cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8705
Views
23
Helpful
8
Replies

Error in authentication

Starting this morning on my 9800 WLC I am receiving this error after logging in.

WH01-98K-WLC>enable
% Error in authentication.

There is no prompt for a password after the initial prompt I have had no issues for months this randomly started today. I can access the GUI and have elevated privilege's but not in CLI? 

I have tried the following commands with no resolution:

no ip ssh server authenticate user keyboard

username <NAME> privilege 15 password 7 <PW>

aaa new-model

aaa authentication login default local

aaa authentication enable default enable

I attempted to reset the password from CLI in GUI and it wont change I also created another admin account and get the same results.

8 Replies 8

Arshad Safrulla
VIP Alumni
VIP Alumni

Hi,

Do you have any command authorization enabled for this WLC using TACACS? If not I would suggest you to create a new user with privilage 15. I assume that you have SSH enabled in the WLC and working properly.

username WLCadmin priv 15 secret WLCPassword

enable secret WLCSecret

!

line vty 0 50

login local

transport input SSH

!

If you want this to be done via GUI, then you can go to

Administration>>>Device - to check line config

Configuration>>>Security>>>AAA>>>Advance>>>Interface - to check AAA for lines

You can also use the command runner in GUI

Administration>>>Command line interface 

to disable AAA if enabled and then to create the required local users. If you want to enable AAA again I would suggest test it in a test bed or set a reload timer and test all without saving the config, if all the tests are successful then save the config and cancel the reload

 

Rich R
VIP
VIP

sounds like you forgot to save the config and then it crashed or got power cycled so you lost config - always remember to save config.

Arshad: Thanks for the information, I could only get to the > prompt in SSH would not even ask for PW when using enable but had elevated privilege in GUI I attempted to re run command for access and they would not take. Since this is a virtual appliance I just reloaded the last good image and it came back with no issues and worked as it had been.

Rich: The config was saved, I insure to always save before exiting a session as long as the instance works as it should. We did have a power issue the night before and I am concerned that during the reboot of the image something corrupted. But it takes about 5 min to reload the image and everything came back after that as it should of been. 

Rich R
VIP
VIP

Glad to hear you got it back
Mmmm interesting I think 9800 code is a bit buggy with config file integrity in some situations.
See one of my other posts about SSO pair losing all wireless config after one of them crashed - Cisco couldn't repro or explain it.

bazzaroo
Level 1
Level 1

Probably a little late in the day, but I've encountered the same issue myself today. After doing tonnes of config on a 9800 that included enabling aaa, I saved config, logged out and went off for lunch. After coming back an logging into the CLI, I had no exec mode. I had to logon to the GUI, browse to administration->command line interface and issue these commands from there: -

aaa authentication login default local
aaa authentication enable default enable
aaa authorization exec default local if-authenticated

Looks like you were just missing the last line. I can log in with the local creds at the cli again now and it drops me straight into exec mode.

WWS80793
Level 1
Level 1

I had the same issue and like you amazing people said this what fixed it for me:
aaa new-model

aaa authentication login default local

aaa authentication enable default enable

aaa authorization exec default local if-authenticated

gds456
Level 1
Level 1

Yes, we can fix the issue with the follow commands:

aaa new-model

aaa authentication login default local

aaa authentication enable default enable

aaa authorization exec default local if-authenticated

we also can fix by:

enable secret xxx

marvin.reyes1
Level 1
Level 1

A couple years late here, but wanted to post in case someone else comes across this.

Another command you can add is "aaa authorization exec default local" which - in tandem with your configuration above - should allow the exec access you are looking for. 

aaa new-model

aaa authentication login default local

aaa authorization exec default local

 

Review Cisco Networking for a $25 gift card