cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
12230
Views
0
Helpful
8
Replies

Lobby Admin account in WLC

rochoa8aeg
Level 1
Level 1

I'm trying to create a lobby admin account on my WLC, easy enough I go to Management>Local Management Users> Create the user and assign him as a Lobby Admin. However, when I attempt to login as that lobby admin I am never allowed in, it just wont let me login as that user. If I look at the WLC logs it reads: Jul 14 16:10:29.282 ews_auth.c:1968 EMWEB-1-LOGIN_FAILED: Login failed. User:nicolasmin. Service-Type is not present or it doesn't allow READ/WRITE permission..

Does anyone know what that means and how I could fix it?

8 Replies 8

Scott Fella
Hall of Fame
Hall of Fame

Do you have radius configured and is management checked. Seems like it is hitting a radius server.

-Scott
*** Please rate helpful posts ***

Yes I have radius configured but it is only authenticating wireless clients. I have a number of Lobby Admins created and all can log in to the same controller without issue it just doesnt seem to like this name, even if I create a test account it works.

mat.edwards
Level 1
Level 1

When you created the account did you select 'User Access Mode' as Lobby Admin? Even if you didn't should still log you in just worth checking.

Try to create a different account and test that.

What version of code are you running?

I'm running code 4.2.130, and I have a handful of other Lobby Admin accounts created who can log on with no issue.

Yes when I created the account I did select the option in the drop-down box which elects the user as a Lobby Admin.

Do u have a TACACS server configured and TACACS is the primary database for management authentication????

Then make the priority as local then TACACS. It should work

Hi guys,

I'm having a similar issue. I created a lobby admin account but i'm not able to login using that account.

Error message:

*emWeb: Mar 01 14:56:33.179: %EMWEB-1-LOGIN_FAILED: ews_auth.c:2104 Login failed for the user:lobby. Service-Type is not present or it doesn't allow READ/WRITE permission..

My settings for SECURITY > Priority Order > Management User is RADIUS on top and LOCAL at the bottom. Would switching LOCAL to the top resolve the issue?

Scott Fella
Hall of Fame
Hall of Fame

If your authenticating using a local account created on the WLC, then local should be priority or on the top of the list. Is you are using radius for local management, then you would need to keep radius on the top of the list and create another policy in radius for lobby admin. Lobby admin uses a different service type than management users.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Scott Fella
Hall of Fame
Hall of Fame

Here is a link:

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a0080871921.shtml

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: