember. There's more, you can go look them up, they pretty much follow the tabs. On Wed, Jun 22, 2016 at 9:39 PM, Erwin, Shane > wrote: Hi, I have 4 Cisco Wireless controllers I'd like to use with the Shrubbery Networks TACACs interface but I'm having some issues. Could you help? I seem to have it setup correctly but when the TACACs server returns a "Good-Authorized" message. The WLC doesn't seem to understand and it drops the reply. So I can't login. This is what I've been seeing. Can anyone help? Thanks! Shane Erwin TACACS Server Mon Jun 20 18:08:48 2016 [10897]: Reading config Mon Jun 20 18:08:48 2016 [10897]: Version F4.0.4.26 Initialized 1 Mon Jun 20 18:08:48 2016 [10897]: tac_plus server F4.0.4.26 starting Mon Jun 20 18:08:48 2016 [10897]: session.peerip is 10.226.21.133 Mon Jun 20 18:08:48 2016 [10897]: login query for 'serwin' unknown-port from 10.226.21.133 accepted The Wireless controller log shows the following The WLC logs reads with the following. *emWeb: Jun 20 23:00:58.451: #EMWEB-3-LOGIN_FAILED: ews_auth.c:2138 Login failed for the user:serwin. Service-Type is not present or it doesn't allow READ/WRITE permission.. Wireless Controller debug of AAA (Cisco Controller) > *tplusTransportThread: Jun 21 20:27:44.562: User has the following mgmtRole 0 *tplusTransportThread: Jun 21 20:28:27.594: Conecting to tacacs server 10.23.232.106 on port=49 *tplusTransportThread: Jun 21 20:28:27.632: Received tplus auth response: type=1 seq_no=2 session_id=6bab0428 length=16 encrypted=0 *tplusTransportThread: Jun 21 20:28:27.632: TPLUS_AUTHEN_STATUS_GETPASS *tplusTransportThread: Jun 21 20:28:27.632: auth_cont get_pass reply: pkt_length=27 *tplusTransportThread: Jun 21 20:28:27.632: processTplusAuthResponse: Continue auth transaction *tplusTransportThread: Jun 21 20:28:28.183: Received tplus auth response: type=1 seq_no=4 session_id=6bab0428 length=6 encrypted=0 *tplusTransportThread: Jun 21 20:28:28.183: Created tacacs author request payload(rc=0) *tplusTransportThread: Jun 21 20:28:28.183: TPLUS_AUTHEN_STATUS_PASS: username=[serwin] *tplusTransportThread: Jun 21 20:28:28.183: Conecting to tacacs server 10.23.232.106 on port=49 *tplusTransportThread: Jun 21 20:28:28.216: author response body: status=1 arg_cnt=0 msg_len=0 data_len=0 *tplusTransportThread: Jun 21 20:28:28.217: User has the following mgmtRole 0 (Cisco Controller) >*tplusTransportThread: Jun 21 20:28:47.774: Conecting to tacacs server 10.23.232.106 on port=49 *tplusTransportThread: Jun 21 20:28:47.811: Received tplus auth response: type=1 seq_no=2 session_id=67fc0acd length=16 encrypted=0 *tplusTransportThread: Jun 21 20:28:47.811: TPLUS_AUTHEN_STATUS_GETPASS *tplusTransportThread: Jun 21 20:28:47.811: auth_cont get_pass reply: pkt_length=27 *tplusTransportThread: Jun 21 20:28:47.811: processTplusAuthResponse: Continue auth transaction *tplusTransportThread: Jun 21 20:28:48.350: Received tplus auth response: type=1 seq_no=4 session_id=67fc0acd length=6 encrypted=0 *tplusTransportThread: Jun 21 20:28:48.351: Created tacacs author request payload(rc=0) *tplusTransportThread: Jun 21 20:28:48.351: TPLUS_AUTHEN_STATUS_PASS: username=[serwin] *tplusTransportThread: Jun 21 20:28:48.351: Conecting to tacacs server 10.23.232.106 on port=49 *tplusTransportThread: Jun 21 20:28:48.385: author response body: status=1 arg_cnt=0 msg_len=0 data_len=0 NOTICE: This e-mail message and all attachments transmitted with it may contain legally privileged and confidential information intended solely for the use of the addressee. If the reader of this message is not the intended recipient, you are hereby notified that any reading, dissemination, distribution, copying, or other use of this message or its attachments is strictly prohibited. If you have received this message in error, please notify the sender immediately by electronic mail and delete this message and all copies and backups thereof. Thank you. Greenway Health. -------------- next part -------------- An HTML attachment was scrubbed... URL: _______________________________________________ tac_plus mailing list tac_plus at shrubbery.net http://www.shrubbery.net/mailman/listinfo/tac_plus E-Mail to and from me, in connection with the transaction of public business, is subject to the Wyoming Public Records Act and may be disclosed to third parties. -------------- next part -------------- An HTML attachment was scrubbed... URL: