[tac_plus] Trouble with AAA working on Cisco Wireless Controllers

Daniel Schmidt daniel.schmidt at wyo.gov
Thu Jun 23 20:55:16 UTC 2016 

The Cisco WLC is totally different, it uses roles.  So, under your user,
you would do:

        service = ciscowlc {
                role1 = MONITOR
        }

MONITOR and ALL are two roles I remember.  There's more, you can go look
them up, they pretty much follow the tabs.

On Wed, Jun 22, 2016 at 9:39 PM, Erwin, Shane <
Shane.Erwin at greenwayhealth.com> wrote:

> Hi,
>
> I have 4 Cisco Wireless controllers I'd like to use with the Shrubbery
> Networks TACACs interface but I'm having some issues. Could you help?
>
> I seem to have it setup correctly but when the TACACs server returns a
> "Good-Authorized" message. The WLC doesn't seem to understand and it drops
> the reply. So I can't login.
>
> This is what I've been seeing. Can anyone help?
>
> Thanks!
> Shane Erwin
>
> TACACS Server
> Mon Jun 20 18:08:48 2016 [10897]: Reading config
> Mon Jun 20 18:08:48 2016 [10897]: Version F4.0.4.26 Initialized 1
> Mon Jun 20 18:08:48 2016 [10897]: tac_plus server F4.0.4.26 starting
> Mon Jun 20 18:08:48 2016 [10897]: session.peerip is 10.226.21.133
> Mon Jun 20 18:08:48 2016 [10897]: login query for 'serwin' unknown-port
> from 10.226.21.133 accepted
>
>
>
> The Wireless controller log shows the following
> The WLC logs reads with the following.
> *emWeb: Jun 20 23:00:58.451: #EMWEB-3-LOGIN_FAILED: ews_auth.c:2138 Login
> failed for the user:serwin. Service-Type is not present or it doesn't allow
> READ/WRITE permission..
>
>
> Wireless Controller debug of AAA
> (Cisco Controller) >
> *tplusTransportThread: Jun 21 20:27:44.562: User has the following
> mgmtRole 0
> *tplusTransportThread: Jun 21 20:28:27.594: Conecting to tacacs server
> 10.23.232.106 on port=49
>
> *tplusTransportThread: Jun 21 20:28:27.632: Received tplus auth response:
> type=1 seq_no=2 session_id=6bab0428 length=16 encrypted=0
>
> *tplusTransportThread: Jun 21 20:28:27.632: TPLUS_AUTHEN_STATUS_GETPASS
>
> *tplusTransportThread: Jun 21 20:28:27.632: auth_cont get_pass reply:
> pkt_length=27
>
> *tplusTransportThread: Jun 21 20:28:27.632: processTplusAuthResponse:
> Continue auth transaction
> *tplusTransportThread: Jun 21 20:28:28.183: Received tplus auth response:
> type=1 seq_no=4 session_id=6bab0428 length=6 encrypted=0
>
> *tplusTransportThread: Jun 21 20:28:28.183: Created tacacs author request
> payload(rc=0)
>
> *tplusTransportThread: Jun 21 20:28:28.183: TPLUS_AUTHEN_STATUS_PASS:
> username=[serwin]
>
> *tplusTransportThread: Jun 21 20:28:28.183: Conecting to tacacs server
> 10.23.232.106 on port=49
>
> *tplusTransportThread: Jun 21 20:28:28.216: author response body: status=1
> arg_cnt=0 msg_len=0 data_len=0
>
> *tplusTransportThread: Jun 21 20:28:28.217:
>                                             User has the following
> mgmtRole 0
>
> (Cisco Controller) >*tplusTransportThread: Jun 21 20:28:47.774: Conecting
> to tacacs server 10.23.232.106 on port=49
>
> *tplusTransportThread: Jun 21 20:28:47.811: Received tplus auth response:
> type=1 seq_no=2 session_id=67fc0acd length=16 encrypted=0
>
> *tplusTransportThread: Jun 21 20:28:47.811: TPLUS_AUTHEN_STATUS_GETPASS
>
> *tplusTransportThread: Jun 21 20:28:47.811: auth_cont get_pass reply:
> pkt_length=27
>
> *tplusTransportThread: Jun 21 20:28:47.811: processTplusAuthResponse:
> Continue auth transaction
> *tplusTransportThread: Jun 21 20:28:48.350: Received tplus auth response:
> type=1 seq_no=4 session_id=67fc0acd length=6 encrypted=0
>
> *tplusTransportThread: Jun 21 20:28:48.351: Created tacacs author request
> payload(rc=0)
>
> *tplusTransportThread: Jun 21 20:28:48.351: TPLUS_AUTHEN_STATUS_PASS:
> username=[serwin]
>
> *tplusTransportThread: Jun 21 20:28:48.351: Conecting to tacacs server
> 10.23.232.106 on port=49
>
> *tplusTransportThread: Jun 21 20:28:48.385: author response body: status=1
> arg_cnt=0 msg_len=0 data_len=0
>
>
> NOTICE: This e-mail message and all attachments transmitted with it may
> contain legally privileged and confidential information intended solely for
> the use of the addressee. If the reader of this message is not the intended
> recipient, you are hereby notified that any reading, dissemination,
> distribution, copying, or other use of this message or its attachments is
> strictly prohibited. If you have received this message in error, please
> notify the sender immediately by electronic mail and delete this message
> and all copies and backups thereof. Thank you. Greenway Health.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://www.shrubbery.net/pipermail/tac_plus/attachments/20160623/ae4ace61/attachment.html
> >
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/tac_plus
>

-- 

E-Mail to and from me, in connection with the transaction 
of public business, is subject to the Wyoming Public Records 
Act and may be disclosed to third parties.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20160623/0fefe7ca/attachment.html>

More information about the tac_plus mailing list