TACACS Authentication on WCS6.0

Unanswered Question
Jul 2nd, 2009
User Badges:


I've configured WCS6.0 to authenticate the useres against the Cisco ACS.

I've assigned all tasks from "root"-group to my user profile on the ACS, so I should have the sames rights as the local root-user.

Now, when I try to view the audit-report I get

"Permission Denied

You do not have privileges for the requested operation."

Does anyone know the reason for this?

BTW: Same happens when I try to open "AP Timers" under the Confgure->Controllers dialog.

Regards Dirk

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Lucien Avramov Fri, 07/03/2009 - 18:32
User Badges:
  • Red, 2250 points or more

Make sure you are using root for the virtual domain on the upper right corner of WCS. If your roles in ACS are configured right, it should work.

Dirk Woellhaf Mon, 07/06/2009 - 02:49
User Badges:

Just using the Root-Domain, no other domains configured.

Copied the properties of the root-group exactly to the ACS configuration.


Lucien Avramov Mon, 07/06/2009 - 23:29
User Badges:
  • Red, 2250 points or more

There must be something wrong either on the WCS or ACS config.

If you feel the configuration you made is exactly step by step following :




Then open a TAC case. Usually the errors come from not configuring the virtual domains correctly, or misconfiguration on the ACS. At this point there are no bugs with WCS 6.0 and the integration with ACS.

Also, ACS 4.2 is the higher supported version. ACS express 5 neither ACS 5 are supported.

Dirk Woellhaf Tue, 07/07/2009 - 04:48
User Badges:


did it exactly as specified in the documents.

Still the same error. Nothing in the error-log on the ACS.

Using ACS 4.1.(4) Build 13 Patch 11

Any ideas?

c.yeo Mon, 07/20/2009 - 09:44
User Badges:

I'm trying to use TACACS in our WCS/WLCs to authenticate to our ACS 5 server with no luck either. I can't find any step-by-step docs anywhere. We upgraded the WCS to verison in hopes this would help, but we are still stuck.

Also tried upgrading the WLCs to with no better luck.

I get errors like this in the WLC logs:

Jul 20 17:05:39.928: %EMWEB-1-LOGIN_FAILED: ews_auth.c:2106 Login failed. User:xxxxx Service-Type is not present or it doesn't allow READ/WRITE permission

Any ideas?

WCS 6 has additional tasks listed (59 total) vs previous versions which only had about 45 in the task list. I was having issues with certain areas as well, but went into the AAA, Root export list and copied the new task list with al 59 and copied to the ACS atrributes under tacacs - no more problems.


This Discussion



Trending Topics - Security & Network