[tac_plus] Trouble with AAA working on Cisco Wireless Controllers

Thu Jun 23 03:39:18 UTC 2016

Hi,

I have 4 Cisco Wireless controllers I'd like to use with the Shrubbery Networks TACACs interface but I'm having some issues. Could you help?

I seem to have it setup correctly but when the TACACs server returns a "Good-Authorized" message. The WLC doesn't seem to understand and it drops the reply. So I can't login.

This is what I've been seeing. Can anyone help?

Thanks!
Shane Erwin

TACACS Server
Mon Jun 20 18:08:48 2016 [10897]: Reading config
Mon Jun 20 18:08:48 2016 [10897]: Version F4.0.4.26 Initialized 1
Mon Jun 20 18:08:48 2016 [10897]: tac_plus server F4.0.4.26 starting
Mon Jun 20 18:08:48 2016 [10897]: session.peerip is 10.226.21.133
Mon Jun 20 18:08:48 2016 [10897]: login query for 'serwin' unknown-port from 10.226.21.133 accepted

The Wireless controller log shows the following
The WLC logs reads with the following.
*emWeb: Jun 20 23:00:58.451: #EMWEB-3-LOGIN_FAILED: ews_auth.c:2138 Login failed for the user:serwin. Service-Type is not present or it doesn't allow READ/WRITE permission..

Wireless Controller debug of AAA
(Cisco Controller) >
*tplusTransportThread: Jun 21 20:27:44.562: User has the following mgmtRole 0
*tplusTransportThread: Jun 21 20:28:27.594: Conecting to tacacs server 10.23.232.106 on port=49

*tplusTransportThread: Jun 21 20:28:27.632: Received tplus auth response: type=1 seq_no=2 session_id=6bab0428 length=16 encrypted=0

*tplusTransportThread: Jun 21 20:28:27.632: TPLUS_AUTHEN_STATUS_GETPASS

*tplusTransportThread: Jun 21 20:28:27.632: auth_cont get_pass reply: pkt_length=27

*tplusTransportThread: Jun 21 20:28:27.632: processTplusAuthResponse: Continue auth transaction
*tplusTransportThread: Jun 21 20:28:28.183: Received tplus auth response: type=1 seq_no=4 session_id=6bab0428 length=6 encrypted=0

*tplusTransportThread: Jun 21 20:28:28.183: Created tacacs author request payload(rc=0)

*tplusTransportThread: Jun 21 20:28:28.183: TPLUS_AUTHEN_STATUS_PASS: username=[serwin]

*tplusTransportThread: Jun 21 20:28:28.183: Conecting to tacacs server 10.23.232.106 on port=49

*tplusTransportThread: Jun 21 20:28:28.216: author response body: status=1 arg_cnt=0 msg_len=0 data_len=0

*tplusTransportThread: Jun 21 20:28:28.217:
                                            User has the following mgmtRole 0

(Cisco Controller) >*tplusTransportThread: Jun 21 20:28:47.774: Conecting to tacacs server 10.23.232.106 on port=49

*tplusTransportThread: Jun 21 20:28:47.811: Received tplus auth response: type=1 seq_no=2 session_id=67fc0acd length=16 encrypted=0

*tplusTransportThread: Jun 21 20:28:47.811: TPLUS_AUTHEN_STATUS_GETPASS

*tplusTransportThread: Jun 21 20:28:47.811: auth_cont get_pass reply: pkt_length=27

*tplusTransportThread: Jun 21 20:28:47.811: processTplusAuthResponse: Continue auth transaction
*tplusTransportThread: Jun 21 20:28:48.350: Received tplus auth response: type=1 seq_no=4 session_id=67fc0acd length=6 encrypted=0

*tplusTransportThread: Jun 21 20:28:48.351: Created tacacs author request payload(rc=0)

*tplusTransportThread: Jun 21 20:28:48.351: TPLUS_AUTHEN_STATUS_PASS: username=[serwin]

*tplusTransportThread: Jun 21 20:28:48.351: Conecting to tacacs server 10.23.232.106 on port=49

*tplusTransportThread: Jun 21 20:28:48.385: author response body: status=1 arg_cnt=0 msg_len=0 data_len=0

NOTICE: This e-mail message and all attachments transmitted with it may contain legally privileged and confidential information intended solely for the use of the addressee. If the reader of this message is not the intended recipient, you are hereby notified that any reading, dissemination, distribution, copying, or other use of this message or its attachments is strictly prohibited. If you have received this message in error, please notify the sender immediately by electronic mail and delete this message and all copies and backups thereof. Thank you. Greenway Health.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20160623/ae4ace61/attachment.html>