01-24-2012 07:18 AM - edited 07-03-2021 09:26 PM
Hello,
I was wondering if anyone has successfully managed to configure ACS 5.1 to accept login request from a 5500 WLC?
I've managed to get it configured following the follow link https://supportforums.cisco.com/docs/DOC-14908
but when I try to login to the WLC using my ACS credentials I just get the login screen again. I've checked the ACS logs and it says my username has passed the authentication process and it matches all the rules I've set. The only thing I've noticed is my "Privilege Level" is only 1 but I'm not sure if thats correct for a http login.
Any help would be appreciated.
Solved! Go to Solution.
01-24-2012 09:09 AM
Sorry but I have one more questions,
How do you login to ACS with a ACS account?
01-24-2012 09:07 AM
I'm wondering if that is bug? I made sure when I created the role that there are no spaces.
01-24-2012 09:10 AM
for the ACS-ACS I don't know. Might be able to get an answer in the Security > AAA forum for that.
As for the access, I don't think so, I've just seen where a CR has been hit behind the ALL.
01-24-2012 09:12 AM
OK thanks I'll keep looking for the ACS-ACS issue.
Thanks again for the help
06-05-2013 11:54 AM
Hi Guys,
I am working on a scenario where I need to authenticate WLC users with ACS 5.2 using TACACS.
We have two types of users Network Admin (with full access) and Network Technicians (with read only access).
I have reviewed the below post, however just wondering how can I restrict Network Technicians.
https://supportforums.cisco.com/docs/DOC-14908
Apprecaite your help here.
Thanks,
Asad
06-05-2013 12:20 PM
You can setup multiple roles for a user instead of using ALL. See step 5
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a0080851f7c.shtml#user-setup
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
06-05-2013 12:50 PM
Thanks Scott.
Highly appreciated.
Regards,
Asad
05-05-2014 07:57 AM
I am having almost the same problem. I am able to login CLI but when I login via web it repeatedly asks to login for everything. 3 times to get to the initial screen. If I click anything, asks again. Using ACS 5.1, WLC on 7.0.230.0. Below is debug aaa tacacs:
*tplusTransportThread: May 05 2014 10:48:33.661: Forwarding request to XXXX port=49
*tplusTransportThread: May 05 2014 10:48:33.665: tplus auth response: type=1 seq _no=2 session_id=69126ed2 length=15 encrypted=0
*tplusTransportThread: May 05 2014 10:48:33.665: TPLUS_AUTHEN_STATUS_GETPASS
*tplusTransportThread: May 05 2014 10:48:33.665: auth_cont get_pass reply: pkt_l ength=31
*tplusTransportThread: May 05 2014 10:48:33.665: processTplusAuthResponse: Conti nue auth transaction
*tplusTransportThread: May 05 2014 10:48:34.966: tplus auth response: type=1 seq _no=4 session_id=69126ed2 length=6 encrypted=0
*tplusTransportThread: May 05 2014 10:48:34.966: tplus_make_author_request() fro m tplus_authen_passed returns rc=0
*tplusTransportThread: May 05 2014 10:48:34.966: Forwarding request to XXXX port=49
*tplusTransportThread: May 05 2014 10:48:34.970: author response body: status=1 arg_cnt=1 msg_len=0 data_len=0
*tplusTransportThread: May 05 2014 10:48:34.970: arg[0] = [9][role1=ALL]
*tplusTransportThread: May 05 2014 10:48:34.970:
User has the following mgmtRole fffffff8
*tplusTransportThread: May 05 2014 10:48:36.271: Forwarding request to XXXXX port=49
*tplusTransportThread: May 05 2014 10:48:36.274: tplus auth response: type=1 seq_no=2 session_id=de551272 length=15 encrypted=0
*tplusTransportThread: May 05 2014 10:48:36.274: TPLUS_AUTHEN_STATUS_GETPASS
*tplusTransportThread: May 05 2014 10:48:36.274: auth_cont get_pass reply: pkt_length=31
*tplusTransportThread: May 05 2014 10:48:36.274: processTplusAuthResponse: Continue auth transaction
*tplusTransportThread: May 05 2014 10:48:37.575: tplus auth response: type=1 seq_no=4 session_id=de551272 length=6 encrypted=0
*tplusTransportThread: May 05 2014 10:48:38.877: Forwarding request to XXXXX port=49
*tplusTransportThread: May 05 2014 10:48:38.880: tplus auth response: type=1 seq_no=2 session_id=dff2befa length=15 encrypted=0
*tplusTransportThread: May 05 2014 10:48:38.880: TPLUS_AUTHEN_STATUS_GETPASS
*tplusTransportThread: May 05 2014 10:48:38.880: auth_cont get_pass reply: pkt_length=31
*tplusTransportThread: May 05 2014 10:48:38.880: processTplusAuthResponse: Continue auth transaction
*tplusTransportThread: May 05 2014 10:48:40.181: tplus auth response: type=1 seq_no=4 session_id=dff2befa length=6 encrypted=0
*tplusTransportThread: May 05 2014 10:50:52.896: Forwarding request to XXXXX port=49
*tplusTransportThread: May 05 2014 10:50:52.900: tplus auth response: type=1 seq_no=2 session_id=dc608a4f length=15 encrypted=0
*tplusTransportThread: May 05 2014 10:50:52.900: TPLUS_AUTHEN_STATUS_GETPASS
*tplusTransportThread: May 05 2014 10:50:52.900: auth_cont get_pass reply: pkt_length=31
*tplusTransportThread: May 05 2014 10:50:52.900: processTplusAuthResponse: Continue auth transaction
*tplusTransportThread: May 05 2014 10:50:54.201: tplus auth response: type=1 seq_no=4 session_id=dc608a4f length=6
*tplusTransportThread: May 05 2014 10:50:54.201: tplus_make_author_request() from tplus_authen_passed returns rc=0
*tplusTransportThread: May 05 2014 10:50:54.201: Forwarding request to XXXXX port=49
*tplusTransportThread: May 05 2014 10:50:54.206: author response body: status=1 arg_cnt=1 msg_len=0 data_len=0
*tplusTransportThread: May 05 2014 10:50:54.206: arg[0] = [9][role1=ALL]
*tplusTransportThread: May 05 2014 10:50:54.206:
User has the following mgmtRole fffffff8
*tplusTransportThread: May 05 2014 10:50:55.506: Forwarding request to XXXXX port=49
*tplusTransportThread: May 05 2014 10:50:55.509: tplus auth response: type=1 seq_no=2 session_id=37f5378b length=15
*tplusTransportThread: May 05 2014 10:50:55.509: TPLUS_AUTHEN_STATUS_GETPASS
*tplusTransportThread: May 05 2014 10:50:55.509: auth_cont get_pass reply: pkt_length=31
*tplusTransportThread: May 05 2014 10:50:55.509: processTplusAuthResponse: Continue auth transaction
*tplusTransportThread: May 05 2014 10:50:56.810: tplus auth response: type=1 seq_no=4 session_id=37f5378b length=6
*tplusTransportThread: May 05 2014 10:50:58.111: Forwarding request to XXXX port=49
*tplusTransportThread: May 05 2014 10:50:58.114: tplus auth response: type=1 seq_no=2 session_id=8dbc6771 length=15
*tplusTransportThread: May 05 2014 10:50:58.114: TPLUS_AUTHEN_STATUS_GETPASS
*tplusTransportThread: May 05 2014 10:50:58.114: auth_cont get_pass reply: pkt_length=31
*tplusTransportThread: May 05 2014 10:50:58.114: processTplusAuthResponse: Continue auth transaction
*tplusTransportThread: May 05 2014 10:50:59.415: tplus auth response: type=1 seq_no=4 session_id=8dbc6771 length=6
*tplusTransportThread: May 05 2014 10:51:24.134: Forwarding request to XXXX port=49
*tplusTransportThread: May 05 2014 10:51:24.139: tplus auth response: type=1 seq_no=2 session_id=0d5d6dd0 length=15
*tplusTransportThread: May 05 2014 10:51:24.139: TPLUS_AUTHEN_STATUS_GETPASS
*tplusTransportThread: May 05 2014 10:51:24.139: auth_cont get_pass reply: pkt_length=31
*tplusTransportThread: May 05 2014 10:51:24.139: processTplusAuthResponse: Conti
*tplusTransportThread: May 05 2014 10:51:25.439: tplus auth response: type=1 seq
*tplusTransportThread: May 05 2014 10:51:25.439: tplus_make_author_request() fro
*tplusTransportThread: May 05 2014 10:51:25.439: Forwarding request to XXXX
*tplusTransportThread: May 05 2014 10:51:25.443: author response body: status=1
*tplusTransportThread: May 05 2014 10:51:25.443: arg[0] = [9][role1=ALL]
*tplusTransportThread: May 05 2014 10:51:25.443:
User has the following mgmtRole
*tplusTransportThread: May 05 2014 10:51:26.744: Forwarding request to XXXXX
*tplusTransportThread: May 05 2014 10:51:26.747: tplus auth response: type=1 seq
*tplusTransportThread: May 05 2014 10:51:26.747: TPLUS_AUTHEN_STATUS_GETPASS
*tplusTransportThread: May 05 2014 10:51:26.747: auth_cont get_pass reply: pkt_l
*tplusTransportThread: May 05 2014 10:51:26.747: processTplusAuthResponse: Conti
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide