01-12-2009 07:20 PM - edited 07-03-2021 04:58 PM
When I web browse to a WLC I enter my username and password. However it keeps propting me as though the login is incorrect. When I check the ACS server it is showing successful login attempts. Why would the ACS successfully authenticate but the WLC still stops me from accessing it?
01-13-2009 04:24 PM
This is the log from the WLC. On the ACS it says it has passed. I have altered to the username field below.
*Jan 13 02:27:09.532: %EMWEB-1-LOGIN_FAILED: ews_auth.c:2092 Login failed. User:Johnsmith. Service-Type is not present or it doesn't allow READ/WRITE permission..
01-14-2009 12:42 AM
Hi Danhosking,
You need to set roles for the user in the ACS. Read this document under "Configure TACACS+ on the ACS":
http://www.cisco.com/en/US/docs/wireless/controller/5.2/configuration/guide/c52sol.html#wp1422107
After thats done, you should be able to login to the WLC.
Good luck!
Johan
01-14-2009 02:18 PM
Hi,
The roll has been set for Admin with no luck. I raised a TAC case and it seems the WCS and WLC are casuing a conflict when they are both set up to authenticat management users to the ACS. If just the WLC and ACS are configured it works, or just he WCS and ACS it works but not both. I will update when I have a work around.
01-14-2009 11:54 PM
Hi,
I didn't know about that issue you describe. A workaround could be to use Radius in WCS and TACACS+ for WLC. That should work.
01-17-2009 09:33 AM
The problem is that in ACS you can only specify one device to either use radius or tacacs. So if you are authenticating users in the wlc to use that ACS server, then you can't setup tacacs also. You need to setup the wlc to use radius.
03-21-2011 05:37 AM
For anyone searching for this, check the RADIUS shared key. Try something small and easy.
We found that having a complex key often causes problems. Test with test.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: