Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1509
Views
0
Helpful
6
Replies

TACACS Authentication on WCS6.0

Dirk Woellhaf
Level 1
Level 1

‎07-02-2009 01:41 AM - edited ‎07-03-2021 05:47 PM

Hi,

I've configured WCS6.0 to authenticate the useres against the Cisco ACS.

I've assigned all tasks from "root"-group to my user profile on the ACS, so I should have the sames rights as the local root-user.

Now, when I try to view the audit-report I get

"Permission Denied

You do not have privileges for the requested operation."

Does anyone know the reason for this?

BTW: Same happens when I try to open "AP Timers" under the Confgure->Controllers dialog.

Regards Dirk

regards, Dirk (Please rate if helpful)
Labels:
0 Helpful
6 Replies 6

Lucien Avramov
Level 10
Level 10

‎07-03-2009 06:32 PM

Make sure you are using root for the virtual domain on the upper right corner of WCS. If your roles in ACS are configured right, it should work.

0 Helpful

Dirk Woellhaf
Level 1
Level 1
In response to Lucien Avramov

‎07-06-2009 02:49 AM

Just using the Root-Domain, no other domains configured.

Copied the properties of the root-group exactly to the ACS configuration.

regards

regards, Dirk (Please rate if helpful)
0 Helpful

Lucien Avramov
Level 10
Level 10
In response to Dirk Woellhaf

‎07-06-2009 11:29 PM

There must be something wrong either on the WCS or ACS config.

If you feel the configuration you made is exactly step by step following :

http://www.cisco.com/en/US/docs/wireless/wcs/6.0/configuration/guide/6_0manag.html#wp1097777

AND

http://www.cisco.com/en/US/docs/wireless/wcs/6.0/configuration/guide/6_0admin.html#wpxref67416

Then open a TAC case. Usually the errors come from not configuring the virtual domains correctly, or misconfiguration on the ACS. At this point there are no bugs with WCS 6.0 and the integration with ACS.

Also, ACS 4.2 is the higher supported version. ACS express 5 neither ACS 5 are supported.

0 Helpful

Dirk Woellhaf
Level 1
Level 1
In response to Lucien Avramov

‎07-07-2009 04:48 AM

Hi,

did it exactly as specified in the documents.

Still the same error. Nothing in the error-log on the ACS.

Using ACS 4.1.(4) Build 13 Patch 11

Any ideas?

regards, Dirk (Please rate if helpful)
0 Helpful

c.yeo
Level 1
Level 1
In response to Dirk Woellhaf

‎07-20-2009 09:44 AM

I'm trying to use TACACS in our WCS/WLCs to authenticate to our ACS 5 server with no luck either. I can't find any step-by-step docs anywhere. We upgraded the WCS to verison 6.0.132.0 in hopes this would help, but we are still stuck.

Also tried upgrading the WLCs to 6.0.182.0 with no better luck.

I get errors like this in the WLC logs:

Jul 20 17:05:39.928: %EMWEB-1-LOGIN_FAILED: ews_auth.c:2106 Login failed. User:xxxxx Service-Type is not present or it doesn't allow READ/WRITE permission

Any ideas?

0 Helpful

brian.kachel
Level 4
Level 4
In response to c.yeo

‎07-29-2009 08:00 AM

WCS 6 has additional tasks listed (59 total) vs previous versions which only had about 45 in the task list. I was having issues with certain areas as well, but went into the AAA, Root export list and copied the new task list with al 59 and copied to the ACS atrributes under tacacs - no more problems.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card