Solved: WLC login using ACS 5.1 - Page 2

jmarshman · ‎01-24-2012

Hello,

I was wondering if anyone has successfully managed to configure ACS 5.1 to accept login request from a 5500 WLC?

I've managed to get it configured following the follow link https://supportforums.cisco.com/docs/DOC-14908
but when I try to login to the WLC using my ACS credentials I just get the login screen again. I've checked the ACS logs and it says my username has passed the authentication process and it matches all the rules I've set. The only thing I've noticed is my "Privilege Level" is only 1 but I'm not sure if thats correct for a http login.

Any help would be appreciated.

jmarshman · ‎01-24-2012

Sorry but I have one more questions,

How do you login to ACS with a ACS account?

jmarshman · ‎01-24-2012

I'm wondering if that is bug? I made sure when I created the role that there are no spaces.

Stephen Rodriguez · ‎01-24-2012

for the ACS-ACS I don't know. Might be able to get an answer in the Security > AAA forum for that.

As for the access, I don't think so, I've just seen where a CR has been hit behind the ALL.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

jmarshman · ‎01-24-2012

OK thanks I'll keep looking for the ACS-ACS issue.

Thanks again for the help

asadhasan · ‎06-05-2013

Hi Guys,

I am working on a scenario where I need to authenticate WLC users with ACS 5.2 using TACACS.

We have two types of users Network Admin (with full access) and Network Technicians (with read only access).

I have reviewed the below post, however just wondering how can I restrict Network Technicians.

https://supportforums.cisco.com/docs/DOC-14908

Apprecaite your help here.

Thanks,

Asad

Scott Fella · ‎06-05-2013

You can setup multiple roles for a user instead of using ALL. See step 5

In the text box below Custom attributes, enter this text if the user created needs access only to WLAN, SECURITY and CONTROLLER: role1=WLAN role2=SECURITY role3=CONTROLLER.If the user needs access only to the SECURITY tab, enter this text: role1=SECURITY.The role corresponds to the seven menu bar items in the controller web GUI. The menu bar items are MONITOR, WLAN, CONTROLLER, WIRELESS, SECURITY, MANAGEMENT and COMMAND.
Enter the role that a user needs for role1, role2 and so on. If a user needs all the roles, then the keyword ALL should be used. For the lobby admin role, the keyword LOBBY should be used.

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a0080851f7c.shtml#user-setup

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

asadhasan · ‎06-05-2013

Thanks Scott.

Highly appreciated.

Regards,

Asad

nathan.ollis · ‎05-05-2014

I am having almost the same problem. I am able to login CLI but when I login via web it repeatedly asks to login for everything. 3 times to get to the initial screen. If I click anything, asks again. Using ACS 5.1, WLC on 7.0.230.0. Below is debug aaa tacacs:

*tplusTransportThread: May 05 2014 10:48:33.661: Forwarding request to XXXX port=49

*tplusTransportThread: May 05 2014 10:48:33.665: tplus auth response: type=1 seq _no=2 session_id=69126ed2 length=15 encrypted=0

*tplusTransportThread: May 05 2014 10:48:33.665: TPLUS_AUTHEN_STATUS_GETPASS

*tplusTransportThread: May 05 2014 10:48:33.665: auth_cont get_pass reply: pkt_l ength=31

*tplusTransportThread: May 05 2014 10:48:33.665: processTplusAuthResponse: Conti nue auth transaction
*tplusTransportThread: May 05 2014 10:48:34.966: tplus auth response: type=1 seq _no=4 session_id=69126ed2 length=6 encrypted=0

*tplusTransportThread: May 05 2014 10:48:34.966: tplus_make_author_request() fro m tplus_authen_passed returns rc=0

*tplusTransportThread: May 05 2014 10:48:34.966: Forwarding request to XXXX port=49

*tplusTransportThread: May 05 2014 10:48:34.970: author response body: status=1 arg_cnt=1 msg_len=0 data_len=0

*tplusTransportThread: May 05 2014 10:48:34.970: arg[0] = [9][role1=ALL]

*tplusTransportThread: May 05 2014 10:48:34.970:
User has the following mgmtRole fffffff8
*tplusTransportThread: May 05 2014 10:48:36.271: Forwarding request to XXXXX port=49

*tplusTransportThread: May 05 2014 10:48:36.274: tplus auth response: type=1 seq_no=2 session_id=de551272 length=15 encrypted=0

*tplusTransportThread: May 05 2014 10:48:36.274: TPLUS_AUTHEN_STATUS_GETPASS

*tplusTransportThread: May 05 2014 10:48:36.274: auth_cont get_pass reply: pkt_length=31

*tplusTransportThread: May 05 2014 10:48:36.274: processTplusAuthResponse: Continue auth transaction
*tplusTransportThread: May 05 2014 10:48:37.575: tplus auth response: type=1 seq_no=4 session_id=de551272 length=6 encrypted=0

*tplusTransportThread: May 05 2014 10:48:38.877: Forwarding request to XXXXX port=49

*tplusTransportThread: May 05 2014 10:48:38.880: tplus auth response: type=1 seq_no=2 session_id=dff2befa length=15 encrypted=0

*tplusTransportThread: May 05 2014 10:48:38.880: TPLUS_AUTHEN_STATUS_GETPASS

*tplusTransportThread: May 05 2014 10:48:38.880: auth_cont get_pass reply: pkt_length=31

*tplusTransportThread: May 05 2014 10:48:38.880: processTplusAuthResponse: Continue auth transaction
*tplusTransportThread: May 05 2014 10:48:40.181: tplus auth response: type=1 seq_no=4 session_id=dff2befa length=6 encrypted=0

*tplusTransportThread: May 05 2014 10:50:52.896: Forwarding request to XXXXX port=49

*tplusTransportThread: May 05 2014 10:50:52.900: tplus auth response: type=1 seq_no=2 session_id=dc608a4f length=15 encrypted=0

*tplusTransportThread: May 05 2014 10:50:52.900: TPLUS_AUTHEN_STATUS_GETPASS

*tplusTransportThread: May 05 2014 10:50:52.900: auth_cont get_pass reply: pkt_length=31

*tplusTransportThread: May 05 2014 10:50:52.900: processTplusAuthResponse: Continue auth transaction
*tplusTransportThread: May 05 2014 10:50:54.201: tplus auth response: type=1 seq_no=4 session_id=dc608a4f length=6

*tplusTransportThread: May 05 2014 10:50:54.201: tplus_make_author_request() from tplus_authen_passed returns rc=0

*tplusTransportThread: May 05 2014 10:50:54.201: Forwarding request to XXXXX port=49

*tplusTransportThread: May 05 2014 10:50:54.206: author response body: status=1 arg_cnt=1 msg_len=0 data_len=0

*tplusTransportThread: May 05 2014 10:50:54.206: arg[0] = [9][role1=ALL]

*tplusTransportThread: May 05 2014 10:50:54.206:
User has the following mgmtRole fffffff8
*tplusTransportThread: May 05 2014 10:50:55.506: Forwarding request to XXXXX port=49

*tplusTransportThread: May 05 2014 10:50:55.509: tplus auth response: type=1 seq_no=2 session_id=37f5378b length=15

*tplusTransportThread: May 05 2014 10:50:55.509: TPLUS_AUTHEN_STATUS_GETPASS

*tplusTransportThread: May 05 2014 10:50:55.509: auth_cont get_pass reply: pkt_length=31

*tplusTransportThread: May 05 2014 10:50:55.509: processTplusAuthResponse: Continue auth transaction
*tplusTransportThread: May 05 2014 10:50:56.810: tplus auth response: type=1 seq_no=4 session_id=37f5378b length=6

*tplusTransportThread: May 05 2014 10:50:58.111: Forwarding request to XXXX port=49

*tplusTransportThread: May 05 2014 10:50:58.114: tplus auth response: type=1 seq_no=2 session_id=8dbc6771 length=15

*tplusTransportThread: May 05 2014 10:50:58.114: TPLUS_AUTHEN_STATUS_GETPASS

*tplusTransportThread: May 05 2014 10:50:58.114: auth_cont get_pass reply: pkt_length=31

*tplusTransportThread: May 05 2014 10:50:58.114: processTplusAuthResponse: Continue auth transaction
*tplusTransportThread: May 05 2014 10:50:59.415: tplus auth response: type=1 seq_no=4 session_id=8dbc6771 length=6

*tplusTransportThread: May 05 2014 10:51:24.134: Forwarding request to XXXX port=49

*tplusTransportThread: May 05 2014 10:51:24.139: tplus auth response: type=1 seq_no=2 session_id=0d5d6dd0 length=15

*tplusTransportThread: May 05 2014 10:51:24.139: TPLUS_AUTHEN_STATUS_GETPASS

*tplusTransportThread: May 05 2014 10:51:24.139: auth_cont get_pass reply: pkt_length=31

*tplusTransportThread: May 05 2014 10:51:24.139: processTplusAuthResponse: Conti
*tplusTransportThread: May 05 2014 10:51:25.439: tplus auth response: type=1 seq

*tplusTransportThread: May 05 2014 10:51:25.439: tplus_make_author_request() fro

*tplusTransportThread: May 05 2014 10:51:25.439: Forwarding request to XXXX
*tplusTransportThread: May 05 2014 10:51:25.443: author response body: status=1

*tplusTransportThread: May 05 2014 10:51:25.443: arg[0] = [9][role1=ALL]

*tplusTransportThread: May 05 2014 10:51:25.443:
User has the following mgmtRole
*tplusTransportThread: May 05 2014 10:51:26.744: Forwarding request to XXXXX

*tplusTransportThread: May 05 2014 10:51:26.747: tplus auth response: type=1 seq

*tplusTransportThread: May 05 2014 10:51:26.747: TPLUS_AUTHEN_STATUS_GETPASS

*tplusTransportThread: May 05 2014 10:51:26.747: auth_cont get_pass reply: pkt_l

*tplusTransportThread: May 05 2014 10:51:26.747: processTplusAuthResponse: Conti