07-14-2009 04:34 PM - edited 07-03-2021 05:49 PM
I'm trying to create a lobby admin account on my WLC, easy enough I go to Management>Local Management Users> Create the user and assign him as a Lobby Admin. However, when I attempt to login as that lobby admin I am never allowed in, it just wont let me login as that user. If I look at the WLC logs it reads: Jul 14 16:10:29.282 ews_auth.c:1968 EMWEB-1-LOGIN_FAILED: Login failed. User:nicolasmin. Service-Type is not present or it doesn't allow READ/WRITE permission..
Does anyone know what that means and how I could fix it?
07-14-2009 07:19 PM
Do you have radius configured and is management checked. Seems like it is hitting a radius server.
07-15-2009 06:01 PM
Yes I have radius configured but it is only authenticating wireless clients. I have a number of Lobby Admins created and all can log in to the same controller without issue it just doesnt seem to like this name, even if I create a test account it works.
07-15-2009 04:15 AM
When you created the account did you select 'User Access Mode' as Lobby Admin? Even if you didn't should still log you in just worth checking.
Try to create a different account and test that.
What version of code are you running?
07-15-2009 06:04 PM
I'm running code 4.2.130, and I have a handful of other Lobby Admin accounts created who can log on with no issue.
Yes when I created the account I did select the option in the drop-down box which elects the user as a Lobby Admin.
07-16-2009 09:14 PM
Do u have a TACACS server configured and TACACS is the primary database for management authentication????
Then make the priority as local then TACACS. It should work
02-28-2011 11:50 PM
Hi guys,
I'm having a similar issue. I created a lobby admin account but i'm not able to login using that account.
Error message:
*emWeb: Mar 01 14:56:33.179: %EMWEB-1-LOGIN_FAILED: ews_auth.c:2104 Login failed for the user:lobby. Service-Type is not present or it doesn't allow READ/WRITE permission..
My settings for SECURITY > Priority Order > Management User is RADIUS on top and LOCAL at the bottom. Would switching LOCAL to the top resolve the issue?
03-01-2011 04:27 AM
If your authenticating using a local account created on the WLC, then local should be priority or on the top of the list. Is you are using radius for local management, then you would need to keep radius on the top of the list and create another policy in radius for lobby admin. Lobby admin uses a different service type than management users.
Sent from Cisco Technical Support iPhone App
03-01-2011 04:30 AM
Here is a link:
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a0080871921.shtml
Sent from Cisco Technical Support iPhone App
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: