01-15-2014 01:30 PM - edited 03-10-2019 09:17 PM
So we have been running tacacs.net for a while and I have all my granular control I need for Switches, Routers and ASAs but we want to add WLCs to the list of devices we are using this for. I know it has to do with <Services> section of the authorization config but I just can't nail down the commands. Here is what I have now and it Passes authorization on the tacacs.net side but the WLC is having issues with what tacacs.net actually sends it.
<Services>
<Service>
<Set>service=ciscowlc</Set>
<Set>protocol=common</Set>
<Set>role1=ALL</Set>
</Service>
</Services>
06-24-2014 11:37 AM
06-24-2014 11:43 AM
Unfortunately I never did make any progress on this. I am still using Radius to log into the WLC itself. I just set up NPS on the same server Im running Tacacs.net so I still consolidated but I still need radius for a couple things.
06-25-2014 04:00 AM
I've spent some time on debugging on the WLC to try to solve this.
Believe I have found the issue, but the fix I think would need to be done in the Tacacs.net code.
When this is working via ACS (4.2) the debug outlook looks like this:
*tplusTransportThread: Jun 25 11:42:28.042: author response body: status=1 arg_cnt=1 msg_len=0 data_len=0
*tplusTransportThread: Jun 25 11:42:28.042: arg[0] = [9][role1=ALL]
A non working go using Tacacs.net looks like this:
*tplusTransportThread: Jun 25 11:04:26.200: author response body: status=1 arg_cnt=2 msg_len=0 data_len=0
*tplusTransportThread: Jun 25 11:04:26.200: arg[0] = [15][protocol=common]
*tplusTransportThread: Jun 25 11:04:26.200: arg[1] = [10][role1=ALL?]
I've tried lots of modification on the service config, even adding the individual roles instead of ALL.
My theory is that the WLC expect a roleX attribute in the ARG[0] position.
Tacacs.net always puts protocol=common in that slot (even if you move it lower down).
If you don't specify protocol=common it does not get any args.
Oh Well ..... ill mail tacacs.net and see if they want to experiment and fix in a new release.
Regards,
Simon.
12-19-2014 12:01 PM
Hi Guys
I have the same problem did you get it sorted and if please give me your solution.
Thanks
01-09-2015 07:02 AM
HI again.
I've not done any more on this however I do note that Tacacs.net have just released a newer version of their app (v1.3.1).
We are running v1.3 here.
Unfortunately I cannot find a change log on their website so no idea what this new version has.
Bug-fixes I would guess so there is an outside chance it may address the issue I mention above .....
Once I get some time ill test the new version and let you know how I get on.
03-30-2015 07:58 AM
Hi,
I am from TACACS.net and wanted to give an update.
We are aware of the problem and a fix will be available soon (no ETA yet). We will prioritize it based on the demand and available resources.
We would love to hear from you and appreciate your inputs here: http://tacacs.uservoice.com
Thanks
Duleep
10-01-2015 11:27 AM
I have upgraded to the new 2.0.1 version that specified a WLC fix, but still a no go. I have the same setup that @bounser01 originally posted. Anyone have any luck getting a working configuration?
Stephen
10-01-2015 11:46 AM
Please open a ticket. Support team will look into it.
10-01-2015 11:55 AM
@duleep0011 I did but it was closed yesterday. Ticket ID : 146. Let me know if I should open another?
10-01-2015 12:12 PM
You can reopen the same and provide the information Rob asked for.
Thanks
11-13-2015 04:43 AM
Stephen,
Did you get it working now? It is confirmed that the WLC is working for other users.
Thanks
02-19-2015 06:16 AM
im strucling with the same issue, im running tacacas.net v 1.3.1, has anyone found a solutions to this
11-13-2015 04:47 AM
All,
The WLC bug was fixed in the latest version (2.0.1).
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide