cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1785
Views
5
Helpful
13
Replies
Highlighted
Beginner

tacacs.net with a WLC

So we have been running tacacs.net for a while and I have all my granular control I need for Switches, Routers and ASAs but we want to add WLCs to the list of devices we are using this for. I know it has to do with <Services> section of the authorization config but I just can't nail down the commands. Here is what I have now and it Passes authorization on the tacacs.net side but the WLC is having issues with what tacacs.net actually sends it.

<Services>

<Service>

<Set>service=ciscowlc</Set>

<Set>protocol=common</Set>

<Set>role1=ALL</Set>

</Service>

</Services>

13 REPLIES 13
Highlighted
Beginner

Hi. I've just deployed Tacacs

Hi. I've just deployed Tacacs.net (great app). I'm trying to get this same part working too right now. No answer to this thread but did you manage to get this working anyhow and if so can you share the SERVICE section you used ? I have virtually what you posted here already. Many thanks and hope you can assist. Simon.
Highlighted
Beginner

Unfortunately I never did

Unfortunately I never did make any progress on this. I am still using Radius to log into the WLC itself. I just set up NPS on the same server Im running Tacacs.net so I still consolidated but I still need radius for a couple things.

Highlighted
Beginner

I've spent some time on

I've spent some time on debugging on the WLC to try to solve this.

Believe I have found the issue, but the fix I think would need to be done in the Tacacs.net code.

When this is working via ACS (4.2) the debug outlook looks like this:

*tplusTransportThread: Jun 25 11:42:28.042: author response body: status=1 arg_cnt=1 msg_len=0 data_len=0

*tplusTransportThread: Jun 25 11:42:28.042: arg[0] = [9][role1=ALL]

A non working go using Tacacs.net looks like this:

*tplusTransportThread: Jun 25 11:04:26.200: author response body: status=1 arg_cnt=2 msg_len=0 data_len=0

*tplusTransportThread: Jun 25 11:04:26.200: arg[0] = [15][protocol=common]

*tplusTransportThread: Jun 25 11:04:26.200: arg[1] = [10][role1=ALL?]

I've tried lots of modification on the service config, even adding the individual roles instead of ALL.

My theory is that the WLC expect a roleX attribute in the ARG[0] position.

Tacacs.net always puts protocol=common in that slot (even if you move it lower down).

If you don't specify protocol=common it does not get any args.

Oh Well ..... ill mail tacacs.net and see if they want to experiment and fix in a new release.

Regards,

 

Simon.

 

Highlighted
Beginner

Hi GuysI have the same

Hi Guys

I have the same problem did you get it sorted and if please give me your solution.

Thanks

Highlighted
Beginner

HI again.I've not done any

HI again.

I've not done any more on this however I do note that Tacacs.net have just released a newer version of their app (v1.3.1).
We are running v1.3 here.

Unfortunately I cannot find a change log on their website so no idea what this new version has.

Bug-fixes I would guess so there is an outside chance it may address the issue I mention above .....

Once I get some time ill test the new version and let you know how I get on.

Highlighted
Beginner

Hi, I am from TACACS.net and

Hi,

 

I am from TACACS.net and wanted to give an update.

We are aware of the problem and a fix will be available soon (no ETA yet). We will prioritize it based on the demand and available resources.

We would love to hear from you and appreciate your inputs here: http://tacacs.uservoice.com

Thanks

Duleep

Highlighted
Beginner

I have upgraded to the new 2

I have upgraded to the new 2.0.1 version that specified a WLC fix, but still a no go.  I have the same setup that @bounser01 originally posted.  Anyone have any luck getting a working configuration?

 

 

Stephen

Highlighted
Beginner

Please open a ticket. Support

Please open a ticket. Support team will look into it.

Highlighted
Beginner

@duleep0011 I did but it was

@duleep0011 I did but it was closed yesterday.  Ticket ID : 146.  Let me know if I should open another?

Highlighted
Beginner

You can reopen the same and 

You can reopen the same and  provide the information Rob asked for.

 

Thanks

Highlighted
Beginner

Stephen,

Stephen,

Did you get it working now? It is confirmed that the WLC is working for other users.

Thanks

Highlighted
Beginner

im strucling with the same

im strucling with the same issue, im running tacacas.net v 1.3.1, has anyone found a solutions to this

 

 

 

 

Highlighted
Beginner

All,

All,

The WLC bug was fixed in the latest version (2.0.1).

Thanks