https://community.cisco.com/t5/network-access-control/tacacs-issue-with-wlc-5508-acs-5-1/m-p/1948466#M387232 <P>Hi </P><P></P><P>I am trying to implement TACACS authentication against our internal database on the ACS 5.1 for access to our wlc 5508. I have configured the WLC 5508 to use the TACACS which is configured to point our ACS. In the ACS I have configured the relevant shell profile such as Role1, Mandatory &amp; ALL.</P><P></P><P>When looking into the ACS log it actually shows you that the TACACS access was passed. But when I have tried to login it comes back to the same login box.</P><P></P><P>I have attached a screen shot of the ACS log.</P><P></P><P>Any ideas?</P> Mon, 11 Mar 2019 01:57:44 GMT goudier2001 2019-03-11T01:57:44Z https://community.cisco.com/t5/network-access-control/tacacs-issue-with-wlc-5508-acs-5-1/m-p/1948466#M387232 <P>Hi </P><P></P><P>I am trying to implement TACACS authentication against our internal database on the ACS 5.1 for access to our wlc 5508. I have configured the WLC 5508 to use the TACACS which is configured to point our ACS. In the ACS I have configured the relevant shell profile such as Role1, Mandatory &amp; ALL.</P><P></P><P>When looking into the ACS log it actually shows you that the TACACS access was passed. But when I have tried to login it comes back to the same login box.</P><P></P><P>I have attached a screen shot of the ACS log.</P><P></P><P>Any ideas?</P> Mon, 11 Mar 2019 01:57:44 GMT https://community.cisco.com/t5/network-access-control/tacacs-issue-with-wlc-5508-acs-5-1/m-p/1948466#M387232 goudier2001 2019-03-11T01:57:44Z https://community.cisco.com/t5/network-access-control/tacacs-issue-with-wlc-5508-acs-5-1/m-p/1948467#M387276 <HTML><HEAD></HEAD><BODY><P>Forgot to mention the ACS version 5.1.0.11 &amp; the WLC 5508 is 7-0-220-0</P></BODY></HTML> Mon, 02 Apr 2012 13:57:52 GMT https://community.cisco.com/t5/network-access-control/tacacs-issue-with-wlc-5508-acs-5-1/m-p/1948467#M387276 goudier2001 2012-04-02T13:57:52Z https://community.cisco.com/t5/network-access-control/tacacs-issue-with-wlc-5508-acs-5-1/m-p/1948468#M387314 <HTML><HEAD></HEAD><BODY><P>Have you installed any patches for ACS 5.1 or are you on the base release</P><P></P><P>There were in total 6 cumulative patches for ACS 5.1 and at least some of these were applicable to TACACS+ and WLC</P><P>I don't remember them all off the top of my head and the release is a bit old but may include the following:</P><P>CSCtd24949 - Tacacs authorization failure when authen_type=0</P><P>CSCte81150 - ACS 5.x reports key mismatch for unknown authen type</P><P>CSCte70900 - ACS 5.1 rejects AP to join WDS domain by "LEAP packet validation failed"</P><P>CSCte16911 - ACS 5 doesn't support the PPP tacacs service type for authentication</P><P></P><P>Not sure I have pointed to a specific oen but I do strongly recommend installing patch 6 for ACS 5.1. Can be downloaded from CCO</P></BODY></HTML> Mon, 02 Apr 2012 14:42:38 GMT https://community.cisco.com/t5/network-access-control/tacacs-issue-with-wlc-5508-acs-5-1/m-p/1948468#M387314 jrabinow 2012-04-02T14:42:38Z https://community.cisco.com/t5/network-access-control/tacacs-issue-with-wlc-5508-acs-5-1/m-p/1948469#M387355 <HTML><HEAD></HEAD><BODY><P> Sorry My mistake. The version on the ACS is 5-1-0-44-6</P></BODY></HTML> Mon, 02 Apr 2012 16:32:42 GMT https://community.cisco.com/t5/network-access-control/tacacs-issue-with-wlc-5508-acs-5-1/m-p/1948469#M387355 goudier2001 2012-04-02T16:32:42Z https://community.cisco.com/t5/network-access-control/tacacs-issue-with-wlc-5508-acs-5-1/m-p/1948470#M387426 <HTML><HEAD></HEAD><BODY><P>Please post a screenshot of your shell profile. Authentication can pass but if the right attributes are not sent precisely, then nothing will happen on WLC.</P></BODY></HTML> Mon, 02 Apr 2012 18:40:34 GMT https://community.cisco.com/t5/network-access-control/tacacs-issue-with-wlc-5508-acs-5-1/m-p/1948470#M387426 Nicolas Darchis 2012-04-02T18:40:34Z https://community.cisco.com/t5/network-access-control/tacacs-issue-with-wlc-5508-acs-5-1/m-p/1948471#M387510 <HTML><HEAD></HEAD><BODY><P><IMG src="http://supportforums.cisco.com/sites/default/files/legacy/5/6/9/83965-shell%20profile3.jpg" class="jive-image" /></P></BODY></HTML> Mon, 02 Apr 2012 22:01:10 GMT https://community.cisco.com/t5/network-access-control/tacacs-issue-with-wlc-5508-acs-5-1/m-p/1948471#M387510 goudier2001 2012-04-02T22:01:10Z https://community.cisco.com/t5/network-access-control/tacacs-issue-with-wlc-5508-acs-5-1/m-p/1948472#M387566 <HTML><HEAD></HEAD><BODY><P>It turns out that the attribute entry that I entered had space characters in it which are there by default. This seems to be an undocumented bug. When you enter role1, mandatory then ALL. The ALL field has spaces in it which must be deleted first before entering your command.</P><P></P><P></P><P></P></BODY></HTML> Thu, 05 Apr 2012 22:12:25 GMT https://community.cisco.com/t5/network-access-control/tacacs-issue-with-wlc-5508-acs-5-1/m-p/1948472#M387566 goudier2001 2012-04-05T22:12:25Z https://community.cisco.com/t5/network-access-control/tacacs-issue-with-wlc-5508-acs-5-1/m-p/1948473#M387625 <HTML><HEAD></HEAD><BODY><P> thanks for posting.&nbsp; i had this issue as well.&nbsp; there were 22 spaces in the "empty" valuse field that were appended to my entered value.&nbsp; once removed, i was able to login.</P></BODY></HTML> Wed, 15 May 2013 17:45:22 GMT https://community.cisco.com/t5/network-access-control/tacacs-issue-with-wlc-5508-acs-5-1/m-p/1948473#M387625 bmarms 2013-05-15T17:45:22Z https://community.cisco.com/t5/network-access-control/tacacs-issue-with-wlc-5508-acs-5-1/m-p/1948474#M387666 <HTML><HEAD></HEAD><BODY><P>Hi All,</P><P></P><P>I am facing the same issue. I removed blank spaces in the attribute filed but still facing the issues. </P><P></P><P>Any idea, what could be causing the issue??</P><P></P><P>thanks</P><P>Imran</P></BODY></HTML> Mon, 03 Mar 2014 19:40:30 GMT https://community.cisco.com/t5/network-access-control/tacacs-issue-with-wlc-5508-acs-5-1/m-p/1948474#M387666 Imran Mirzanaik 2014-03-03T19:40:30Z