10-13-2022 08:29 AM
Starting this morning on my 9800 WLC I am receiving this error after logging in.
WH01-98K-WLC>enable
% Error in authentication.
There is no prompt for a password after the initial prompt I have had no issues for months this randomly started today. I can access the GUI and have elevated privilege's but not in CLI?
I have tried the following commands with no resolution:
no ip ssh server authenticate user keyboard
username <NAME> privilege 15 password 7 <PW>
aaa new-model
aaa authentication login default local
aaa authentication enable default enable
I attempted to reset the password from CLI in GUI and it wont change I also created another admin account and get the same results.
10-13-2022 01:14 PM
Hi,
Do you have any command authorization enabled for this WLC using TACACS? If not I would suggest you to create a new user with privilage 15. I assume that you have SSH enabled in the WLC and working properly.
username WLCadmin priv 15 secret WLCPassword
enable secret WLCSecret
!
line vty 0 50
login local
transport input SSH
!
If you want this to be done via GUI, then you can go to
Administration>>>Device - to check line config
Configuration>>>Security>>>AAA>>>Advance>>>Interface - to check AAA for lines
You can also use the command runner in GUI
Administration>>>Command line interface
to disable AAA if enabled and then to create the required local users. If you want to enable AAA again I would suggest test it in a test bed or set a reload timer and test all without saving the config, if all the tests are successful then save the config and cancel the reload
10-14-2022 09:02 AM
sounds like you forgot to save the config and then it crashed or got power cycled so you lost config - always remember to save config.
10-18-2022 06:44 AM
Arshad: Thanks for the information, I could only get to the > prompt in SSH would not even ask for PW when using enable but had elevated privilege in GUI I attempted to re run command for access and they would not take. Since this is a virtual appliance I just reloaded the last good image and it came back with no issues and worked as it had been.
Rich: The config was saved, I insure to always save before exiting a session as long as the instance works as it should. We did have a power issue the night before and I am concerned that during the reboot of the image something corrupted. But it takes about 5 min to reload the image and everything came back after that as it should of been.
10-18-2022 03:47 PM
Glad to hear you got it back
Mmmm interesting I think 9800 code is a bit buggy with config file integrity in some situations.
See one of my other posts about SSO pair losing all wireless config after one of them crashed - Cisco couldn't repro or explain it.
08-16-2023 08:02 AM
Probably a little late in the day, but I've encountered the same issue myself today. After doing tonnes of config on a 9800 that included enabling aaa, I saved config, logged out and went off for lunch. After coming back an logging into the CLI, I had no exec mode. I had to logon to the GUI, browse to administration->command line interface and issue these commands from there: -
aaa authentication login default local
aaa authentication enable default enable
aaa authorization exec default local if-authenticated
Looks like you were just missing the last line. I can log in with the local creds at the cli again now and it drops me straight into exec mode.
11-01-2023 09:03 PM
I had the same issue and like you amazing people said this what fixed it for me:
aaa new-model
aaa authentication login default local
aaa authentication enable default enable
aaa authorization exec default local if-authenticated
09-11-2024 12:33 AM
Yes, we can fix the issue with the follow commands:
aaa new-model
aaa authentication login default local
aaa authentication enable default enable
aaa authorization exec default local if-authenticated
we also can fix by:
enable secret xxx
11-26-2024 05:09 PM
A couple years late here, but wanted to post in case someone else comes across this.
Another command you can add is "aaa authorization exec default local" which - in tandem with your configuration above - should allow the exec access you are looking for.
aaa new-model
aaa authentication login default local
aaa authorization exec default local
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide